postgresql

History

Heikki Linnakangas 1f67078ea3 Add OpenTransientFile, with automatic cleanup at end-of-xact. Files opened with BasicOpenFile or PathNameOpenFile are not automatically cleaned up on error. That puts unnecessary burden on callers that only want to keep the file open for a short time. There is AllocateFile, but that returns a buffered FILE * stream, which in many cases is not the nicest API to work with. So add function called OpenTransientFile, which returns a unbuffered fd that's cleaned up like the FILE* returned by AllocateFile(). This plugs a few rare fd leaks in error cases: 1. copy_file() - fixed by by using OpenTransientFile instead of BasicOpenFile 2. XLogFileInit() - fixed by adding close() calls to the error cases. Can't use OpenTransientFile here because the fd is supposed to persist over transaction boundaries. 3. lo_import/lo_export - fixed by using OpenTransientFile instead of PathNameOpenFile. In addition to plugging those leaks, this replaces many BasicOpenFile() calls with OpenTransientFile() that were not leaking, because the code meticulously closed the file on error. That wasn't strictly necessary, but IMHO it's good for robustness. The same leaks exist in older versions, but given the rarity of the issues, I'm not backpatching this. Not yet, anyway - it might be good to backpatch later, after this mechanism has had some more testing in master branch.		2012-11-27 10:25:50 +02:00
..
Makefile	Remove cvs keywords from all files.	2010-09-20 22:08:53 +02:00
README.SSL	Remove useless whitespace at end of lines	2010-11-23 22:34:55 +02:00
auth.c	Improve some LDAP authentication error messages	2012-10-02 23:25:05 -04:00
be-fsstubs.c	Add OpenTransientFile, with automatic cleanup at end-of-xact.	2012-11-27 10:25:50 +02:00
be-secure.c	Remove unreachable code	2012-07-16 22:15:03 +03:00
crypt.c	Remove useless cast	2012-02-26 15:31:16 +02:00
hba.c	Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.	2012-09-21 17:54:39 +03:00
ip.c	getnameinfo_unix has to be taught not to insist on NI_NUMERIC flags, too.	2012-10-04 22:54:18 -04:00
md5.c	Update copyright notices for year 2012.	2012-01-01 18:01:58 -05:00
pg_hba.conf.sample	initdb: Add options --auth-local and --auth-host	2012-02-01 21:18:55 +02:00
pg_ident.conf.sample	Reformat the comments in pg_hba.conf and pg_ident.conf	2010-01-26 06:58:39 +00:00
pqcomm.c	Support having multiple Unix-domain sockets per postmaster.	2012-08-10 17:27:15 -04:00
pqformat.c	Update copyright notices for year 2012.	2012-01-01 18:01:58 -05:00
pqsignal.c	Update copyright notices for year 2012.	2012-01-01 18:01:58 -05:00

README.SSL

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------