PostgreSQL数据库网络层——libpq协议加密协商阶段

waaagh

关注

阅读 45

2022-07-28


PQconnectPoll函数会为客户端连接推进状态机,为CONNECTION_MADE状态进行处理,这里的主要工作就是启动认证请求。首先我们看一下backend服务端库,实现认证客户端连接\ssl支持等的文件为src/backend/libpq;实现客户端登陆认证的文件为auth.c;实现大对象相关文件为be_fsstubs.c;实现用户连接配置相关的文件为hba.c,实现消息队列相关的文件为pqmq.;实现信号相关的文件为pgsignal.c;实现前后端通信功能的文件为pqcomm.c;实现格式化和解析前后端消息的文件为pqformat.c。

PostgreSQL数据库网络层——libpq协议加密协商阶段_数据库


加密协商阶段是在连接建立后进行的第一个阶段,为了保证后续的认证协商阶段中会话信息不会泄露,需要先对连接进行通信加密。在连接建立后前端发出的第一个通信包将开始加密协商阶段,加密协商阶段前端会发出4中类型的通信消息;

  • Startup message
  • SSL encrypt request
  • GSS encrypt request
  • Cancel request
    其中Startup message和Cancel request表示前端不需要进行加密协商阶段,但后端可以根据配置给与对应的应答,运行进入认证协商阶段或关闭连接。
  • PostgreSQL数据库网络层——libpq协议加密协商阶段_unix_02

前端发出的第一个通信包

首先UNIX套接字不能进行SSL or GSSAPI认证,需要进行requirepeer认证(认证详情需要仔细阅读下面的代码)。如果启用了 GSSAPI 并且我们有凭据缓存,请尝试在发送启动消息之前对其进行设置。

case CONNECTION_MADE: {
char *startpacket;
int packetlen;
#ifdef HAVE_UNIX_SOCKETS
/* Implement requirepeer check, if requested and it's a Unix-domain socket. */
if (conn->requirepeer && conn->requirepeer[0] && IS_AF_UNIX(conn->raddr.addr.ss_family)) {
char pwdbuf[BUFSIZ]; struct passwd pass_buf; struct passwd *pass; int passerr;
uid_t uid; gid_t gid; errno = 0;
if (getpeereid(conn->sock, &uid, &gid) != 0) {
/* Provide special error message if getpeereid is a stub */
if (errno == ENOSYS) appendPQExpBufferStr(&conn->errorMessage, libpq_gettext("requirepeer parameter is not supported on this platform\n"));
else appendPQExpBuffer(&conn->errorMessage, libpq_gettext("could not get peer credentials: %s\n"), strerror_r(errno, sebuf, sizeof(sebuf)));
goto error_return;
}
passerr = pqGetpwuid(uid, &pass_buf, pwdbuf, sizeof(pwdbuf), &pass);
if (pass == NULL) {
if (passerr != 0) appendPQExpBuffer(&conn->errorMessage, libpq_gettext("could not look up local user ID %d: %s\n"), (int) uid, strerror_r(passerr, sebuf, sizeof(sebuf)));
else appendPQExpBuffer(&conn->errorMessage, libpq_gettext("local user with ID %d does not exist\n"), (int) uid);
goto error_return;
}
if (strcmp(pass->pw_name, conn->requirepeer) != 0){
appendPQExpBuffer(&conn->errorMessage,libpq_gettext("requirepeer specifies \"%s\", but actual peer user name is \"%s\"\n"),conn->requirepeer, pass->pw_name);
goto error_return;
}
}
#endif /* HAVE_UNIX_SOCKETS */
if (IS_AF_UNIX(conn->raddr.addr.ss_family)){ /* Don't request SSL or GSSAPI over Unix sockets */
#ifdef USE_SSL
conn->allow_ssl_try = false;
#endif
#ifdef ENABLE_GSS
conn->try_gss = false;
#endif
}
#ifdef ENABLE_GSS
/* If GSSAPI is enabled and we have a credential cache, try to set it up before sending startup messages. If it's already operating, don't try SSL and instead just build the startup packet. 如果启用了 GSSAPI 并且我们有凭据缓存,请尝试在发送启动消息之前对其进行设置。 如果它已经在运行,请不要尝试 SSL,而只需构建启动数据包。 */
if (conn->try_gss && !conn->gctx) conn->try_gss = pg_GSS_have_cred_cache(&conn->gcred);
if (conn->try_gss && !conn->gctx) {
ProtocolVersion pv = pg_hton32(NEGOTIATE_GSS_CODE);
if (pqPacketSend(conn, 0, &pv, sizeof(pv)) != STATUS_OK) {
appendPQExpBuffer(&conn->errorMessage, libpq_gettext("could not send GSSAPI negotiation packet: %s\n"), SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf)));
goto error_return;
}
conn->status = CONNECTION_GSS_STARTUP; /* Ok, wait for response */
return PGRES_POLLING_READING;
}else if (!conn->gctx && conn->gssencmode[0] == 'r') {
appendPQExpBuffer(&conn->errorMessage, libpq_gettext("GSSAPI encryption required but was impossible (possibly no credential cache, no server support, or using a local socket)\n"));
goto error_return;
}
#endif

