/*-------------------------------------------------------------------------

 *

 * pqcomm.c

 *    Communication functions between the Frontend and the Backend

 *

 * These routines handle the low-level details of communication between

 * frontend and backend.  They just shove data across the communication

 * channel, and are ignorant of the semantics of the data.

 *

 * To emit an outgoing message, use the routines in pqformat.c to construct

 * the message in a buffer and then emit it in one call to pq_putmessage.

 * There are no functions to send raw bytes or partial messages; this

 * ensures that the channel will not be clogged by an incomplete message if

 * execution is aborted by ereport(ERROR) partway through the message.

 *

 * At one time, libpq was shared between frontend and backend, but now

 * the backend's "backend/libpq" is quite separate from "interfaces/libpq".

 * All that remains is similarities of names to trap the unwary...

 *

 * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group

 * Portions Copyright (c) 1994, Regents of the University of California

 *

 *  src/backend/libpq/pqcomm.c

 *

 *-------------------------------------------------------------------------

 */

/*------------------------

 * INTERFACE ROUTINES

 *

 * setup/teardown:

 *    ListenServerPort  - Open postmaster's server port

 *    AcceptConnection  - Accept new connection with client

 *    TouchSocketFiles  - Protect socket files against /tmp cleaners

 *    pq_init       - initialize libpq at backend startup

 *    socket_comm_reset - reset libpq during error recovery

 *    socket_close    - shutdown libpq at backend exit

 *

 * low-level I/O:

 *    pq_getbytes   - get a known number of bytes from connection

 *    pq_getmessage - get a message with length word from connection

 *    pq_getbyte    - get next byte from connection

 *    pq_peekbyte   - peek at next byte from connection

 *    pq_flush    - flush pending output

 *    pq_flush_if_writable - flush pending output if writable without blocking

 *    pq_getbyte_if_available - get a byte if available without blocking

 *

 * message-level I/O

 *    pq_putmessage - send a normal message (suppressed in COPY OUT mode)

 *    pq_putmessage_noblock - buffer a normal message (suppressed in COPY OUT)

 *

 *------------------------

 */

#include "postgres.h"

#ifdef HAVE_POLL_H

#include <poll.h>

#endif

#include <signal.h>

#include <fcntl.h>

#include <grp.h>

#include <unistd.h>

#include <sys/file.h>

#include <sys/socket.h>

#include <sys/stat.h>

#include <sys/time.h>

#include <netdb.h>

#include <netinet/in.h>

#include <netinet/tcp.h>

#include <utime.h>

#ifdef WIN32

#include <mstcpip.h>

#endif

#include "common/ip.h"

#include "libpq/libpq.h"

#include "miscadmin.h"

#include "port/pg_bswap.h"

#include "postmaster/postmaster.h"

#include "storage/ipc.h"

#include "utils/guc_hooks.h"

#include "utils/memutils.h"

/*

 * Cope with the various platform-specific ways to spell TCP keepalive socket

 * options.  This doesn't cover Windows, which as usual does its own thing.

 */

#if defined(TCP_KEEPIDLE)

/* TCP_KEEPIDLE is the name of this option on Linux and *BSD */

#define PG_TCP_KEEPALIVE_IDLE TCP_KEEPIDLE

#define PG_TCP_KEEPALIVE_IDLE_STR "TCP_KEEPIDLE"

#elif defined(TCP_KEEPALIVE_THRESHOLD)

/* TCP_KEEPALIVE_THRESHOLD is the name of this option on Solaris >= 11 */

#define PG_TCP_KEEPALIVE_IDLE TCP_KEEPALIVE_THRESHOLD

#define PG_TCP_KEEPALIVE_IDLE_STR "TCP_KEEPALIVE_THRESHOLD"

#elif defined(TCP_KEEPALIVE) && defined(__darwin__)

/* TCP_KEEPALIVE is the name of this option on macOS */

/* Caution: Solaris has this symbol but it means something different */

#define PG_TCP_KEEPALIVE_IDLE TCP_KEEPALIVE

#define PG_TCP_KEEPALIVE_IDLE_STR "TCP_KEEPALIVE"

#endif

/*

 * Configuration options

 */

int     Unix_socket_permissions;

char     *Unix_socket_group;

/* Where the Unix socket files are (list of palloc'd strings) */

static List *sock_paths = NIL;

/*

 * Buffers for low-level I/O.

 *

 * The receive buffer is fixed size. Send buffer is usually 8k, but can be

 * enlarged by pq_putmessage_noblock() if the message doesn't fit otherwise.

