| blob | 603e043af40ba164874e081ce1eeb746edccd802 |
1 /*-------------------------------------------------------------------------
2 *
3 * connection.c
4 * Connection management functions for postgres_fdw
5 *
6 * Portions Copyright (c) 2012-2024, PostgreSQL Global Development Group
7 *
8 * IDENTIFICATION
9 * contrib/postgres_fdw/connection.c
10 *
11 *-------------------------------------------------------------------------
12 */
35 /*
36 * Connection cache hash table entry
37 *
38 * The lookup key in this hash table is the user mapping OID. We use just one
39 * connection per user mapping ID, which ensures that all the scans use the
40 * same snapshot during a query. Using the user mapping OID rather than
41 * the foreign server OID + user OID avoids creating multiple connections when
42 * the public user mapping applies to all user OIDs.
43 *
44 * The "conn" pointer can be NULL if we don't currently have a live connection.
45 * When we do have a connection, xact_depth tracks the current depth of
46 * transactions and subtransactions open on the remote side. We need to issue
47 * commands at the same nesting depth on the remote as we're executing at
48 * ourselves, so that rolling back a subtransaction will kill the right
49 * queries and not the wrong ones.
50 */
54 {
57 /* Remaining fields are invalid when conn is NULL: */
59 * one level of subxact open, etc */
67 * server option */
74 /*
75 * Connection cache (initialized on first use)
76 */
79 /* for assigning cursor numbers and prepared statement numbers */
83 /* tracks whether any work is needed in callback functions */
86 /* custom wait event values, retrieved from shared memory */
91 /*
92 * Milliseconds to wait to cancel an in-progress query or execute a cleanup
93 * query; if it takes longer than 30 seconds to do these, we assume the
94 * connection is dead.
95 */
96 #define CONNECTION_CLEANUP_TIMEOUT 30000
98 /* Macro for constructing abort command to be sent */
99 #define CONSTRUCT_ABORT_COMMAND(sql, entry, toplevel) \
100 do { \
101 if (toplevel) \
102 snprintf((sql), sizeof(sql), \
104 else \
105 snprintf((sql), sizeof(sql), \
107 (entry)->xact_depth, (entry)->xact_depth); \
108 } while(0)
110 /*
111 * SQL functions
112 */
117 /* prototypes of private functions */
129 SubTransactionId mySubid,
130 SubTransactionId parentSubid,
143 TimestampTz endtime,
163 /*
164 * Get a PGconn which can be used to execute queries on the remote PostgreSQL
165 * server with the user's authorization. A new connection is established
166 * if we don't already have a suitable one, and a transaction is opened at
167 * the right subtransaction nesting depth if we didn't do that already.
168 *
169 * will_prep_stmt must be true if caller intends to create any prepared
170 * statements. Since those don't go away automatically at transaction end
171 * (not even on error), we need this flag to cue manual cleanup.
172 *
173 * If state is not NULL, *state receives the per-connection state associated
174 * with the PGconn.
175 */
176 PGconn *
178 {
182 ConnCacheKey key;
185 /* First time through, initialize connection cache hashtable */
187 {
188 HASHCTL ctl;
191 pgfdw_we_get_result =
200 /*
201 * Register some callback functions that manage connection cleanup.
202 * This should be done just once in each backend.
203 */
210 }
212 /* Set flag that we did GetConnection during the current transaction */
215 /* Create hash key for the entry. Assume no pad bytes in key struct */
218 /*
219 * Find or create cached entry for requested connection.
220 */
223 {
224 /*
225 * We need only clear "conn" here; remaining fields will be filled
226 * later when "conn" is set.
227 */
229 }
231 /* Reject further use of connections which failed abort cleanup. */
234 /*
235 * If the connection needs to be remade due to invalidation, disconnect as
236 * soon as we're out of all transactions.
237 */
239 {
243 }
245 /*
246 * If cache entry doesn't have a connection, we have to establish a new
247 * connection. (If connect_pg_server throws an error, the cache entry
248 * will remain in a valid empty state, ie conn == NULL.)
249 */
253 /*
254 * We check the health of the cached connection here when using it. In
255 * cases where we're out of all transactions, if a broken connection is
256 * detected, we try to reestablish a new connection later.
257 */
259 {
260 /* Process a pending asynchronous request if any. */
263 /* Start a new transaction or subtransaction if needed. */
265 }
267 {
271 /*
272 * Determine whether to try to reestablish the connection.