#ifdef USE_SSL

/* If SSL is enabled and we haven't already got encryption of some sort running, request SSL instead of sending the startup message. */
if (conn->allow_ssl_try && !conn->wait_ssl_try && !conn->ssl_in_use
#ifdef ENABLE_GSS
&& !conn->gssenc
#endif
){
ProtocolVersion pv;
/* Send the SSL request packet. Theoretically, this could block, but it really shouldn't since we only got here if the socket is write-ready. 发送 SSL 请求数据包。 从理论上讲,这可能会阻塞,但实际上不应该,因为我们只有在套接字准备好写入时才到达这里。 */
pv = pg_hton32(NEGOTIATE_SSL_CODE);
if (pqPacketSend(conn, 0, &pv, sizeof(pv)) != STATUS_OK) {
appendPQExpBuffer(&conn->errorMessage,libpq_gettext("could not send SSL negotiation packet: %s\n"),SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf)));
goto error_return;
}
conn->status = CONNECTION_SSL_STARTUP; /* Ok, wait for response */
return PGRES_POLLING_READING;
}
#endif /* USE_SSL */

/* Build the startup packet. 构建启动包 */
if (PG_PROTOCOL_MAJOR(conn->pversion) >= 3)
startpacket = pqBuildStartupPacket3(conn, &packetlen, EnvironmentOptions);
else
startpacket = pqBuildStartupPacket2(conn, &packetlen, EnvironmentOptions);
if (!startpacket) {
/* will not appendbuffer here, since it's likely to also run out of memory 不会在这里追加缓冲区,因为它也可能会耗尽内存 */
printfPQExpBuffer(&conn->errorMessage, libpq_gettext("out of memory\n"));
goto error_return;
}

/* Send the startup packet. Theoretically, this could block, but it really shouldn't since we only got here if the socket is write-ready. 发送启动包。 理论上,这可能会阻塞,但它真的不应该,因为我们只有在套接字准备好写入时才到达这里 */
if (pqPacketSend(conn, 0, startpacket, packetlen) != STATUS_OK) {
appendPQExpBuffer(&conn->errorMessage, libpq_gettext("could not send startup packet: %s\n"), SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf)));
free(startpacket);
goto error_return;
}
free(startpacket);
conn->status = CONNECTION_AWAITING_RESPONSE;
return PGRES_POLLING_READING;
}

PostgreSQL目前支持SSL加密与GSSAPI加密,其对应的加密协商请求为SSL encrypt request和GSS encrypt request,他们的消息格式为

PostgreSQL数据库网络层——libpq协议加密协商阶段_database_03


其中特殊值TAG为一个4字节的网络字节序的int值。SSL encrypt request为80877102;GSS encrypt request为80877103。

/* A client can also start by sending a SSL or GSSAPI negotiation request to get a secure channel. */
#define NEGOTIATE_SSL_CODE PG_PROTOCOL(1234,5679)
#define NEGOTIATE_GSS_CODE PG_PROTOCOL(1234,5680)
#define PG_PROTOCOL(m,n) (((m) << 16) | (n))

