| blob | 33e8054f64306fff38adaf2bc7fc83ac977f8080 |
1 /*-------------------------------------------------------------------------
2 *
3 * connection.c
4 * Connection management functions for postgres_fdw
5 *
6 * Portions Copyright (c) 2012-2024, PostgreSQL Global Development Group
7 *
8 * IDENTIFICATION
9 * contrib/postgres_fdw/connection.c
10 *
11 *-------------------------------------------------------------------------
12 */
35 /*
36 * Connection cache hash table entry
37 *
38 * The lookup key in this hash table is the user mapping OID. We use just one
39 * connection per user mapping ID, which ensures that all the scans use the
40 * same snapshot during a query. Using the user mapping OID rather than
41 * the foreign server OID + user OID avoids creating multiple connections when
42 * the public user mapping applies to all user OIDs.
43 *
44 * The "conn" pointer can be NULL if we don't currently have a live connection.
45 * When we do have a connection, xact_depth tracks the current depth of
46 * transactions and subtransactions open on the remote side. We need to issue
47 * commands at the same nesting depth on the remote as we're executing at
48 * ourselves, so that rolling back a subtransaction will kill the right
49 * queries and not the wrong ones.
50 */
54 {
57 /* Remaining fields are invalid when conn is NULL: */
59 * one level of subxact open, etc */
67 * server option */
74 /*
75 * Connection cache (initialized on first use)
76 */
79 /* for assigning cursor numbers and prepared statement numbers */
83 /* tracks whether any work is needed in callback functions */
86 /* custom wait event values, retrieved from shared memory */
91 /*
92 * Milliseconds to wait to cancel an in-progress query or execute a cleanup
93 * query; if it takes longer than 30 seconds to do these, we assume the
94 * connection is dead.
95 */
96 #define CONNECTION_CLEANUP_TIMEOUT 30000
98 /* Macro for constructing abort command to be sent */
99 #define CONSTRUCT_ABORT_COMMAND(sql, entry, toplevel) \
100 do { \
101 if (toplevel) \
102 snprintf((sql), sizeof(sql), \
104 else \
105 snprintf((sql), sizeof(sql), \
107 (entry)->xact_depth, (entry)->xact_depth); \
108 } while(0)
110 /*
111 * SQL functions
112 */
117 /* prototypes of private functions */
129 SubTransactionId mySubid,
130 SubTransactionId parentSubid,
143 TimestampTz endtime,
163 /*
164 * Get a PGconn which can be used to execute queries on the remote PostgreSQL
165 * server with the user's authorization. A new connection is established
166 * if we don't already have a suitable one, and a transaction is opened at
167 * the right subtransaction nesting depth if we didn't do that already.
168 *
169 * will_prep_stmt must be true if caller intends to create any prepared
170 * statements. Since those don't go away automatically at transaction end
171 * (not even on error), we need this flag to cue manual cleanup.
172 *
173 * If state is not NULL, *state receives the per-connection state associated
174 * with the PGconn.
175 */
176 PGconn *
178 {
182 ConnCacheKey key;
185 /* First time through, initialize connection cache hashtable */
187 {
188 HASHCTL ctl;
191 pgfdw_we_get_result =
200 /*
201 * Register some callback functions that manage connection cleanup.
202 * This should be done just once in each backend.
203 */
210 }
212 /* Set flag that we did GetConnection during the current transaction */
215 /* Create hash key for the entry. Assume no pad bytes in key struct */
218 /*
219 * Find or create cached entry for requested connection.
220 */
223 {
224 /*
225 * We need only clear "conn" here; remaining fields will be filled
226 * later when "conn" is set.
227 */
229 }
231 /* Reject further use of connections which failed abort cleanup. */
234 /*
235 * If the connection needs to be remade due to invalidation, disconnect as
236 * soon as we're out of all transactions.
237 */
239 {
243 }
245 /*
246 * If cache entry doesn't have a connection, we have to establish a new
247 * connection. (If connect_pg_server throws an error, the cache entry
248 * will remain in a valid empty state, ie conn == NULL.)
249 */
253 /*
254 * We check the health of the cached connection here when using it. In
255 * cases where we're out of all transactions, if a broken connection is
256 * detected, we try to reestablish a new connection later.
257 */
259 {
260 /* Process a pending asynchronous request if any. */
263 /* Start a new transaction or subtransaction if needed. */
265 }
267 {
271 /*
272 * Determine whether to try to reestablish the connection.