273 *
274 * After a broken connection is detected in libpq, any error other
275 * than connection failure (e.g., out-of-memory) can be thrown
276 * somewhere between return from libpq and the expected ereport() call
277 * in pgfdw_report_error(). In this case, since PQstatus() indicates
278 * CONNECTION_BAD, checking only PQstatus() causes the false detection
279 * of connection failure. To avoid this, we also verify that the
280 * error's sqlstate is ERRCODE_CONNECTION_FAILURE. Note that also
281 * checking only the sqlstate can cause another false detection
282 * because pgfdw_report_error() may report ERRCODE_CONNECTION_FAILURE
283 * for any libpq-originated error condition.
284 */
288 {
291 }
293 /* Clean up the error state */
299 }
302 /*
303 * If a broken connection is detected, disconnect it, reestablish a new
304 * connection and retry a new remote transaction. If connection failure is
305 * reported again, we give up getting a connection.
306 */
308 {
323 }
325 /* Remember if caller will prepare statements */
328 /* If caller needs access to the per-connection state, return it. */
333 }
335 /*
336 * Reset all transient state fields in the cached connection entry and
337 * establish new connection to the remote server.
338 */
339 static void
341 {
347 /* Reset all transient state fields, to be sure all are clean */
362 /*
363 * Determine whether to keep the connection that we're about to make here
364 * open even after the transaction using it ends, so that the subsequent
365 * transactions can re-use it.
366 *
367 * By default, all the connections to any foreign servers are kept open.
368 *
369 * Also determine whether to commit/abort (sub)transactions opened on the
370 * remote server in parallel at (sub)transaction end, which is disabled by
371 * default.
372 *
373 * Note: it's enough to determine these only when making a new connection
374 * because if these settings for it are changed, it will be closed and
375 * re-made later.
376 */
381 {
390 }
392 /* Now try to make the connection */
395 elog(DEBUG3, "new postgres_fdw connection %p for server \"%s\" (user mapping oid %u, userid %u)",
397 }
399 /*
400 * Check that non-superuser has used password or delegated credentials
401 * to establish connection; otherwise, he's piggybacking on the
402 * postgres server's user identity. See also dblink_security_check()
403 * in contrib/dblink and check_conn_params.
404 */
405 static void
406 pgfdw_security_check(const char **keywords, const char **values, UserMapping *user, PGconn *conn)
407 {
408 /* Superusers bypass the check */
412 #ifdef ENABLE_GSS
413 /* Connected via GSSAPI with delegated credentials- all good. */
416 #endif
418 /* Ok if superuser set PW required false. */
422 /* Connected via PW, with PW required true, and provided non-empty PW. */
424 {
425 /* ok if params contain a non-empty password */
427 {
430 }
431 }
436 errdetail("Non-superuser cannot connect if the server does not request a password or use GSSAPI with delegated credentials."),
437 errhint("Target server's authentication method must be changed or password_required=false set in the user mapping attributes.")));
438 }
440 /*
441 * Connect to remote server using specified server and user mapping properties.
442 */
445 {
448 /*
449 * Use PG_TRY block to ensure closing connection on error.
450 */
452 {
458 /*
459 * Construct connection params from generic options of ForeignServer
460 * and UserMapping. (Some of them might not be libpq options, in
461 * which case we'll just waste a few array slots.) Add 4 extra slots
462 * for application_name, fallback_application_name, client_encoding,
463 * end marker.
464 */
475 /*
476 * Use pgfdw_application_name as application_name if set.
477 *
478 * PQconnectdbParams() processes the parameter arrays from start to
479 * end. If any key word is repeated, the last value is used. Therefore
480 * note that pgfdw_application_name must be added to the arrays after
481 * options of ForeignServer are, so that it can override
482 * application_name set in ForeignServer.
483 */
485 {
488 n++;
489 }
491 /*
492 * Search the parameter arrays to find application_name setting, and
493 * replace escape sequences in it with status information if found.
494 * The arrays are searched backwards because the last value is used if
495 * application_name is repeatedly set.
496 */
498 {
501 {
502 /*
503 * Use this application_name setting if it's not empty string
504 * even after any escape sequences in it are replaced.
505 */
508 {
511 }
513 /*
514 * This empty application_name is not used, so we set
515 * values[i] to NULL and keep searching the array to find the
516 * next one.
517 */
521 }
522 }
524 /* Use "postgres_fdw" as fallback_application_name */
527 n++;
529 /* Set client_encoding so that libpq can convert encoding properly. */
532 n++;
536 /* verify the set of connection parameters */
539 /* first time, allocate or get the custom wait event */
543 /* OK to make connection */
546 pgfdw_we_connect);
555 /* Perform post-connection security checks */
558 /* Prepare new session for use */
565 }
567 {
570 }
574 }
576 /*
577 * Disconnect any open connection for a connection cache entry.
578 */
579 static void
581 {
583 {
586 }
587 }
589 /*
590 * Return true if the password_required is defined and false for this user
591 * mapping, otherwise false. The mapping has been pre-validated.