我们看到发送加密协商请求的代码是​​pqPacketSend(conn, 0, &pv, sizeof(pv))​​;发送的整体流程如下所示。

int pqPacketSend(PGconn *conn, char pack_type, const void *buf, size_t buf_len) {
/* Start the message. */
if (pqPutMsgStart(pack_type, true, conn)) return STATUS_ERROR;
/* Send the message body. */
if (pqPutnchar(buf, buf_len, conn)) return STATUS_ERROR;
/* Finish the message. */
if (pqPutMsgEnd(conn)) return STATUS_ERROR;
/* Flush to ensure backend gets it. */
if (pqFlush(conn)) return STATUS_ERROR;
return STATUS_OK;
}

后端根据TAG值区分前端的加密请求类型,并根据配置给与对应的回答:SSL encrypt request如果通过将回复单字节S,如果不通过则回复单字节N;GSS encrypt request如果通过将回复单字节G,如果不通过则回复单字节N。
以SSL认证为例,接下来连接状态会跳转到CONNECTION_SSL_STARTUP。

后端确认回应

后端确认回应的流程在ProcessStartupPacket中,而ProcessStartupPacket函数在BackendInitialize函数中调用,并且在pq_init函数之后(PostgreSQL数据库网络层——libpq服务端顶层接口)。注意在调用ProcessStartupPacket函数之前,会对SIGTERM、SIGQUIT的信号处理函数进行注册(如果我们在尝试收集启动数据包时收到 SIGTERM 或超时,我们会安排执行 proc_exit(1);而 SIGQUIT 导致 _exit(2)。否则,如果有缺陷的客户端未能及时发送数据包,postmaster将无法快速或 IMMED 干净地关闭数据库。)。

static int ServerLoop(void){
| -- nSockets = initMasks(&readmask);
| -- for (;;){ /* Wait for a connection request to arrive */
| -- if (pmState == PM_WAIT_DEAD_END)
| -- else
| -- selres = select(nSockets, &rmask, NULL, NULL, &timeout); // 监听新连接
| -- if (selres > 0)
| -- for (i = 0; i < MAXLISTEN; i++)
| -- port = ConnCreate(ListenSocket[i]);
| -- if (!(port = (Port *) calloc(1, sizeof(Port))))
| -- if (StreamConnection(serverFd, port) != STATUS_OK)
| -- if ((port->sock = accept(server_fd, (struct sockaddr *) &port->raddr.addr, &port->raddr.salen)) == PGINVALID_SOCKET)
| -- 为port->sock设置TCP_NODELAY、SO_KEEPALIVE等参数
| -- if (port){
| -- BackendStartup(Port *port)
| -- pid = fork_process();
| -- if (pid == 0){ // postgres后端子进程
| -- InitPostmasterChild();
| -- ClosePostmasterPorts(false);
| -- BackendInitialize(Port *port)
| -- MyProcPort = port;
| -- port->remote_host = "";
| -- port->remote_port = "";
| -- pq_init(); /* initialize libpq to talk to client */
| -- whereToSendOutput = DestRemote; /* now safe to ereport to client */
| -- pqsignal(SIGTERM, process_startup_packet_die);
| -- pqsignal(SIGQUIT, process_startup_packet_quickdie);
| -- InitializeTimeouts(); /* establishes SIGALRM handler */
| -- RegisterTimeout(STARTUP_PACKET_TIMEOUT, StartupPacketTimeoutHandler);
| -- enable_timeout_after(STARTUP_PACKET_TIMEOUT, AuthenticationTimeout * 1000);
| -- ProcessStartupPacket
| -- disable_timeout(STARTUP_PACKET_TIMEOUT, false);

ProcessStartupPacket函数会读取客户端的启动包并根据它做一些事情。返回 STATUS_OK 或 STATUS_ERROR,或者可能调用 ereport(FATAL) 并且根本不返回。(请注意,ereport(FATAL) 内容已发送到客户端,因此仅在您想要的情况下使用它。如果您不想向客户端发送任何内容,则返回 STATUS_ERROR,如果我们检测到通信失败,这通常是合适的 .)
当加密层(当前为 TLS 或 GSSAPI)的协商完成时设置 ssl_done 和/或 gss_done。 任一加密层的成功协商都会设置两个标志,但被拒绝的协商只会设置该层的标志,因为客户端可能希望尝试另一个。 我们不应该在这里假设客户可能提出请求的顺序。

