*/
hba_getauthmethod(port);
- /*
- * Enable immediate response to SIGTERM/SIGINT/timeout interrupts. (We
- * don't want this during hba_getauthmethod() because it might have to do
- * database access, eg for role membership checks.)
- */
- ImmediateInterruptOK = true;
- /* And don't forget to detect one that already arrived */
CHECK_FOR_INTERRUPTS();
/*
sendAuthRequest(port, AUTH_REQ_OK);
else
auth_failed(port, status, logdetail);
-
- /* Done with authentication, so we should turn off immediate interrupts */
- ImmediateInterruptOK = false;
}
{
StringInfoData buf;
+ CHECK_FOR_INTERRUPTS();
+
pq_beginmessage(&buf, 'R');
pq_sendint(&buf, (int32) areq, sizeof(int32));
*/
if (areq != AUTH_REQ_OK)
pq_flush();
+
+ CHECK_FOR_INTERRUPTS();
}
/*
do
{
pq_startmsgread();
+
+ CHECK_FOR_INTERRUPTS();
+
mtype = pq_getbyte();
if (mtype != 'p')
{
maj_stat, min_stat,
(unsigned int) port->gss->outbuf.length, gflags);
+ CHECK_FOR_INTERRUPTS();
+
if (port->gss->outbuf.length != 0)
{
/*
* IP addresses and port numbers are in network byte order.
*
* But iff we're unable to get the information from ident, return false.
+ *
+ * XXX: Using WaitLatchOrSocket() and doing a CHECK_FOR_INTERRUPTS() if the
+ * latch was set would improve the responsiveness to timeouts/cancellations.
*/
static int
ident_inet(hbaPort *port)
/* loop in case send is interrupted */
do
{
+ CHECK_FOR_INTERRUPTS();
+
rc = send(sock_fd, ident_query, strlen(ident_query), 0);
} while (rc < 0 && errno == EINTR);
do
{
+ CHECK_FOR_INTERRUPTS();
+
rc = recv(sock_fd, ident_response, sizeof(ident_response) - 1, 0);
} while (rc < 0 && errno == EINTR);
* call to select() with a timeout, since somebody can be sending invalid
* packets to our port thus causing us to retry in a loop and never time
* out.
+ *
+ * XXX: Using WaitLatchOrSocket() and doing a CHECK_FOR_INTERRUPTS() if
+ * the latch was set would improve the responsiveness to
+ * timeouts/cancellations.
*/
gettimeofday(&endtime, NULL);
endtime.tv_sec += RADIUS_TIMEOUT;
/* not allowed during connection establishment */
Assert(!port->noblock);
+ /*
+ * No need to care about timeouts/interrupts here. At this
+ * point authentication_timeout still employs
+ * StartupPacketTimeoutHandler() which directly exits.
+ */
if (err == SSL_ERROR_WANT_READ)
waitfor = WL_SOCKET_READABLE;
else
Datum datum;
bool isnull;
- /*
- * Disable immediate interrupts while doing database access. (Note we
- * don't bother to turn this back on if we hit one of the failure
- * conditions, since we can expect we'll just exit right away anyway.)
- */
- ImmediateInterruptOK = false;
-
/* Get role info from pg_authid */
roleTup = SearchSysCache1(AUTHNAME, PointerGetDatum(role));
if (!HeapTupleIsValid(roleTup))
if (*shadow_pass == '\0')
return STATUS_ERROR; /* empty password */
- /* Re-enable immediate response to SIGTERM/SIGINT/timeout interrupts */
- ImmediateInterruptOK = true;
- /* And don't forget to detect one that already arrived */
CHECK_FOR_INTERRUPTS();
/*
/* As in quickdie, don't risk sending to client during auth */
if (ClientAuthInProgress && whereToSendOutput == DestRemote)
whereToSendOutput = DestNone;
- if (IsAutoVacuumWorkerProcess())
+ if (ClientAuthInProgress)
+ ereport(FATAL,
+ (errcode(ERRCODE_QUERY_CANCELED),
+ errmsg("canceling authentication due to timeout")));
+ else if (IsAutoVacuumWorkerProcess())
ereport(FATAL,
(errcode(ERRCODE_ADMIN_SHUTDOWN),
errmsg("terminating autovacuum process due to administrator command")));
}
QueryCancelPending = false;
- if (ClientAuthInProgress)
- {
- ImmediateInterruptOK = false; /* not idle anymore */
- LockErrorCleanup();
- /* As in quickdie, don't risk sending to client during auth */
- if (whereToSendOutput == DestRemote)
- whereToSendOutput = DestNone;
- ereport(ERROR,
- (errcode(ERRCODE_QUERY_CANCELED),
- errmsg("canceling authentication due to timeout")));
- }
/*
* If LOCK_TIMEOUT and STATEMENT_TIMEOUT indicators are both set, we
static void
StatementTimeoutHandler(void)
{
+ int sig = SIGINT;
+
+ /*
+ * During authentication the timeout is used to deal with
+ * authentication_timeout - we want to quit in response to such timeouts.
+ */
+ if (ClientAuthInProgress)
+ sig = SIGTERM;
+
#ifdef HAVE_SETSID
/* try to signal whole process group */
- kill(-MyProcPid, SIGINT);
+ kill(-MyProcPid, sig);
#endif
- kill(MyProcPid, SIGINT);
+ kill(MyProcPid, sig);
}
/*
* LOCK_TIMEOUT handler: trigger a query-cancel interrupt.
- *
- * This is identical to StatementTimeoutHandler, but since it's so short,
- * we might as well keep the two functions separate for clarity.
*/
static void
LockTimeoutHandler(void)
projects / users / rhaas / postgres.git / commitdiff