592 */
593 static bool
595 {
599 {
604 }
607 }
609 /*
610 * For non-superusers, insist that the connstr specify a password or that the
611 * user provided their own GSSAPI delegated credentials. This
612 * prevents a password from being picked up from .pgpass, a service file, the
613 * environment, etc. We don't want the postgres user's passwords,
614 * certificates, etc to be accessible to non-superusers. (See also
615 * dblink_connstr_check in contrib/dblink.)
616 */
617 static void
619 {
622 /* no check required if superuser */
626 #ifdef ENABLE_GSS
627 /* ok if the user provided their own delegated credentials */
630 #endif
632 /* ok if params contain a non-empty password */
634 {
637 }
639 /* ok if the superuser explicitly said so at user mapping creation time */
646 errdetail("Non-superusers must delegate GSSAPI credentials or provide a password in the user mapping.")));
647 }
649 /*
650 * Issue SET commands to make sure remote session is configured properly.
651 *
652 * We do this just once at connection, assuming nothing will change the
653 * values later. Since we'll never send volatile function calls to the
654 * remote, there shouldn't be any way to break this assumption from our end.
655 * It's possible to think of ways to break it at the remote end, eg making
656 * a foreign table point to a view that includes a set_config call ---
657 * but once you admit the possibility of a malicious view definition,
658 * there are any number of ways to break things.
659 */
660 static void
662 {
665 /* Force the search path to contain only pg_catalog (see deparse.c) */
668 /*
669 * Set remote timezone; this is basically just cosmetic, since all
670 * transmitted and returned timestamptzs should specify a zone explicitly
671 * anyway. However it makes the regression test outputs more predictable.
672 *
673 * We don't risk setting remote zone equal to ours, since the remote
674 * server might use a different timezone database. Instead, use UTC
675 * (quoted, because very old servers are picky about case).
676 */
679 /*
680 * Set values needed to ensure unambiguous data output from remote. (This
681 * logic should match what pg_dump does. See also set_transmission_modes
682 * in postgres_fdw.c.)
683 */
689 else
691 }
693 /*
694 * Convenience subroutine to issue a non-data-returning SQL command to remote
695 */
696 void
698 {
701 }
703 static void
705 {
708 }
710 static void
712 {
715 /*
716 * If requested, consume whatever data is available from the socket. (Note
717 * that if all data is available, this allows pgfdw_get_result to call
718 * PQgetResult without forcing the overhead of WaitLatchOrSocket, which
719 * would be large compared to the overhead of PQconsumeInput.)
720 */
727 }
729 /*
730 * Start remote transaction or subtransaction, if needed.
731 *
732 * Note that we always use at least REPEATABLE READ in the remote session.
733 * This is so that, if a query initiates multiple scans of the same or
734 * different foreign tables, we will get snapshot-consistent results from
735 * those scans. A disadvantage is that we can't provide sane emulation of
736 * READ COMMITTED behavior --- it would be nice if we had some other way to
737 * control which remote queries share a snapshot.
738 */
739 static void
741 {
744 /* Start main transaction if we haven't yet */
746 {
754 else
760 }
762 /*
763 * If we're in a subtransaction, stack up savepoints to match our level.
764 * This ensures we can rollback just the desired effects when a
765 * subtransaction aborts.
766 */
768 {
776 }
777 }
779 /*
780 * Release connection reference count created by calling GetConnection.
781 */
782 void
784 {
785 /*
786 * Currently, we don't actually track connection references because all
787 * cleanup is managed on a transaction or subtransaction basis instead. So
788 * there's nothing to do here.
789 */
790 }
792 /*
793 * Assign a "unique" number for a cursor.
794 *
795 * These really only need to be unique per connection within a transaction.
796 * For the moment we ignore the per-connection point and assign them across
797 * all connections in the transaction, but we ask for the connection to be
798 * supplied in case we want to refine that.
799 *
800 * Note that even if wraparound happens in a very long transaction, actual
801 * collisions are highly improbable; just be sure to use %u not %d to print.
802 */
803 unsigned int
805 {
807 }
809 /*
810 * Assign a "unique" number for a prepared statement.
811 *
812 * This works much like GetCursorNumber, except that we never reset the counter
813 * within a session. That's because we can't be 100% sure we've gotten rid
814 * of all prepared statements on all connections, and it's not really worth
815 * increasing the risk of prepared-statement name collisions by resetting.
816 */
817 unsigned int
819 {
821 }
823 /*
824 * Submit a query and wait for the result.
825 *
826 * Since we don't use non-blocking mode, this can't process interrupts while
827 * pushing the query text to the server. That risk is relatively small, so we
828 * ignore that for now.
829 *
830 * Caller is responsible for the error handling on the result.