static int ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done) {
int32 len;
void *buf;
ProtocolVersion proto;
MemoryContext oldcontext;

pq_startmsgread();
/* Grab the first byte of the length word separately, so that we can tell whether we have no data at all or an incomplete packet. (This might sound inefficient, but it's not really, because of buffering in pqcomm.c.) 分别抓取长度字的第一个字节,这样我们就可以判断我们是完全没有数据还是一个不完整的数据包。 (这听起来可能效率低下,但实际上并非如此,因为在 pqcomm.c 中进行了缓冲。) */
if (pq_getbytes((char *) &len, 1) == EOF) {
/* If we get no data at all, don't clutter the log with a complaint; such cases often occur for legitimate reasons. An example is that we might be here after responding to NEGOTIATE_SSL_CODE, and if the client didn't like our response, it'll probably just drop the connection. Service-monitoring software also often just opens and closes a connection without sending anything. (So do port scanners, which may be less benign, but it's not really our job to notice those.) 如果我们根本没有得到任何数据,请不要在日志中乱写抱怨; 此类案件经常出于正当理由而发生。 一个例子是我们可能在响应 NEGOTIATE_SSL_CODE 后就到这里了,如果客户端不喜欢我们的响应,它可能会直接断开连接。 服务监控软件通常也只是打开和关闭连接而不发送任何内容。 (端口扫描器也是如此,它可能不那么良性,但注意到这些并不是我们真正的工作。) */
return STATUS_ERROR;
}

if (pq_getbytes(((char *) &len) + 1, 3) == EOF) {
/* Got a partial length word, so bleat about that */
if (!ssl_done && !gss_done)
ereport(COMMERROR,(errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("incomplete startup packet")));
return STATUS_ERROR;
}

len = pg_ntoh32(len); len -= 4;

if (len < (int32) sizeof(ProtocolVersion) || len > MAX_STARTUP_PACKET_LENGTH) {
ereport(COMMERROR,(errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("invalid length of startup packet")));
return STATUS_ERROR;
}

/* Allocate at least the size of an old-style startup packet, plus one extra byte, and make sure all are zeroes. This ensures we will have null termination of all strings, in both fixed- and variable-length packet layouts. 至少分配旧式启动数据包的大小,再加上一个额外的字节,并确保全部为零。 这确保我们将在固定长度和可变长度的数据包布局中对所有字符串进行空终止 */
if (len <= (int32) sizeof(StartupPacket)) buf = palloc0(sizeof(StartupPacket) + 1);
else buf = palloc0(len + 1);
if (pq_getbytes(buf, len) == EOF) {
ereport(COMMERROR,(errcode(ERRCODE_PROTOCOL_VIOLATION),errmsg("incomplete startup packet")));
return STATUS_ERROR;
}
pq_endmsgread();

接下来就是处理接收过来的数据包了,对CANCEL_REQUEST_CODE、NEGOTIATE_SSL_CODE、NEGOTIATE_GSS_CODE三种类型的请求进行相应的处理。

/* The first field is either a protocol version number or a special request code. 第一个字段是协议版本号或特殊请求代码。 */
port->proto = proto = pg_ntoh32(*((ProtocolVersion *) buf));
if (proto == CANCEL_REQUEST_CODE) {
processCancelRequest(port, buf);
return STATUS_ERROR; /* Not really an error, but we don't want to proceed further */
}
if (proto == NEGOTIATE_SSL_CODE && !ssl_done) {
char SSLok;
#ifdef USE_SSL
if (!LoadedSSL || IS_AF_UNIX(port->laddr.addr.ss_family)) /* No SSL when disabled or on Unix sockets */
SSLok = 'N';
else
SSLok = 'S'; /* Support for SSL */
#else
SSLok = 'N'; /* No support for SSL */
#endif
retry1:
if (send(port->sock, &SSLok, 1, 0) != 1){
if (errno == EINTR)
goto retry1; /* if interrupted, just retry */
ereport(COMMERROR,(errcode_for_socket_access(), errmsg("failed to send SSL negotiation response: %m")));
return STATUS_ERROR; /* close the connection */
}