 */

#define PQ_SEND_BUFFER_SIZE 8192

#define PQ_RECV_BUFFER_SIZE 8192

static char *PqSendBuffer;

static int  PqSendBufferSize; /* Size send buffer */

static size_t PqSendPointer;  /* Next index to store a byte in PqSendBuffer */

static size_t PqSendStart;    /* Next index to send a byte in PqSendBuffer */

static char PqRecvBuffer[PQ_RECV_BUFFER_SIZE];

static int  PqRecvPointer;    /* Next index to read a byte from PqRecvBuffer */

static int  PqRecvLength;   /* End of data available in PqRecvBuffer */

/*

 * Message status

 */

static bool PqCommBusy;     /* busy sending data to the client */

static bool PqCommReadingMsg; /* in the middle of reading a message */

/* Internal functions */

static void socket_comm_reset(void);

static void socket_close(int code, Datum arg);

static void socket_set_nonblocking(bool nonblocking);

static int  socket_flush(void);

static int  socket_flush_if_writable(void);

static bool socket_is_send_pending(void);

static int  socket_putmessage(char msgtype, const char *s, size_t len);

static void socket_putmessage_noblock(char msgtype, const char *s, size_t len);

static inline int internal_putbytes(const void *b, size_t len);

static inline int internal_flush(void);

static pg_noinline int internal_flush_buffer(const char *buf, size_t *start,

                       size_t *end);

static int  Lock_AF_UNIX(const char *unixSocketDir, const char *unixSocketPath);

static int  Setup_AF_UNIX(const char *sock_path);

static const PQcommMethods PqCommSocketMethods = {

  .comm_reset = socket_comm_reset,

  .flush = socket_flush,

  .flush_if_writable = socket_flush_if_writable,

  .is_send_pending = socket_is_send_pending,

  .putmessage = socket_putmessage,

  .putmessage_noblock = socket_putmessage_noblock

};

const PQcommMethods *PqCommMethods = &PqCommSocketMethods;

WaitEventSet *FeBeWaitSet;

/* --------------------------------

 *    pq_init - initialize libpq at backend startup

 * --------------------------------

 */

Port *

pq_init(ClientSocket *client_sock)

{

  Port     *port;

  int     socket_pos PG_USED_FOR_ASSERTS_ONLY;

  int     latch_pos PG_USED_FOR_ASSERTS_ONLY;

  /* allocate the Port struct and copy the ClientSocket contents to it */

  port = palloc0(sizeof(Port));

  port->sock = client_sock->sock;

  memcpy(&port->raddr.addr, &client_sock->raddr.addr, client_sock->raddr.salen);

  port->raddr.salen = client_sock->raddr.salen;

  /* fill in the server (local) address */

  port->laddr.salen = sizeof(port->laddr.addr);

  if (getsockname(port->sock,

          (struct sockaddr *) &port->laddr.addr,

          &port->laddr.salen) < 0)

  {

    ereport(FATAL,

        (errmsg("%s() failed: %m", "getsockname")));

  }

  /* select NODELAY and KEEPALIVE options if it's a TCP connection */

  if (port->laddr.addr.ss_family != AF_UNIX)

  {

    int     on;

#ifdef WIN32

    int     oldopt;

    int     optlen;

    int     newopt;

#endif

#ifdef  TCP_NODELAY

    on = 1;

    if (setsockopt(port->sock, IPPROTO_TCP, TCP_NODELAY,

             (char *) &on, sizeof(on)) < 0)

    {

      ereport(FATAL,

          (errmsg("%s(%s) failed: %m", "setsockopt", "TCP_NODELAY")));

    }

#endif

    on = 1;

    if (setsockopt(port->sock, SOL_SOCKET, SO_KEEPALIVE,

             (char *) &on, sizeof(on)) < 0)

    {

      ereport(FATAL,

          (errmsg("%s(%s) failed: %m", "setsockopt", "SO_KEEPALIVE")));

    }

#ifdef WIN32

    /*

     * This is a Win32 socket optimization.  The OS send buffer should be

     * large enough to send the whole Postgres send buffer in one go, or

     * performance suffers.  The Postgres send buffer can be enlarged if a

     * very large message needs to be sent, but we won't attempt to

     * enlarge the OS buffer if that happens, so somewhat arbitrarily

     * ensure that the OS buffer is at least PQ_SEND_BUFFER_SIZE * 4.

     * (That's 32kB with the current default).