831 */
832 PGresult *
834 {
835 /* First, process a pending asynchronous request, if any. */
842 }
844 /*
845 * Wrap libpqsrv_get_result_last(), adding wait event.
846 *
847 * Caller is responsible for the error handling on the result.
848 */
849 PGresult *
851 {
853 }
855 /*
856 * Report an error we got from the remote server.
857 *
858 * elevel: error level to use (typically ERROR, but might be less)
859 * res: PGresult containing the error
860 * conn: connection we did the query on
861 * clear: if true, PQclear the result (otherwise caller will handle it)
862 * sql: NULL, or text of remote command we tried to execute
863 *
864 * Note: callers that choose not to throw ERROR for a remote error are
865 * responsible for making sure that the associated ConnCacheEntry gets
866 * marked with have_error = true.
867 */
868 void
871 {
872 /* If requested, PGresult must be released before leaving this function. */
874 {
888 else
891 /*
892 * If we don't get a message from the PGresult, try the PGconn. This
893 * is needed because for connection-level failures, PQgetResult may
894 * just return NULL, not a PGresult at all.
895 */
908 }
910 {
913 }
915 }
917 /*
918 * pgfdw_xact_callback --- cleanup at main-transaction end.
919 *
920 * This runs just late enough that it must not enter user-defined code
921 * locally. (Entering such code on the remote side is fine. Its remote
922 * COMMIT TRANSACTION may run deferred triggers.)
923 */
924 static void
926 {
927 HASH_SEQ_STATUS scan;
932 /* Quick exit if no connections were touched in this transaction. */
936 /*
937 * Scan all connection cache entries to find open remote transactions, and
938 * close them.
939 */
942 {
945 /* Ignore cache entry if no open connection right now */
949 /* If it has an open remote transaction, try to close it */
951 {
956 {
960 /*
961 * If abort cleanup previously failed for this connection,
962 * we can't issue any more commands against it.
963 */
966 /* Commit all remote transactions during pre-commit */
969 {
973 }
977 /*
978 * If there were any errors in subtransactions, and we
979 * made prepared statements, do a DEALLOCATE ALL to make
980 * sure we get rid of all prepared statements. This is
981 * annoying and not terribly bulletproof, but it's
982 * probably not worth trying harder.
983 *
984 * DEALLOCATE ALL only exists in 8.3 and later, so this
985 * constrains how old a server postgres_fdw can
986 * communicate with. We intentionally ignore errors in
987 * the DEALLOCATE, so that we can hobble along to some
988 * extent with older servers (leaking prepared statements
989 * as we go; but we don't really support update operations
990 * pre-8.3 anyway).
991 */
993 {
995 NULL);
997 }
1003 /*
1004 * We disallow any remote transactions, since it's not
1005 * very reasonable to hold them open until the prepared
1006 * transaction is committed. For the moment, throw error
1007 * unconditionally; later we might allow read-only cases.
1008 * Note that the error will cause us to come right back
1009 * here with event == XACT_EVENT_ABORT, so we'll clean up
1010 * the connection state at that point.
1011 */
1019 /* Pre-commit should have closed the open transaction */
1024 /* Rollback all remote transactions during abort */
1026 {
1031 }
1032 else
1035 }
1036 }
1038 /* Reset state to show we're out of a transaction */
1040 }
1042 /* If there are any pending connections, finish cleaning them up */
1044 {
1047 {
1050 }
1051 else
1052 {
1057 }
1058 }
1060 /*
1061 * Regardless of the event type, we can now mark ourselves as out of the
1062 * transaction. (Note: if we are here during PRE_COMMIT or PRE_PREPARE,
1063 * this saves a useless scan of the hashtable during COMMIT or PREPARE.)
1064 */
1067 /* Also reset cursor numbering for next transaction */
1069 }
1071 /*
1072 * pgfdw_subxact_callback --- cleanup at subtransaction end.
1073 */
1074 static void
1077 {
1078 HASH_SEQ_STATUS scan;
1084 /* Nothing to do at subxact start, nor after commit. */
1089 /* Quick exit if no connections were touched in this transaction. */
1093 /*
1094 * Scan all connection cache entries to find open remote subtransactions
1095 * of the current level, and close them.
1096 */
1100 {
1103 /*
1104 * We only care about connections with open remote subtransactions of
1105 * the current level.
1106 */
1115 {
1116 /*
1117 * If abort cleanup previously failed for this connection, we
1118 * can't issue any more commands against it.