#ifdef USE_SSL
if (SSLok == 'S' && secure_open_server(port) == -1) return STATUS_ERROR;
#endif
/* regular startup packet, cancel, etc packet should follow, but not another SSL negotiation request, and a GSS request should only follow if SSL was rejected (client may negotiate in either order) 应该遵循常规的启动数据包、取消等数据包,但不是另一个 SSL 协商请求,并且只有在 SSL 被拒绝时才应该遵循 GSS 请求(客户端可以按任一顺序协商) */
return ProcessStartupPacket(port, true, SSLok == 'S');
}
else if (proto == NEGOTIATE_GSS_CODE && !gss_done) {
char GSSok = 'N';
#ifdef ENABLE_GSS
/* No GSSAPI encryption when on Unix socket */
if (!IS_AF_UNIX(port->laddr.addr.ss_family)) GSSok = 'G';
#endif
while (send(port->sock, &GSSok, 1, 0) != 1) {
if (errno == EINTR) continue;
ereport(COMMERROR,(errcode_for_socket_access(),errmsg("failed to send GSSAPI negotiation response: %m")));
return STATUS_ERROR; /* close the connection */
}

#ifdef ENABLE_GSS
if (GSSok == 'G' && secure_open_gssapi(port) == -1) return STATUS_ERROR;
#endif
/* regular startup packet, cancel, etc packet should follow, but not another GSS negotiation request, and an SSL request should only follow if GSS was rejected (client may negotiate in either order) */
return ProcessStartupPacket(port, GSSok == 'G', true);
}

我们以SSL为例,下一个阶段就是以ssl_done为true,运行​​ProcessStartupPacket(port, true, SSLok == 'S')​​代码,也就是处理真正的startup包。

SSL handshake

PostgreSQL数据库网络层——libpq协议加密协商阶段_数据库_04


如果通过了PostgreSQL协议的SSL encrypt握手,那么前端和后端将会开始一个标准的SSL Handshake,通过标准的openssl库将会接管ssl握手的过程,直到握手完成或握手异常导致连接中断,当握手完成时PostgreSQL协议将进入认证协商阶段。

前端推进SSL认证

客户端尝试为此连接推进状态机,为CONNECTION_SSL_STARTUP状态进行处理SSL协商,成功则推进到CONNECTION_MADE。

/* Handle SSL negotiation: wait for postmaster messages and respond as necessary. 处理 SSL 协商:等待 postmaster 消息并根据需要做出响应。 */
case CONNECTION_SSL_STARTUP: {
#ifdef USE_SSL
PostgresPollingStatusType pollres;
/* On first time through, get the postmaster's response to our SSL negotiation packet. 在第一次通过时,获取postmaster对我们的 SSL 协商数据包的响应。 */
if (!conn->ssl_in_use) {
/* We use pqReadData here since it has the logic to distinguish no-data-yet from connection closure. Since conn->ssl isn't set, a plain recv() will occur. 我们在这里使用 pqReadData 因为它具有区分 no-data-yet 和连接关闭的逻辑。 由于未设置 conn->ssl,因此将发生普通的 recv() */
char SSLok;
int rdresult;
rdresult = pqReadData(conn);
if (rdresult < 0){ goto error_return; /* errorMessage is already filled in */
}
if (rdresult == 0){ return PGRES_POLLING_READING; /* caller failed to wait for data */
}
if (pqGetc(&SSLok, conn) < 0){ return PGRES_POLLING_READING; /* should not happen really */
}
if (SSLok == 'S') {
conn->inStart = conn->inCursor; /* mark byte consumed */
if (pqsecure_initialize(conn) != 0) /* Set up global SSL state if required 如果需要,设置全局 SSL 状态 */
goto error_return;
}else if (SSLok == 'N'){
conn->inStart = conn->inCursor; /* mark byte consumed */
/* OK to do without SSL? */
if (conn->sslmode[0] == 'r' || /* "require" */ conn->sslmode[0] == 'v') /* "verify-ca" or "verify-full" */{
/* Require SSL, but server does not want it */
appendPQExpBufferStr(&conn->errorMessage, libpq_gettext("server does not support SSL, but SSL was required\n"));
goto error_return;
}
conn->allow_ssl_try = false; /* Otherwise, proceed with normal startup */
conn->status = CONNECTION_MADE; /* We can proceed using this connection */
return PGRES_POLLING_WRITING;
}else if (SSLok == 'E'){
/* Server failure of some sort, such as failure to fork a backend process. We need to process and report the error message, which might be formatted according to either protocol 2 or protocol 3. Rather than duplicate the code for that, we flip into AWAITING_RESPONSE state and let the code there deal with it. Note we have *not* consumed the "E" byte here. 某种服务器故障,例如无法派生后端进程。 我们需要处理和报告错误消息,它可能根据协议 2 或协议 3 进行格式化。与其复制代码,我们切换到 AWAITING_RESPONSE 状态并让那里的代码处理它。 请注意,我们*没有*在这里消耗了“E”字节。 */
conn->status = CONNECTION_AWAITING_RESPONSE;
goto keep_going;
}else{
appendPQExpBuffer(&conn->errorMessage,libpq_gettext("received invalid response to SSL negotiation: %c\n"),SSLok);
goto error_return;
}
}