273 *
274 * After a broken connection is detected in libpq, any error other
275 * than connection failure (e.g., out-of-memory) can be thrown
276 * somewhere between return from libpq and the expected ereport() call
277 * in pgfdw_report_error(). In this case, since PQstatus() indicates
278 * CONNECTION_BAD, checking only PQstatus() causes the false detection
279 * of connection failure. To avoid this, we also verify that the
280 * error's sqlstate is ERRCODE_CONNECTION_FAILURE. Note that also
281 * checking only the sqlstate can cause another false detection
282 * because pgfdw_report_error() may report ERRCODE_CONNECTION_FAILURE
283 * for any libpq-originated error condition.
284 */
288 {
291 }
293 /* Clean up the error state */
299 }
302 /*
303 * If a broken connection is detected, disconnect it, reestablish a new
304 * connection and retry a new remote transaction. If connection failure is
305 * reported again, we give up getting a connection.
306 */
308 {
323 }
325 /* Remember if caller will prepare statements */
328 /* If caller needs access to the per-connection state, return it. */
333 }
335 /*
336 * Reset all transient state fields in the cached connection entry and
337 * establish new connection to the remote server.
338 */
339 static void
341 {
347 /* Reset all transient state fields, to be sure all are clean */
362 /*
363 * Determine whether to keep the connection that we're about to make here
364 * open even after the transaction using it ends, so that the subsequent
365 * transactions can re-use it.
366 *
367 * By default, all the connections to any foreign servers are kept open.
368 *
369 * Also determine whether to commit/abort (sub)transactions opened on the
370 * remote server in parallel at (sub)transaction end, which is disabled by
371 * default.
372 *
373 * Note: it's enough to determine these only when making a new connection
374 * because if these settings for it are changed, it will be closed and
375 * re-made later.
376 */
381 {
390 }
392 /* Now try to make the connection */
395 elog(DEBUG3, "new postgres_fdw connection %p for server \"%s\" (user mapping oid %u, userid %u)",
397 }
399 /*
400 * Check that non-superuser has used password or delegated credentials
401 * to establish connection; otherwise, he's piggybacking on the
402 * postgres server's user identity. See also dblink_security_check()
403 * in contrib/dblink and check_conn_params.
404 */
405 static void
406 pgfdw_security_check(const char **keywords, const char **values, UserMapping *user, PGconn *conn)
407 {
408 /* Superusers bypass the check */
412 #ifdef ENABLE_GSS
413 /* Connected via GSSAPI with delegated credentials- all good. */
416 #endif
418 /* Ok if superuser set PW required false. */
422 /* Connected via PW, with PW required true, and provided non-empty PW. */
424 {
425 /* ok if params contain a non-empty password */
427 {
430 }
431 }
436 errdetail("Non-superuser cannot connect if the server does not request a password or use GSSAPI with delegated credentials."),
437 errhint("Target server's authentication method must be changed or password_required=false set in the user mapping attributes.")));
438 }
440 /*
441 * Connect to remote server using specified server and user mapping properties.
442 */
445 {
448 /*
449 * Use PG_TRY block to ensure closing connection on error.
450 */
452 {
458 /*
459 * Construct connection params from generic options of ForeignServer
460 * and UserMapping. (Some of them might not be libpq options, in
461 * which case we'll just waste a few array slots.) Add 4 extra slots
462 * for application_name, fallback_application_name, client_encoding,
463 * end marker.
464 */
475 /*
476 * Use pgfdw_application_name as application_name if set.
477 *
478 * PQconnectdbParams() processes the parameter arrays from start to
479 * end. If any key word is repeated, the last value is used. Therefore
480 * note that pgfdw_application_name must be added to the arrays after
481 * options of ForeignServer are, so that it can override
482 * application_name set in ForeignServer.
483 */
485 {
488 n++;
489 }
491 /*
492 * Search the parameter arrays to find application_name setting, and
493 * replace escape sequences in it with status information if found.
494 * The arrays are searched backwards because the last value is used if
495 * application_name is repeatedly set.
496 */
498 {
501 {
502 /*
503 * Use this application_name setting if it's not empty string
504 * even after any escape sequences in it are replaced.
505 */
508 {
511 }
513 /*
514 * This empty application_name is not used, so we set
515 * values[i] to NULL and keep searching the array to find the
516 * next one.
517 */
521 }
522 }
524 /* Use "postgres_fdw" as fallback_application_name */
527 n++;
529 /* Set client_encoding so that libpq can convert encoding properly. */
532 n++;
536 /* verify the set of connection parameters */
539 /* first time, allocate or get the custom wait event */
543 /* OK to make connection */
546 pgfdw_we_connect);
555 /* Perform post-connection security checks */
558 /* Prepare new session for use */
565 }
567 {
570 }
574 }
576 /*
577 * Disconnect any open connection for a connection cache entry.
578 */
579 static void
581 {
583 {
586 }
587 }
589 /*
590 * Return true if the password_required is defined and false for this user
591 * mapping, otherwise false. The mapping has been pre-validated.