1119 */
1122 /* Commit all remote subtransactions during pre-commit */
1126 {
1130 }
1133 }
1134 else
1135 {
1136 /* Rollback all remote subtransactions during abort */
1138 {
1143 }
1144 else
1146 }
1148 /* OK, we're outta that level of subtransaction */
1150 }
1152 /* If there are any pending connections, finish cleaning them up */
1154 {
1156 {
1159 }
1160 else
1161 {
1165 }
1166 }
1167 }
1169 /*
1170 * Connection invalidation callback function
1171 *
1172 * After a change to a pg_foreign_server or pg_user_mapping catalog entry,
1173 * close connections depending on that entry immediately if current transaction
1174 * has not used those connections yet. Otherwise, mark those connections as
1175 * invalid and then make pgfdw_xact_callback() close them at the end of current
1176 * transaction, since they cannot be closed in the midst of the transaction
1177 * using them. Closed connections will be remade at the next opportunity if
1178 * necessary.
1179 *
1180 * Although most cache invalidation callbacks blow away all the related stuff
1181 * regardless of the given hashvalue, connections are expensive enough that
1182 * it's worth trying to avoid that.
1183 *
1184 * NB: We could avoid unnecessary disconnection more strictly by examining
1185 * individual option values, but it seems too much effort for the gain.
1186 */
1187 static void
1189 {
1190 HASH_SEQ_STATUS scan;
1195 /* ConnectionHash must exist already, if we're registered */
1198 {
1199 /* Ignore invalid entries */
1203 /* hashvalue == 0 means a cache reset, must clear all state */
1209 {
1210 /*
1211 * Close the connection immediately if it's not used yet in this
1212 * transaction. Otherwise mark it as invalid so that
1213 * pgfdw_xact_callback() can close it at the end of this
1214 * transaction.
1215 */
1217 {
1220 }
1221 else
1223 }
1224 }
1225 }
1227 /*
1228 * Raise an error if the given connection cache entry is marked as being
1229 * in the middle of an xact state change. This should be called at which no
1230 * such change is expected to be in progress; if one is found to be in
1231 * progress, it means that we aborted in the middle of a previous state change
1232 * and now don't know what the remote transaction state actually is.
1233 * Such connections can't safely be further used. Re-establishing the
1234 * connection would change the snapshot and roll back any writes already
1235 * performed, so that's not an option, either. Thus, we must abort.
1236 */
1237 static void
1239 {
1242 /* nothing to do for inactive entries and entries of sane state */
1246 /* make sure this entry is inactive */
1249 /* find server name to be shown in the message below */
1256 }
1258 /*
1259 * Reset state to show we're out of a (sub)transaction.
1260 */
1261 static void
1263 {
1265 {
1266 /* Reset state to show we're out of a transaction */
1269 /*
1270 * If the connection isn't in a good idle state, it is marked as
1271 * invalid or keep_connections option of its server is disabled, then
1272 * discard it to recover. Next GetConnection will open a new
1273 * connection.
1274 */
1280 {
1283 }
1284 }
1285 else
1286 {
1287 /* Reset state to show we're out of a subtransaction */
1289 }
1290 }
1292 /*
1293 * Cancel the currently-in-progress query (whose query text we do not have)
1294 * and ignore the result. Returns true if we successfully cancel the query
1295 * and discard any pending result, and false if not.
1296 *
1297 * It's not a huge problem if we throw an ERROR here, but if we get into error
1298 * recursion trouble, we'll end up slamming the connection shut, which will
1299 * necessitate failing the entire toplevel transaction even if subtransactions
1300 * were used. Try to use WARNING where we can.
1301 *
1302 * XXX: if the query was one sent by fetch_more_data_begin(), we could get the
1303 * query text from the pendingAreq saved in the per-connection state, then
1304 * report the query using it.
1305 */
1306 static bool
1308 {
1309 TimestampTz endtime;
1311 /*
1312 * If it takes too long to cancel the query and discard the result, assume
1313 * the connection is dead.
1314 */
1316 CONNECTION_CLEANUP_TIMEOUT);
1321 }
1323 /*
1324 * Submit a cancel request to the given connection, waiting only until
1325 * the given time.
1326 *
1327 * We sleep interruptibly until we receive confirmation that the cancel
1328 * request has been accepted, and if it is, return true; if the timeout
1329 * lapses without that, or the request fails for whatever reason, return
1330 * false.
1331 */
1332 static bool
1334 {
1343 }
1345 static bool
1347 {
1351 /*
1352 * If requested, consume whatever data is available from the socket. (Note
1353 * that if all data is available, this allows pgfdw_get_cleanup_result to
1354 * call PQgetResult without forcing the overhead of WaitLatchOrSocket,
1355 * which would be large compared to the overhead of PQconsumeInput.)
1356 */
1358 {
1364 }
1366 /* Get and discard the result of the query. */
1368 {
1372 else
1379 }
1383 }
1385 /*
1386 * Submit a query during (sub)abort cleanup and wait up to 30 seconds for the
1387 * result. If the query is executed without error, the return value is true.