/* Begin or continue the SSL negotiation process.开始或继续 SSL 协商过程 */
pollres = pqsecure_open_client(conn);
if (pollres == PGRES_POLLING_OK) {
conn->status = CONNECTION_MADE; /* SSL handshake done, ready to send startup packet SSL 握手完成,准备发送启动数据包 */
return PGRES_POLLING_WRITING;
}
if (pollres == PGRES_POLLING_FAILED){
/* Failed ... if sslmode is "prefer" then do a non-SSL retry */
if (conn->sslmode[0] == 'p' /* "prefer" */ && conn->allow_ssl_try /* redundant? */ && !conn->wait_ssl_try) /* redundant? */ {
conn->allow_ssl_try = false; /* only retry once */
need_new_connection = true;
goto keep_going;
}
goto error_return; /* Else it's a hard failure */
}
/* Else, return POLLING_READING or POLLING_WRITING status */
return pollres;
#else /* !USE_SSL */
/* can't get here */
goto error_return;
#endif /* USE_SSL */
}

下面尝试为此连接推进状态机,为CONNECTION_MADE状态进行处理,这里构建启动包。

case CONNECTION_MADE: {
...
/* Build the startup packet. 构建启动包 */
if (PG_PROTOCOL_MAJOR(conn->pversion) >= 3) startpacket = pqBuildStartupPacket3(conn, &packetlen, EnvironmentOptions);
else startpacket = pqBuildStartupPacket2(conn, &packetlen, EnvironmentOptions);
if (!startpacket) {
/* will not appendbuffer here, since it's likely to also run out of memory 不会在这里追加缓冲区,因为它也可能会耗尽内存 */
printfPQExpBuffer(&conn->errorMessage, libpq_gettext("out of memory\n"));
goto error_return;
}
/* Send the startup packet. Theoretically, this could block, but it really shouldn't since we only got here if the socket is write-ready. 发送启动包。 理论上,这可能会阻塞,但它真的不应该,因为我们只有在套接字准备好写入时才到达这里 */
if (pqPacketSend(conn, 0, startpacket, packetlen) != STATUS_OK) {
appendPQExpBuffer(&conn->errorMessage, libpq_gettext("could not send startup packet: %s\n"), SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf)));
free(startpacket);
goto error_return;
}
free(startpacket);
conn->status = CONNECTION_AWAITING_RESPONSE;
return PGRES_POLLING_READING;
}

后端确认回应

ProcessStartupPacket函数以ssl_done为true,运行​​ProcessStartupPacket(port, true, SSLok == 'S')​​代码,也就是处理真正的startup包。

/* Set FrontendProtocol now so that ereport() knows what format to send if we fail during startup. 现在设置前端协议,以便 ereport() 知道如果我们在启动期间失败时要发送什么格式 */
FrontendProtocol = proto;
/* Check that the major protocol version is in range. */
if (PG_PROTOCOL_MAJOR(proto) < PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST) ||PG_PROTOCOL_MAJOR(proto) > PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST))
ereport(FATAL,(errcode(ERRCODE_FEATURE_NOT_SUPPORTED), errmsg("unsupported frontend protocol %u.%u: server supports %u.0 to %u.%u",PG_PROTOCOL_MAJOR(proto), PG_PROTOCOL_MINOR(proto),PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST),PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST),PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST))));