     *

     * The default OS buffer size used to be 8kB in earlier Windows

     * versions, but was raised to 64kB in Windows 2012.  So it shouldn't

     * be necessary to change it in later versions anymore.  Changing it

     * unnecessarily can even reduce performance, because setting

     * SO_SNDBUF in the application disables the "dynamic send buffering"

     * feature that was introduced in Windows 7.  So before fiddling with

     * SO_SNDBUF, check if the current buffer size is already large enough

     * and only increase it if necessary.

     *

     * See https://support.microsoft.com/kb/823764/EN-US/ and

     * https://msdn.microsoft.com/en-us/library/bb736549%28v=vs.85%29.aspx

     */

    optlen = sizeof(oldopt);

    if (getsockopt(port->sock, SOL_SOCKET, SO_SNDBUF, (char *) &oldopt,

             &optlen) < 0)

    {

      ereport(FATAL,

          (errmsg("%s(%s) failed: %m", "getsockopt", "SO_SNDBUF")));

    }

    newopt = PQ_SEND_BUFFER_SIZE * 4;

    if (oldopt < newopt)

    {

      if (setsockopt(port->sock, SOL_SOCKET, SO_SNDBUF, (char *) &newopt,

               sizeof(newopt)) < 0)

      {

        ereport(FATAL,

            (errmsg("%s(%s) failed: %m", "setsockopt", "SO_SNDBUF")));

      }

    }

#endif

    /*

     * Also apply the current keepalive parameters.  If we fail to set a

     * parameter, don't error out, because these aren't universally

     * supported.  (Note: you might think we need to reset the GUC

     * variables to 0 in such a case, but it's not necessary because the

     * show hooks for these variables report the truth anyway.)

     */

    (void) pq_setkeepalivesidle(tcp_keepalives_idle, port);

    (void) pq_setkeepalivesinterval(tcp_keepalives_interval, port);

    (void) pq_setkeepalivescount(tcp_keepalives_count, port);

    (void) pq_settcpusertimeout(tcp_user_timeout, port);

  }

  /* initialize state variables */

  PqSendBufferSize = PQ_SEND_BUFFER_SIZE;

  PqSendBuffer = MemoryContextAlloc(TopMemoryContext, PqSendBufferSize);

  PqSendPointer = PqSendStart = PqRecvPointer = PqRecvLength = 0;

  PqCommBusy = false;

  PqCommReadingMsg = false;

  /* set up process-exit hook to close the socket */

  on_proc_exit(socket_close, 0);

  /*

   * In backends (as soon as forked) we operate the underlying socket in

   * nonblocking mode and use latches to implement blocking semantics if

   * needed. That allows us to provide safely interruptible reads and

   * writes.

   */

#ifndef WIN32

  if (!pg_set_noblock(port->sock))

    ereport(FATAL,

        (errmsg("could not set socket to nonblocking mode: %m")));

#endif

#ifndef WIN32

  /* Don't give the socket to any subprograms we execute. */

  if (fcntl(port->sock, F_SETFD, FD_CLOEXEC) < 0)

    elog(FATAL, "fcntl(F_SETFD) failed on socket: %m");

#endif

  FeBeWaitSet = CreateWaitEventSet(NULL, FeBeWaitSetNEvents);

  socket_pos = AddWaitEventToSet(FeBeWaitSet, WL_SOCKET_WRITEABLE,

                   port->sock, NULL, NULL);

  latch_pos = AddWaitEventToSet(FeBeWaitSet, WL_LATCH_SET, PGINVALID_SOCKET,

                  MyLatch, NULL);

  AddWaitEventToSet(FeBeWaitSet, WL_POSTMASTER_DEATH, PGINVALID_SOCKET,

            NULL, NULL);

  /*

   * The event positions match the order we added them, but let's sanity

   * check them to be sure.

   */

  Assert(socket_pos == FeBeWaitSetSocketPos);

  Assert(latch_pos == FeBeWaitSetLatchPos);

  return port;

}

/* --------------------------------

 *    socket_comm_reset - reset libpq during error recovery

 *

 * This is called from error recovery at the outer idle loop.  It's

 * just to get us out of trouble if we somehow manage to elog() from

 * inside a pqcomm.c routine (which ideally will never happen, but...)

 * --------------------------------

 */

static void

socket_comm_reset(void)

{

  /* Do not throw away pending data, but do reset the busy flag */

  PqCommBusy = false;

}

/* --------------------------------

 *    socket_close - shutdown libpq at backend exit

 *

 * This is the one pg_on_exit_callback in place during BackendInitialize().

 * That function's unusual signal handling constrains that this callback be

 * safe to run at any instant.