1388 * If the query is executed successfully but returns an error, the return
1389 * value is true if and only if ignore_errors is set. If the query can't be
1390 * sent or times out, the return value is false.
1391 *
1392 * It's not a huge problem if we throw an ERROR here, but if we get into error
1393 * recursion trouble, we'll end up slamming the connection shut, which will
1394 * necessitate failing the entire toplevel transaction even if subtransactions
1395 * were used. Try to use WARNING where we can.
1396 */
1397 static bool
1399 {
1400 TimestampTz endtime;
1402 /*
1403 * If it takes too long to execute a cleanup query, assume the connection
1404 * is dead. It's fairly likely that this is why we aborted in the first
1405 * place (e.g. statement timeout, user cancel), so the timeout shouldn't
1406 * be too long.
1407 */
1409 CONNECTION_CLEANUP_TIMEOUT);
1415 }
1417 static bool
1419 {
1422 /*
1423 * Submit a query. Since we don't use non-blocking mode, this also can
1424 * block. But its risk is relatively small, so we ignore that for now.
1425 */
1427 {
1430 }
1433 }
1435 static bool
1439 {
1445 /*
1446 * If requested, consume whatever data is available from the socket. (Note
1447 * that if all data is available, this allows pgfdw_get_cleanup_result to
1448 * call PQgetResult without forcing the overhead of WaitLatchOrSocket,
1449 * which would be large compared to the overhead of PQconsumeInput.)
1450 */
1452 {
1455 }
1457 /* Get the result of the query. */
1459 {
1464 else
1468 }
1470 /* Issue a warning if not successful. */
1472 {
1475 }
1479 }
1481 /*
1482 * Get, during abort cleanup, the result of a query that is in progress. This
1483 * might be a query that is being interrupted by transaction abort, or it might
1484 * be a query that was initiated as part of transaction abort to get the remote
1485 * side back to the appropriate state.
1486 *
1487 * endtime is the time at which we should give up and assume the remote
1488 * side is dead. Returns true if the timeout expired or connection trouble
1489 * occurred, false otherwise. Sets *result except in case of a timeout.
1490 * Sets timed_out to true only when the timeout expired.
1491 */
1492 static bool
1495 {
1501 /* In what follows, do not leak any PGresults on an error. */
1503 {
1505 {
1509 {
1514 /* If timeout has expired, give up, else get sleep time. */
1517 {
1521 }
1523 /* first time, allocate or get the custom wait event */
1527 /* Sleep until there's something to do */
1537 /* Data available in socket? */
1539 {
1541 {
1542 /* connection trouble */
1545 }
1546 }
1547 }
1555 }
1556 exit: ;
1557 }
1559 {
1562 }
1567 else
1570 }
1572 /*
1573 * Abort remote transaction or subtransaction.
1574 *
1575 * "toplevel" should be set to true if toplevel (main) transaction is
1576 * rollbacked, false otherwise.
1577 *
1578 * Set entry->changing_xact_state to false on success, true on failure.
1579 */
1580 static void
1582 {
1585 /*
1586 * Don't try to clean up the connection if we're already in error
1587 * recursion trouble.
1588 */
1592 /*
1593 * If connection is already unsalvageable, don't touch it further.
1594 */
1598 /*
1599 * Mark this connection as in the process of changing transaction state.
1600 */
1603 /* Assume we might have lost track of prepared statements */
1606 /*
1607 * If a command has been submitted to the remote server by using an
1608 * asynchronous execution function, the command might not have yet
1609 * completed. Check to see if a command is still being processed by the
1610 * remote server, and if so, request cancellation of the command.
1611 */
1621 {
1630 }
1632 /*
1633 * If pendingAreq of the per-connection state is not NULL, it means that
1634 * an asynchronous fetch begun by fetch_more_data_begin() was not done
1635 * successfully and thus the per-connection state was not reset in
1636 * fetch_more_data(); in that case reset the per-connection state here.
1637 */
1641 /* Disarm changing_xact_state if it all worked */
1643 }
1645 /*
1646 * Like pgfdw_abort_cleanup, submit an abort command or cancel request, but
1647 * don't wait for the result.
1648 *
1649 * Returns true if the abort command or cancel request is successfully issued,
1650 * false otherwise. If the abort command is successfully issued, the given
1651 * connection cache entry is appended to *pending_entries. Otherwise, if the
1652 * cancel request is successfully issued, it is appended to *cancel_requested.
1653 */
1654 static bool
1657 {
1658 /*
1659 * Don't try to clean up the connection if we're already in error
1660 * recursion trouble.
1661 */
1665 /*
1666 * If connection is already unsalvageable, don't touch it further.