592 */
593 static bool
595 {
599 {
604 }
607 }
609 /*
610 * For non-superusers, insist that the connstr specify a password or that the
611 * user provided their own GSSAPI delegated credentials. This
612 * prevents a password from being picked up from .pgpass, a service file, the
613 * environment, etc. We don't want the postgres user's passwords,
614 * certificates, etc to be accessible to non-superusers. (See also
615 * dblink_connstr_check in contrib/dblink.)
616 */
617 static void
619 {
622 /* no check required if superuser */
626 #ifdef ENABLE_GSS
627 /* ok if the user provided their own delegated credentials */
630 #endif
632 /* ok if params contain a non-empty password */
634 {
637 }
639 /* ok if the superuser explicitly said so at user mapping creation time */
646 errdetail("Non-superusers must delegate GSSAPI credentials or provide a password in the user mapping.")));
647 }
649 /*
650 * Issue SET commands to make sure remote session is configured properly.
651 *
652 * We do this just once at connection, assuming nothing will change the
653 * values later. Since we'll never send volatile function calls to the
654 * remote, there shouldn't be any way to break this assumption from our end.
655 * It's possible to think of ways to break it at the remote end, eg making
656 * a foreign table point to a view that includes a set_config call ---
657 * but once you admit the possibility of a malicious view definition,
658 * there are any number of ways to break things.
659 */
660 static void
662 {
665 /* Force the search path to contain only pg_catalog (see deparse.c) */
668 /*
669 * Set remote timezone; this is basically just cosmetic, since all
670 * transmitted and returned timestamptzs should specify a zone explicitly
671 * anyway. However it makes the regression test outputs more predictable.
672 *
673 * We don't risk setting remote zone equal to ours, since the remote
674 * server might use a different timezone database. Instead, use GMT
675 * (quoted, because very old servers are picky about case). That's
676 * guaranteed to work regardless of the remote's timezone database,
677 * because pg_tzset() hard-wires it (at least in PG 9.2 and later).
678 */
681 /*
682 * Set values needed to ensure unambiguous data output from remote. (This
683 * logic should match what pg_dump does. See also set_transmission_modes
684 * in postgres_fdw.c.)
685 */
691 else
693 }
695 /*
696 * Convenience subroutine to issue a non-data-returning SQL command to remote
697 */
698 void
700 {
703 }
705 static void
707 {
710 }
712 static void
714 {
717 /*
718 * If requested, consume whatever data is available from the socket. (Note
719 * that if all data is available, this allows pgfdw_get_result to call
720 * PQgetResult without forcing the overhead of WaitLatchOrSocket, which
721 * would be large compared to the overhead of PQconsumeInput.)
722 */
729 }
731 /*
732 * Start remote transaction or subtransaction, if needed.
733 *
734 * Note that we always use at least REPEATABLE READ in the remote session.
735 * This is so that, if a query initiates multiple scans of the same or
736 * different foreign tables, we will get snapshot-consistent results from
737 * those scans. A disadvantage is that we can't provide sane emulation of
738 * READ COMMITTED behavior --- it would be nice if we had some other way to
739 * control which remote queries share a snapshot.
740 */
741 static void
743 {
746 /* Start main transaction if we haven't yet */
748 {
756 else
762 }
764 /*
765 * If we're in a subtransaction, stack up savepoints to match our level.
766 * This ensures we can rollback just the desired effects when a
767 * subtransaction aborts.
768 */
770 {
778 }
779 }
781 /*
782 * Release connection reference count created by calling GetConnection.
783 */
784 void
786 {
787 /*
788 * Currently, we don't actually track connection references because all
789 * cleanup is managed on a transaction or subtransaction basis instead. So
790 * there's nothing to do here.
791 */
792 }
794 /*
795 * Assign a "unique" number for a cursor.
796 *
797 * These really only need to be unique per connection within a transaction.
798 * For the moment we ignore the per-connection point and assign them across
799 * all connections in the transaction, but we ask for the connection to be
800 * supplied in case we want to refine that.
801 *
802 * Note that even if wraparound happens in a very long transaction, actual
803 * collisions are highly improbable; just be sure to use %u not %d to print.
804 */
805 unsigned int
807 {
809 }
811 /*
812 * Assign a "unique" number for a prepared statement.
813 *
814 * This works much like GetCursorNumber, except that we never reset the counter
815 * within a session. That's because we can't be 100% sure we've gotten rid
816 * of all prepared statements on all connections, and it's not really worth
817 * increasing the risk of prepared-statement name collisions by resetting.
818 */
819 unsigned int
821 {
823 }
825 /*
826 * Submit a query and wait for the result.
827 *
828 * Since we don't use non-blocking mode, this can't process interrupts while
829 * pushing the query text to the server. That risk is relatively small, so we
830 * ignore that for now.