扫描数据包正文以查找名称/选项对

/* Now fetch parameters out of startup packet and save them into the Port structure.  All data structures attached to the Port struct must be allocated in TopMemoryContext so that they will remain available in a running backend (even after PostmasterContext is destroyed).  We need not worry about leaking this storage on failure, since we aren't in the postmaster process anymore. 现在从启动数据包中获取参数并将它们保存到端口结构中。 附加到 Port 结构的所有数据结构都必须在 TopMemoryContext 中分配,以便它们在运行的后端中保持可用(即使在 PostmasterContext 被销毁后)。 我们不必担心在失败时泄漏此存储,因为我们不再处于 postmaster 进程中 */
oldcontext = MemoryContextSwitchTo(TopMemoryContext);
if (PG_PROTOCOL_MAJOR(proto) >= 3){
int32 offset = sizeof(ProtocolVersion);
List *unrecognized_protocol_options = NIL;
/* Scan packet body for name/option pairs. We can assume any string beginning within the packet body is null-terminated, thanks to zeroing extra byte above. 扫描数据包正文以查找名称/选项对。 我们可以假设在数据包主体内开始的任何字符串都是空终止的,这要归功于上面的额外字节归零 */
port->guc_options = NIL;
while (offset < len){
char *nameptr = ((char *) buf) + offset;int32 valoffset; char *valptr;
if (*nameptr == '\0') break; /* found packet terminator */
valoffset = offset + strlen(nameptr) + 1;
if (valoffset >= len) break; /* missing value, will complain below */
valptr = ((char *) buf) + valoffset;

if (strcmp(nameptr, "database") == 0) port->database_name = pstrdup(valptr);
else if (strcmp(nameptr, "user") == 0) port->user_name = pstrdup(valptr);
else if (strcmp(nameptr, "options") == 0) port->cmdline_options = pstrdup(valptr);
else if (strcmp(nameptr, "replication") == 0) {
/* Due to backward compatibility concerns the replication parameter is a hybrid beast which allows the value to be either boolean or the string 'database'. The latter connects to a specific database which is e.g. required for logical decoding while. */
if (strcmp(valptr, "database") == 0) {
am_walsender = true; am_db_walsender = true;
}else if (!parse_bool(valptr, &am_walsender))
ereport(FATAL,(errcode(ERRCODE_INVALID_PARAMETER_VALUE), errmsg("invalid value for parameter \"%s\": \"%s\"","replication",valptr),errhint("Valid values are: \"false\", 0, \"true\", 1, \"database\".")));
}else if (strncmp(nameptr, "_pq_.", 5) == 0){
/* Any option beginning with _pq_. is reserved for use as a protocol-level option, but at present no such options are defined. 任何以 _pq_ 开头的选项。 保留用作协议级选项,但目前没有定义此类选项 */
unrecognized_protocol_options = lappend(unrecognized_protocol_options, pstrdup(nameptr));
}else{
/* Assume it's a generic GUC option */
port->guc_options = lappend(port->guc_options, pstrdup(nameptr));
port->guc_options = lappend(port->guc_options, pstrdup(valptr));
/* Copy application_name to port if we come across it. This is done so we can log the application_name in the connection authorization message. Note that the GUC would be used but we haven't gone through GUC setup yet. */
if (strcmp(nameptr, "application_name") == 0){
char *tmp_app_name = pstrdup(valptr);
pg_clean_ascii(tmp_app_name);
port->application_name = tmp_app_name;
}
}
offset = valoffset + strlen(valptr) + 1;
}

/* If we didn't find a packet terminator exactly at the end of the given packet length, complain. */
if (offset != len - 1)
ereport(FATAL,(errcode(ERRCODE_PROTOCOL_VIOLATION),errmsg("invalid startup packet layout: expected terminator as last byte")));