1667 */
1671 /*
1672 * Mark this connection as in the process of changing transaction state.
1673 */
1676 /* Assume we might have lost track of prepared statements */
1679 /*
1680 * If a command has been submitted to the remote server by using an
1681 * asynchronous execution function, the command might not have yet
1682 * completed. Check to see if a command is still being processed by the
1683 * remote server, and if so, request cancellation of the command.
1684 */
1686 {
1687 TimestampTz endtime;
1690 CONNECTION_CLEANUP_TIMEOUT);
1694 }
1695 else
1696 {
1703 }
1706 }
1708 /*
1709 * Finish pre-commit cleanup of connections on each of which we've sent a
1710 * COMMIT command to the remote server.
1711 */
1712 static void
1714 {
1721 /*
1722 * Get the result of the COMMIT command for each of the pending entries
1723 */
1725 {
1730 /*
1731 * We might already have received the result on the socket, so pass
1732 * consume_input=true to try to consume it first
1733 */
1737 /* Do a DEALLOCATE ALL in parallel if needed */
1739 {
1740 /* Ignore errors (see notes in pgfdw_xact_callback) */
1742 {
1745 }
1746 }
1751 }
1753 /* No further work if no pending entries */
1757 /*
1758 * Get the result of the DEALLOCATE command for each of the pending
1759 * entries
1760 */
1762 {
1767 /* Ignore errors (see notes in pgfdw_xact_callback) */
1769 {
1771 /* Stop if the connection is lost (else we'll loop infinitely) */
1774 }
1779 }
1780 }
1782 /*
1783 * Finish pre-subcommit cleanup of connections on each of which we've sent a
1784 * RELEASE command to the remote server.
1785 */
1786 static void
1788 {
1795 /*
1796 * Get the result of the RELEASE command for each of the pending entries
1797 */
1800 {
1805 /*
1806 * We might already have received the result on the socket, so pass
1807 * consume_input=true to try to consume it first
1808 */
1813 }
1814 }
1816 /*
1817 * Finish abort cleanup of connections on each of which we've sent an abort
1818 * command or cancel request to the remote server.
1819 */
1820 static void
1823 {
1827 /*
1828 * For each of the pending cancel requests (if any), get and discard the
1829 * result of the query, and submit an abort command to the remote server.
1830 */
1832 {
1834 {
1836 TimestampTz endtime;
1841 /*
1842 * Set end time. You might think we should do this before issuing
1843 * cancel request like in normal mode, but that is problematic,
1844 * because if, for example, it took longer than 30 seconds to
1845 * process the first few entries in the cancel_requested list, it
1846 * would cause a timeout error when processing each of the
1847 * remaining entries in the list, leading to slamming that entry's
1848 * connection shut.
1849 */
1851 CONNECTION_CLEANUP_TIMEOUT);
1854 {
1855 /* Unable to cancel running query */
1858 }
1860 /* Send an abort command in parallel if needed */
1863 {
1864 /* Unable to abort remote (sub)transaction */
1866 }
1867 else
1869 }
1870 }
1872 /* No further work if no pending entries */
1876 /*
1877 * Get the result of the abort command for each of the pending entries
1878 */
1880 {
1882 TimestampTz endtime;
1887 /*
1888 * Set end time. We do this now, not before issuing the command like
1889 * in normal mode, for the same reason as for the cancel_requested
1890 * entries.
1891 */
1893 CONNECTION_CLEANUP_TIMEOUT);
1898 {
1899 /* Unable to abort remote (sub)transaction */
1902 }
1905 {
1906 /* Do a DEALLOCATE ALL in parallel if needed */
1908 {
1911 {
1912 /* Trouble clearing prepared statements */
1914 }
1915 else
1918 }
1921 }
1923 /* Reset the per-connection state if needed */
1927 /* We're done with this entry; unset the changing_xact_state flag */
1930 }
1932 /* No further work if no pending entries */
1937 /*
1938 * Get the result of the DEALLOCATE command for each of the pending
1939 * entries
1940 */
1942 {
1944 TimestampTz endtime;
1950 /*
1951 * Set end time. We do this now, not before issuing the command like
1952 * in normal mode, for the same reason as for the cancel_requested
1953 * entries.
1954 */
1956 CONNECTION_CLEANUP_TIMEOUT);
1960 {
1961 /* Trouble clearing prepared statements */
1964 }
1968 /* Reset the per-connection state if needed */
1972 /* We're done with this entry; unset the changing_xact_state flag */
1975 }
1976 }
1978 /*
1979 * List active foreign server connections.
1980 *
1981 * This function takes no input parameter and returns setof record made of
1982 * following values:
1983 * - server_name - server name of active connection. In case the foreign server
1984 * is dropped but still the connection is active, then the server name will
1985 * be NULL in output.