831 *
832 * Caller is responsible for the error handling on the result.
833 */
834 PGresult *
836 {
837 /* First, process a pending asynchronous request, if any. */
844 }
846 /*
847 * Wrap libpqsrv_get_result_last(), adding wait event.
848 *
849 * Caller is responsible for the error handling on the result.
850 */
851 PGresult *
853 {
855 }
857 /*
858 * Report an error we got from the remote server.
859 *
860 * elevel: error level to use (typically ERROR, but might be less)
861 * res: PGresult containing the error
862 * conn: connection we did the query on
863 * clear: if true, PQclear the result (otherwise caller will handle it)
864 * sql: NULL, or text of remote command we tried to execute
865 *
866 * Note: callers that choose not to throw ERROR for a remote error are
867 * responsible for making sure that the associated ConnCacheEntry gets
868 * marked with have_error = true.
869 */
870 void
873 {
874 /* If requested, PGresult must be released before leaving this function. */
876 {
890 else
893 /*
894 * If we don't get a message from the PGresult, try the PGconn. This
895 * is needed because for connection-level failures, PQgetResult may
896 * just return NULL, not a PGresult at all.
897 */
910 }
912 {
915 }
917 }
919 /*
920 * pgfdw_xact_callback --- cleanup at main-transaction end.
921 *
922 * This runs just late enough that it must not enter user-defined code
923 * locally. (Entering such code on the remote side is fine. Its remote
924 * COMMIT TRANSACTION may run deferred triggers.)
925 */
926 static void
928 {
929 HASH_SEQ_STATUS scan;
934 /* Quick exit if no connections were touched in this transaction. */
938 /*
939 * Scan all connection cache entries to find open remote transactions, and
940 * close them.
941 */
944 {
947 /* Ignore cache entry if no open connection right now */
951 /* If it has an open remote transaction, try to close it */
953 {
958 {
962 /*
963 * If abort cleanup previously failed for this connection,
964 * we can't issue any more commands against it.
965 */
968 /* Commit all remote transactions during pre-commit */
971 {
975 }
979 /*
980 * If there were any errors in subtransactions, and we
981 * made prepared statements, do a DEALLOCATE ALL to make
982 * sure we get rid of all prepared statements. This is
983 * annoying and not terribly bulletproof, but it's
984 * probably not worth trying harder.
985 *
986 * DEALLOCATE ALL only exists in 8.3 and later, so this
987 * constrains how old a server postgres_fdw can
988 * communicate with. We intentionally ignore errors in
989 * the DEALLOCATE, so that we can hobble along to some
990 * extent with older servers (leaking prepared statements
991 * as we go; but we don't really support update operations
992 * pre-8.3 anyway).
993 */
995 {
997 NULL);
999 }
1005 /*
1006 * We disallow any remote transactions, since it's not
1007 * very reasonable to hold them open until the prepared
1008 * transaction is committed. For the moment, throw error
1009 * unconditionally; later we might allow read-only cases.
1010 * Note that the error will cause us to come right back
1011 * here with event == XACT_EVENT_ABORT, so we'll clean up
1012 * the connection state at that point.
1013 */
1021 /* Pre-commit should have closed the open transaction */
1026 /* Rollback all remote transactions during abort */
1028 {
1033 }
1034 else
1037 }
1038 }
1040 /* Reset state to show we're out of a transaction */
1042 }
1044 /* If there are any pending connections, finish cleaning them up */
1046 {
1049 {
1052 }
1053 else
1054 {
1059 }
1060 }
1062 /*
1063 * Regardless of the event type, we can now mark ourselves as out of the
1064 * transaction. (Note: if we are here during PRE_COMMIT or PRE_PREPARE,
1065 * this saves a useless scan of the hashtable during COMMIT or PREPARE.)
1066 */
1069 /* Also reset cursor numbering for next transaction */
1071 }
1073 /*
1074 * pgfdw_subxact_callback --- cleanup at subtransaction end.
1075 */
1076 static void
1079 {
1080 HASH_SEQ_STATUS scan;
1086 /* Nothing to do at subxact start, nor after commit. */
1091 /* Quick exit if no connections were touched in this transaction. */
1095 /*
1096 * Scan all connection cache entries to find open remote subtransactions
1097 * of the current level, and close them.
1098 */
1102 {
1105 /*
1106 * We only care about connections with open remote subtransactions of
1107 * the current level.
1108 */
1117 {
1118 /*
1119 * If abort cleanup previously failed for this connection, we
1120 * can't issue any more commands against it.
