postgres

History

Tom Lane 6708e447ef Clean up shm_mq cleanup. The logic around shm_mq_detach was a few bricks shy of a load, because (contrary to the comments for shm_mq_attach) all it did was update the shared shm_mq state. That left us leaking a bit of process-local memory, but much worse, the on_dsm_detach callback for shm_mq_detach was still armed. That means that whenever we ultimately detach from the DSM segment, we'd run shm_mq_detach again for already-detached, possibly long-dead queues. This accidentally fails to fail today, because we only ever re-use a shm_mq's memory for another shm_mq, and multiple detach attempts on the last such shm_mq are fairly harmless. But it's gonna bite us someday, so let's clean it up. To do that, change shm_mq_detach's API so it takes a shm_mq_handle not the underlying shm_mq. This makes the callers simpler in most cases anyway. Also fix a few places in parallel.c that were just pfree'ing the handle structs rather than doing proper cleanup. Back-patch to v10 because of the risk that the revenant shm_mq_detach callbacks would cause a live bug sometime. Since this is an API change, it's too late to do it in 9.6. (We could make a variant patch that preserves API, but I'm not excited enough to do that.) Discussion: https://postgr.es/m/8670.1504192177@sss.pgh.pa.us		8 years ago
..
Makefile	Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).	9 years ago
README.SSL	Remove useless whitespace at end of lines	15 years ago
auth-scram.c	Tweak some SCRAM error messages and code comments	9 years ago
auth.c	Don't allow logging in with empty password.	9 years ago
be-fsstubs.c	Require update permission for the large object written by lo_put().	9 years ago
be-secure-openssl.c	Final pgindent + perltidy run for v10.	9 years ago
be-secure.c	Always use 2048 bit DH parameters for OpenSSL ephemeral DH ciphers.	9 years ago
crypt.c	Don't allow logging in with empty password.	9 years ago
hba.c	Phase 3 of pgindent updates.	9 years ago
ifaddr.c	Phase 2 of pgindent updates.	9 years ago
pg_hba.conf.sample	Rename "scram" to "scram-sha-256" in pg_hba.conf and password_encryption.	9 years ago
pg_ident.conf.sample	Reformat the comments in pg_hba.conf and pg_ident.conf	16 years ago
pqcomm.c	Second try at fixing tcp_keepalives_idle option on Solaris.	9 years ago
pqformat.c	Update copyright via script for 2017	9 years ago
pqmq.c	Clean up shm_mq cleanup.	8 years ago
pqsignal.c	Update copyright via script for 2017	9 years ago

README.SSL

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------