1986 * - valid - true/false representing whether the connection is valid or not.
1987 * Note that the connections can get invalidated in pgfdw_inval_callback.
1988 *
1989 * No records are returned when there are no cached connections at all.
1990 */
1991 Datum
1993 {
1994 #define POSTGRES_FDW_GET_CONNECTIONS_COLS 2
1996 HASH_SEQ_STATUS scan;
2001 /* If cache doesn't exist, we return no records */
2007 {
2012 /* We only look for open remote connections */
2018 /*
2019 * The foreign server may have been dropped in current explicit
2020 * transaction. It is not possible to drop the server from another
2021 * session when the connection associated with it is in use in the
2022 * current transaction, if tried so, the drop query in another session
2023 * blocks until the current transaction finishes.
2024 *
2025 * Even though the server is dropped in the current transaction, the
2026 * cache can still have associated active connection entry, say we
2027 * call such connections dangling. Since we can not fetch the server
2028 * name from system catalogs for dangling connections, instead we show
2029 * NULL value for server name in output.
2030 *
2031 * We could have done better by storing the server name in the cache
2032 * entry instead of server oid so that it could be used in the output.
2033 * But the server name in each cache entry requires 64 bytes of
2034 * memory, which is huge, when there are many cached connections and
2035 * the use case i.e. dropping the foreign server within the explicit
2036 * current transaction seems rare. So, we chose to show NULL value for
2037 * server name in output.
2038 *
2039 * Such dangling connections get closed either in next use or at the
2040 * end of current explicit transaction in pgfdw_xact_callback.
2041 */
2043 {
2044 /*
2045 * If the server has been dropped in the current explicit
2046 * transaction, then this entry would have been invalidated in
2047 * pgfdw_inval_callback at the end of drop server command. Note
2048 * that this connection would not have been closed in
2049 * pgfdw_inval_callback because it is still being used in the
2050 * current explicit transaction. So, assert that here.
2051 */
2054 /* Show null, if no server name was found */
2056 }
2057 else
2063 }
2066 }
2068 /*
2069 * Disconnect the specified cached connections.
2070 *
2071 * This function discards the open connections that are established by
2072 * postgres_fdw from the local session to the foreign server with
2073 * the given name. Note that there can be multiple connections to
2074 * the given server using different user mappings. If the connections
2075 * are used in the current local transaction, they are not disconnected
2076 * and warning messages are reported. This function returns true
2077 * if it disconnects at least one connection, otherwise false. If no
2078 * foreign server with the given name is found, an error is reported.
2079 */
2080 Datum
2082 {
2090 }
2092 /*
2093 * Disconnect all the cached connections.
2094 *
2095 * This function discards all the open connections that are established by
2096 * postgres_fdw from the local session to the foreign servers.
2097 * If the connections are used in the current local transaction, they are
2098 * not disconnected and warning messages are reported. This function
2099 * returns true if it disconnects at least one connection, otherwise false.
2100 */
2101 Datum
2103 {
2105 }
2107 /*
2108 * Workhorse to disconnect cached connections.
2109 *
2110 * This function scans all the connection cache entries and disconnects
2111 * the open connections whose foreign server OID matches with
2112 * the specified one. If InvalidOid is specified, it disconnects all
2113 * the cached connections.
2114 *
2115 * This function emits a warning for each connection that's used in
2116 * the current transaction and doesn't close it. It returns true if
2117 * it disconnects at least one connection, otherwise false.
2118 *
2119 * Note that this function disconnects even the connections that are
2120 * established by other users in the same local session using different
2121 * user mappings. This leads even non-superuser to be able to close
2122 * the connections established by superusers in the same local session.
2123 *
2124 * XXX As of now we don't see any security risk doing this. But we should
2125 * set some restrictions on that, for example, prevent non-superuser
2126 * from closing the connections established by superusers even
2127 * in the same session?
2128 */
2129 static bool
2131 {
2132 HASH_SEQ_STATUS scan;
2137 /*
2138 * Connection cache hashtable has not been initialized yet in this
2139 * session, so return false.
2140 */
2146 {
2147 /* Ignore cache entry if no open connection right now. */
2152 {
2153 /*
2154 * Emit a warning because the connection to close is used in the
2155 * current transaction and cannot be disconnected right now.
2156 */
2158 {
2162 FSV_MISSING_OK);
2165 {
2166 /*
2167 * If the foreign server was dropped while its connection
2168 * was used in the current transaction, the connection
2169 * must have been marked as invalid by
2170 * pgfdw_inval_callback at the end of DROP SERVER command.
2171 */
2176 }
2177 else
2181 }
2182 else
2183 {
2187 }
2188 }
2189 }
2192 }