1121 */
1124 /* Commit all remote subtransactions during pre-commit */
1128 {
1132 }
1135 }
1136 else
1137 {
1138 /* Rollback all remote subtransactions during abort */
1140 {
1145 }
1146 else
1148 }
1150 /* OK, we're outta that level of subtransaction */
1152 }
1154 /* If there are any pending connections, finish cleaning them up */
1156 {
1158 {
1161 }
1162 else
1163 {
1167 }
1168 }
1169 }
1171 /*
1172 * Connection invalidation callback function
1173 *
1174 * After a change to a pg_foreign_server or pg_user_mapping catalog entry,
1175 * close connections depending on that entry immediately if current transaction
1176 * has not used those connections yet. Otherwise, mark those connections as
1177 * invalid and then make pgfdw_xact_callback() close them at the end of current
1178 * transaction, since they cannot be closed in the midst of the transaction
1179 * using them. Closed connections will be remade at the next opportunity if
1180 * necessary.
1181 *
1182 * Although most cache invalidation callbacks blow away all the related stuff
1183 * regardless of the given hashvalue, connections are expensive enough that
1184 * it's worth trying to avoid that.
1185 *
1186 * NB: We could avoid unnecessary disconnection more strictly by examining
1187 * individual option values, but it seems too much effort for the gain.
1188 */
1189 static void
1191 {
1192 HASH_SEQ_STATUS scan;
1197 /* ConnectionHash must exist already, if we're registered */
1200 {
1201 /* Ignore invalid entries */
1205 /* hashvalue == 0 means a cache reset, must clear all state */
1211 {
1212 /*
1213 * Close the connection immediately if it's not used yet in this
1214 * transaction. Otherwise mark it as invalid so that
1215 * pgfdw_xact_callback() can close it at the end of this
1216 * transaction.
1217 */
1219 {
1222 }
1223 else
1225 }
1226 }
1227 }
1229 /*
1230 * Raise an error if the given connection cache entry is marked as being
1231 * in the middle of an xact state change. This should be called at which no
1232 * such change is expected to be in progress; if one is found to be in
1233 * progress, it means that we aborted in the middle of a previous state change
1234 * and now don't know what the remote transaction state actually is.
1235 * Such connections can't safely be further used. Re-establishing the
1236 * connection would change the snapshot and roll back any writes already
1237 * performed, so that's not an option, either. Thus, we must abort.
1238 */
1239 static void
1241 {
1244 /* nothing to do for inactive entries and entries of sane state */
1248 /* make sure this entry is inactive */
1251 /* find server name to be shown in the message below */
1258 }
1260 /*
1261 * Reset state to show we're out of a (sub)transaction.
1262 */
1263 static void
1265 {
1267 {
1268 /* Reset state to show we're out of a transaction */
1271 /*
1272 * If the connection isn't in a good idle state, it is marked as
1273 * invalid or keep_connections option of its server is disabled, then
1274 * discard it to recover. Next GetConnection will open a new
1275 * connection.
1276 */
1282 {
1285 }
1286 }
1287 else
1288 {
1289 /* Reset state to show we're out of a subtransaction */
1291 }
1292 }
1294 /*
1295 * Cancel the currently-in-progress query (whose query text we do not have)
1296 * and ignore the result. Returns true if we successfully cancel the query
1297 * and discard any pending result, and false if not.
1298 *
1299 * It's not a huge problem if we throw an ERROR here, but if we get into error
1300 * recursion trouble, we'll end up slamming the connection shut, which will
1301 * necessitate failing the entire toplevel transaction even if subtransactions
1302 * were used. Try to use WARNING where we can.
1303 *
1304 * XXX: if the query was one sent by fetch_more_data_begin(), we could get the
1305 * query text from the pendingAreq saved in the per-connection state, then
1306 * report the query using it.
1307 */
1308 static bool
1310 {
1311 TimestampTz endtime;
1313 /*
1314 * If it takes too long to cancel the query and discard the result, assume
1315 * the connection is dead.
1316 */
1318 CONNECTION_CLEANUP_TIMEOUT);
1323 }
1325 /*
1326 * Submit a cancel request to the given connection, waiting only until
1327 * the given time.
1328 *
1329 * We sleep interruptibly until we receive confirmation that the cancel
1330 * request has been accepted, and if it is, return true; if the timeout
1331 * lapses without that, or the request fails for whatever reason, return
1332 * false.
1333 */
1334 static bool
1336 {
1345 }
1347 static bool
1349 {
1353 /*
1354 * If requested, consume whatever data is available from the socket. (Note
1355 * that if all data is available, this allows pgfdw_get_cleanup_result to
1356 * call PQgetResult without forcing the overhead of WaitLatchOrSocket,
1357 * which would be large compared to the overhead of PQconsumeInput.)
1358 */
1360 {
1366 }
1368 /* Get and discard the result of the query. */
1370 {
1374 else
1381 }
1385 }
1387 /*
1388 * Submit a query during (sub)abort cleanup and wait up to 30 seconds for the
1389 * result. If the query is executed without error, the return value is true.