/* If the client requested a newer protocol version or if the client requested any protocol options we didn't recognize, let them know the newest minor protocol version we do support and the names of any unrecognized options. 如果客户端请求更新的协议版本,或者如果客户端请求任何我们无法识别的协议选项,请让他们知道我们支持的最新次要协议版本以及任何无法识别的选项的名称 */
if (PG_PROTOCOL_MINOR(proto) > PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST) || unrecognized_protocol_options != NIL)
SendNegotiateProtocolVersion(unrecognized_protocol_options);
}else{
/* Get the parameters from the old-style, fixed-width-fields startup packet as C strings. The packet destination was cleared first so a short packet has zeros silently added. We have to be prepared to truncate the pstrdup result for oversize fields, though. 从老式的固定宽度字段启动包中获取参数作为 C 字符串。 数据包目的地首先被清除,因此一个短数据包会默默地添加零。 但是,我们必须准备好截断超大字段的 pstrdup 结果。 */
StartupPacket *packet = (StartupPacket *) buf;
port->database_name = pstrdup(packet->database);
if (strlen(port->database_name) > sizeof(packet->database)) port->database_name[sizeof(packet->database)] = '\0';
port->user_name = pstrdup(packet->user);
if (strlen(port->user_name) > sizeof(packet->user)) port->user_name[sizeof(packet->user)] = '\0';
port->cmdline_options = pstrdup(packet->options);
if (strlen(port->cmdline_options) > sizeof(packet->options)) port->cmdline_options[sizeof(packet->options)] = '\0';
port->guc_options = NIL;
}

/* Check a user name was given. */
if (port->user_name == NULL || port->user_name[0] == '\0')
ereport(FATAL,(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), errmsg("no PostgreSQL user name specified in startup packet")));
/* The database defaults to the user name. */
if (port->database_name == NULL || port->database_name[0] == '\0') port->database_name = pstrdup(port->user_name);

if (Db_user_namespace) {
/* If user@, it is a global user, remove '@'. We only want to do this if there is an '@' at the end and no earlier in the user string or they may fake as a local user of another database attaching to this database. */
if (strchr(port->user_name, '@') == port->user_name + strlen(port->user_name) - 1)
*strchr(port->user_name, '@') = '\0';
else{ /* Append '@' and dbname */
port->user_name = psprintf("%s@%s", port->user_name, port->database_name);
}
}

/* Truncate given database and user names to length of a Postgres name. This avoids lookup failures when overlength names are given. */
if (strlen(port->database_name) >= NAMEDATALEN) port->database_name[NAMEDATALEN - 1] = '\0';
if (strlen(port->user_name) >= NAMEDATALEN) port->user_name[NAMEDATALEN - 1] = '\0';

/*
* Normal walsender backends, e.g. for streaming replication, are not
* connected to a particular database. But walsenders used for logical
* replication need to connect to a specific database. We allow streaming
* replication commands to be issued even if connected to a database as it
* can make sense to first make a basebackup and then stream changes
* starting from that.
*/
if (am_walsender && !am_db_walsender) port->database_name[0] = '\0';

/* Done putting stuff in TopMemoryContext. */
MemoryContextSwitchTo(oldcontext);

如果我们要由于数据库状态而拒绝连接,现在就说出来,而不是在身份验证交换上浪费周期。 (这也允许编写 pg_ping 实用程序。)

/* If we're going to reject the connection due to database state, say so now instead of wasting cycles on an authentication exchange. (This also allows a pg_ping utility to be written.) */
switch (port->canAcceptConnections){
case CAC_STARTUP:
ereport(FATAL,(errcode(ERRCODE_CANNOT_CONNECT_NOW), errmsg("the database system is starting up")));
break;
case CAC_SHUTDOWN:
ereport(FATAL,(errcode(ERRCODE_CANNOT_CONNECT_NOW),errmsg("the database system is shutting down")));
break;
case CAC_RECOVERY:
ereport(FATAL,(errcode(ERRCODE_CANNOT_CONNECT_NOW),errmsg("the database system is in recovery mode")));
break;
case CAC_TOOMANY:
ereport(FATAL,(errcode(ERRCODE_TOO_MANY_CONNECTIONS), errmsg("sorry, too many clients already")));
break;
case CAC_SUPERUSER: /* OK for now, will check in InitPostgres */ break;
case CAC_OK: break;
}
return STATUS_OK;

PostgreSQL 复制协议 https://www.postgresql.org/docs/current/protocol-replication.html
Postgres on the wire https://www.pgcon.org/2014/schedule/attachments/330_postgres-for-the-wire.pdf


精彩评论(0)

0 0 举报