1390 * If the query is executed successfully but returns an error, the return
1391 * value is true if and only if ignore_errors is set. If the query can't be
1392 * sent or times out, the return value is false.
1393 *
1394 * It's not a huge problem if we throw an ERROR here, but if we get into error
1395 * recursion trouble, we'll end up slamming the connection shut, which will
1396 * necessitate failing the entire toplevel transaction even if subtransactions
1397 * were used. Try to use WARNING where we can.
1398 */
1399 static bool
1401 {
1402 TimestampTz endtime;
1404 /*
1405 * If it takes too long to execute a cleanup query, assume the connection
1406 * is dead. It's fairly likely that this is why we aborted in the first
1407 * place (e.g. statement timeout, user cancel), so the timeout shouldn't
1408 * be too long.
1409 */
1411 CONNECTION_CLEANUP_TIMEOUT);
1417 }
1419 static bool
1421 {
1424 /*
1425 * Submit a query. Since we don't use non-blocking mode, this also can
1426 * block. But its risk is relatively small, so we ignore that for now.
1427 */
1429 {
1432 }
1435 }
1437 static bool
1441 {
1447 /*
1448 * If requested, consume whatever data is available from the socket. (Note
1449 * that if all data is available, this allows pgfdw_get_cleanup_result to
1450 * call PQgetResult without forcing the overhead of WaitLatchOrSocket,
1451 * which would be large compared to the overhead of PQconsumeInput.)
1452 */
1454 {
1457 }
1459 /* Get the result of the query. */
1461 {
1466 else
1470 }
1472 /* Issue a warning if not successful. */
1474 {
1477 }
1481 }
1483 /*
1484 * Get, during abort cleanup, the result of a query that is in progress. This
1485 * might be a query that is being interrupted by transaction abort, or it might
1486 * be a query that was initiated as part of transaction abort to get the remote
1487 * side back to the appropriate state.
1488 *
1489 * endtime is the time at which we should give up and assume the remote
1490 * side is dead. Returns true if the timeout expired or connection trouble
1491 * occurred, false otherwise. Sets *result except in case of a timeout.
1492 * Sets timed_out to true only when the timeout expired.
1493 */
1494 static bool
1497 {
1503 /* In what follows, do not leak any PGresults on an error. */
1505 {
1507 {
1511 {
1516 /* If timeout has expired, give up, else get sleep time. */
1519 {
1523 }
1525 /* first time, allocate or get the custom wait event */
1529 /* Sleep until there's something to do */
1539 /* Data available in socket? */
1541 {
1543 {
1544 /* connection trouble */
1547 }
1548 }
1549 }
1557 }
1558 exit: ;
1559 }
1561 {
1564 }
1569 else
1572 }
1574 /*
1575 * Abort remote transaction or subtransaction.
1576 *
1577 * "toplevel" should be set to true if toplevel (main) transaction is
1578 * rollbacked, false otherwise.
1579 *
1580 * Set entry->changing_xact_state to false on success, true on failure.
1581 */
1582 static void
1584 {
1587 /*
1588 * Don't try to clean up the connection if we're already in error
1589 * recursion trouble.
1590 */
1594 /*
1595 * If connection is already unsalvageable, don't touch it further.
1596 */
1600 /*
1601 * Mark this connection as in the process of changing transaction state.
1602 */
1605 /* Assume we might have lost track of prepared statements */
1608 /*
1609 * If a command has been submitted to the remote server by using an
1610 * asynchronous execution function, the command might not have yet
1611 * completed. Check to see if a command is still being processed by the
1612 * remote server, and if so, request cancellation of the command.
1613 */
1623 {
1632 }
1634 /*
1635 * If pendingAreq of the per-connection state is not NULL, it means that
1636 * an asynchronous fetch begun by fetch_more_data_begin() was not done
1637 * successfully and thus the per-connection state was not reset in
1638 * fetch_more_data(); in that case reset the per-connection state here.
1639 */
1643 /* Disarm changing_xact_state if it all worked */
1645 }
1647 /*
1648 * Like pgfdw_abort_cleanup, submit an abort command or cancel request, but
1649 * don't wait for the result.
1650 *
1651 * Returns true if the abort command or cancel request is successfully issued,
1652 * false otherwise. If the abort command is successfully issued, the given
1653 * connection cache entry is appended to *pending_entries. Otherwise, if the
1654 * cancel request is successfully issued, it is appended to *cancel_requested.
1655 */
1656 static bool
1659 {
1660 /*
1661 * Don't try to clean up the connection if we're already in error
1662 * recursion trouble.
1663 */
1667 /*
1668 * If connection is already unsalvageable, don't touch it further.
1669 */
1673 /*
1674 * Mark this connection as in the process of changing transaction state.
1675 */
1678 /* Assume we might have lost track of prepared statements */
1681 /*
1682 * If a command has been submitted to the remote server by using an
1683 * asynchronous execution function, the command might not have yet
1684 * completed. Check to see if a command is still being processed by the
1685 * remote server, and if so, request cancellation of the command.
1686 */
1688 {
1689 TimestampTz endtime;
1692 CONNECTION_CLEANUP_TIMEOUT);
1696 }
1697 else
1698 {
1705 }
1708 }
1710 /*
1711 * Finish pre-commit cleanup of connections on each of which we've sent a
1712 * COMMIT command to the remote server.
1713 */
1714 static void
1716 {
1723 /*
1724 * Get the result of the COMMIT command for each of the pending entries
1725 */
1727 {
1732 /*
1733 * We might already have received the result on the socket, so pass
1734 * consume_input=true to try to consume it first
1735 */
1739 /* Do a DEALLOCATE ALL in parallel if needed */
1741 {
1742 /* Ignore errors (see notes in pgfdw_xact_callback) */
1744 {
1747 }
1748 }
1753 }
1755 /* No further work if no pending entries */
1759 /*
1760 * Get the result of the DEALLOCATE command for each of the pending
1761 * entries
1762 */
1764 {
1769 /* Ignore errors (see notes in pgfdw_xact_callback) */
1771 {
1773 /* Stop if the connection is lost (else we'll loop infinitely) */
1776 }
1781 }
1782 }
1784 /*
1785 * Finish pre-subcommit cleanup of connections on each of which we've sent a
1786 * RELEASE command to the remote server.
1787 */
1788 static void
1790 {
1797 /*
1798 * Get the result of the RELEASE command for each of the pending entries
1799 */
1802 {
1807 /*
1808 * We might already have received the result on the socket, so pass
1809 * consume_input=true to try to consume it first
1810 */
1815 }
1816 }
1818 /*
1819 * Finish abort cleanup of connections on each of which we've sent an abort
1820 * command or cancel request to the remote server.
1821 */
1822 static void
1825 {
1829 /*
1830 * For each of the pending cancel requests (if any), get and discard the
1831 * result of the query, and submit an abort command to the remote server.
1832 */
1834 {
1836 {
1838 TimestampTz endtime;
1843 /*
1844 * Set end time. You might think we should do this before issuing
1845 * cancel request like in normal mode, but that is problematic,
1846 * because if, for example, it took longer than 30 seconds to
1847 * process the first few entries in the cancel_requested list, it
1848 * would cause a timeout error when processing each of the
1849 * remaining entries in the list, leading to slamming that entry's
1850 * connection shut.
1851 */
1853 CONNECTION_CLEANUP_TIMEOUT);
1856 {
1857 /* Unable to cancel running query */
1860 }
1862 /* Send an abort command in parallel if needed */
1865 {
1866 /* Unable to abort remote (sub)transaction */
1868 }
1869 else
1871 }
1872 }
1874 /* No further work if no pending entries */
1878 /*
1879 * Get the result of the abort command for each of the pending entries
1880 */
1882 {
1884 TimestampTz endtime;
1889 /*
1890 * Set end time. We do this now, not before issuing the command like
1891 * in normal mode, for the same reason as for the cancel_requested
1892 * entries.
1893 */
1895 CONNECTION_CLEANUP_TIMEOUT);
1900 {
1901 /* Unable to abort remote (sub)transaction */
1904 }
1907 {
1908 /* Do a DEALLOCATE ALL in parallel if needed */
1910 {
1913 {
1914 /* Trouble clearing prepared statements */
1916 }
1917 else
1920 }
1923 }
1925 /* Reset the per-connection state if needed */
1929 /* We're done with this entry; unset the changing_xact_state flag */
1932 }
1934 /* No further work if no pending entries */
1939 /*
1940 * Get the result of the DEALLOCATE command for each of the pending
1941 * entries
1942 */
1944 {
1946 TimestampTz endtime;
1952 /*
1953 * Set end time. We do this now, not before issuing the command like
1954 * in normal mode, for the same reason as for the cancel_requested
1955 * entries.
1956 */
1958 CONNECTION_CLEANUP_TIMEOUT);
1962 {
1963 /* Trouble clearing prepared statements */
1966 }
1970 /* Reset the per-connection state if needed */
1974 /* We're done with this entry; unset the changing_xact_state flag */
1977 }
1978 }
1980 /*
1981 * List active foreign server connections.
1982 *
1983 * This function takes no input parameter and returns setof record made of
1984 * following values:
1985 * - server_name - server name of active connection. In case the foreign server
1986 * is dropped but still the connection is active, then the server name will
1987 * be NULL in output.
1988 * - valid - true/false representing whether the connection is valid or not.
1989 * Note that the connections can get invalidated in pgfdw_inval_callback.
1990 *
1991 * No records are returned when there are no cached connections at all.
1992 */
1993 Datum
1995 {
1996 #define POSTGRES_FDW_GET_CONNECTIONS_COLS 2
1998 HASH_SEQ_STATUS scan;
2003 /* If cache doesn't exist, we return no records */
2009 {
2014 /* We only look for open remote connections */
2020 /*
2021 * The foreign server may have been dropped in current explicit
2022 * transaction. It is not possible to drop the server from another
2023 * session when the connection associated with it is in use in the
2024 * current transaction, if tried so, the drop query in another session
2025 * blocks until the current transaction finishes.
2026 *
2027 * Even though the server is dropped in the current transaction, the
2028 * cache can still have associated active connection entry, say we
2029 * call such connections dangling. Since we can not fetch the server
2030 * name from system catalogs for dangling connections, instead we show
2031 * NULL value for server name in output.
2032 *
2033 * We could have done better by storing the server name in the cache
2034 * entry instead of server oid so that it could be used in the output.
2035 * But the server name in each cache entry requires 64 bytes of
2036 * memory, which is huge, when there are many cached connections and
2037 * the use case i.e. dropping the foreign server within the explicit
2038 * current transaction seems rare. So, we chose to show NULL value for
2039 * server name in output.
2040 *
2041 * Such dangling connections get closed either in next use or at the
2042 * end of current explicit transaction in pgfdw_xact_callback.
2043 */
2045 {
2046 /*
2047 * If the server has been dropped in the current explicit
2048 * transaction, then this entry would have been invalidated in
2049 * pgfdw_inval_callback at the end of drop server command. Note
2050 * that this connection would not have been closed in
2051 * pgfdw_inval_callback because it is still being used in the
2052 * current explicit transaction. So, assert that here.
2053 */
2056 /* Show null, if no server name was found */
2058 }
2059 else
2065 }
2068 }
2070 /*
2071 * Disconnect the specified cached connections.
2072 *
2073 * This function discards the open connections that are established by
2074 * postgres_fdw from the local session to the foreign server with
2075 * the given name. Note that there can be multiple connections to
2076 * the given server using different user mappings. If the connections
2077 * are used in the current local transaction, they are not disconnected
2078 * and warning messages are reported. This function returns true
2079 * if it disconnects at least one connection, otherwise false. If no
2080 * foreign server with the given name is found, an error is reported.
2081 */
2082 Datum
2084 {
2092 }
2094 /*
2095 * Disconnect all the cached connections.
2096 *
2097 * This function discards all the open connections that are established by
2098 * postgres_fdw from the local session to the foreign servers.
2099 * If the connections are used in the current local transaction, they are
2100 * not disconnected and warning messages are reported. This function
2101 * returns true if it disconnects at least one connection, otherwise false.
2102 */
2103 Datum
2105 {
2107 }
2109 /*
2110 * Workhorse to disconnect cached connections.
2111 *
2112 * This function scans all the connection cache entries and disconnects
2113 * the open connections whose foreign server OID matches with
2114 * the specified one. If InvalidOid is specified, it disconnects all
2115 * the cached connections.
2116 *
2117 * This function emits a warning for each connection that's used in
2118 * the current transaction and doesn't close it. It returns true if
2119 * it disconnects at least one connection, otherwise false.
2120 *
2121 * Note that this function disconnects even the connections that are
2122 * established by other users in the same local session using different
2123 * user mappings. This leads even non-superuser to be able to close
2124 * the connections established by superusers in the same local session.
2125 *
2126 * XXX As of now we don't see any security risk doing this. But we should
2127 * set some restrictions on that, for example, prevent non-superuser
2128 * from closing the connections established by superusers even
2129 * in the same session?
2130 */
2131 static bool
2133 {
2134 HASH_SEQ_STATUS scan;
2139 /*
2140 * Connection cache hashtable has not been initialized yet in this
2141 * session, so return false.
2142 */
2148 {
2149 /* Ignore cache entry if no open connection right now. */
2154 {
2155 /*
2156 * Emit a warning because the connection to close is used in the
2157 * current transaction and cannot be disconnected right now.
2158 */
2160 {
2164 FSV_MISSING_OK);
2167 {
2168 /*
2169 * If the foreign server was dropped while its connection
2170 * was used in the current transaction, the connection
2171 * must have been marked as invalid by
2172 * pgfdw_inval_callback at the end of DROP SERVER command.
2173 */
2178 }
2179 else
2183 }
2184 else
2185 {
2189 }
2190 }
2191 }
2194 }