 * --------------------------------

 */

static void

socket_close(int code, Datum arg)

{

  /* Nothing to do in a standalone backend, where MyProcPort is NULL. */

  if (MyProcPort != NULL)

  {

#ifdef ENABLE_GSS

    /*

     * Shutdown GSSAPI layer.  This section does nothing when interrupting

     * BackendInitialize(), because pg_GSS_recvauth() makes first use of

     * "ctx" and "cred".

     *

     * Note that we don't bother to free MyProcPort->gss, since we're

     * about to exit anyway.

     */

    if (MyProcPort->gss)

    {

      OM_uint32 min_s;

      if (MyProcPort->gss->ctx != GSS_C_NO_CONTEXT)

        gss_delete_sec_context(&min_s, &MyProcPort->gss->ctx, NULL);

      if (MyProcPort->gss->cred != GSS_C_NO_CREDENTIAL)

        gss_release_cred(&min_s, &MyProcPort->gss->cred);

    }

#endif              /* ENABLE_GSS */

    /*

     * Cleanly shut down SSL layer.  Nowhere else does a postmaster child

     * call this, so this is safe when interrupting BackendInitialize().

     */

    secure_close(MyProcPort);

    /*

     * Formerly we did an explicit close() here, but it seems better to

     * leave the socket open until the process dies.  This allows clients

     * to perform a "synchronous close" if they care --- wait till the

     * transport layer reports connection closure, and you can be sure the

     * backend has exited.

     *

     * We do set sock to PGINVALID_SOCKET to prevent any further I/O,

     * though.

     */

    MyProcPort->sock = PGINVALID_SOCKET;

  }

}

/* --------------------------------

 * Postmaster functions to handle sockets.

 * --------------------------------

 */

/*

 * ListenServerPort -- open a "listening" port to accept connections.

 *

 * family should be AF_UNIX or AF_UNSPEC; portNumber is the port number.

 * For AF_UNIX ports, hostName should be NULL and unixSocketDir must be

 * specified.  For TCP ports, hostName is either NULL for all interfaces or

 * the interface to listen on, and unixSocketDir is ignored (can be NULL).

 *

 * Successfully opened sockets are appended to the ListenSockets[] array.  On

 * entry, *NumListenSockets holds the number of elements currently in the

 * array, and it is updated to reflect the opened sockets.  MaxListen is the

 * allocated size of the array.

 *

 * RETURNS: STATUS_OK or STATUS_ERROR

 */

int

ListenServerPort(int family, const char *hostName, unsigned short portNumber,

         const char *unixSocketDir,

         pgsocket ListenSockets[], int *NumListenSockets, int MaxListen)

{

  pgsocket  fd;

  int     err;

  int     maxconn;

  int     ret;

  char    portNumberStr[32];

  const char *familyDesc;

  char    familyDescBuf[64];

  const char *addrDesc;

  char    addrBuf[NI_MAXHOST];

  char     *service;

  struct addrinfo *addrs = NULL,

         *addr;

  struct addrinfo hint;

  int     added = 0;

  char    unixSocketPath[MAXPGPATH];

#if !defined(WIN32) || defined(IPV6_V6ONLY)

  int     one = 1;

#endif

  /* Initialize hint structure */

  MemSet(&hint, 0, sizeof(hint));

  hint.ai_family = family;

  hint.ai_flags = AI_PASSIVE;

  hint.ai_socktype = SOCK_STREAM;

  if (family == AF_UNIX)

  {

    /*

     * Create unixSocketPath from portNumber and unixSocketDir and lock

     * that file path

     */

    UNIXSOCK_PATH(unixSocketPath, portNumber, unixSocketDir);

    if (strlen(unixSocketPath) >= UNIXSOCK_PATH_BUFLEN)

    {

      ereport(LOG,

          (errmsg("Unix-domain socket path \"%s\" is too long (maximum %d bytes)",

              unixSocketPath,

              (int) (UNIXSOCK_PATH_BUFLEN - 1))));

      return STATUS_ERROR;

    }

    if (Lock_AF_UNIX(unixSocketDir, unixSocketPath) != STATUS_OK)

      return STATUS_ERROR;

    service = unixSocketPath;

  }

  else

  {

    snprintf(portNumberStr, sizeof(portNumberStr), "%d", portNumber);

    service = portNumberStr;

  }

  ret = pg_getaddrinfo_all(hostName, service, &hint, &addrs);

  if (ret || !addrs)

  {

    if (hostName)

      ereport(LOG,

          (errmsg("could not translate host name \"%s\", service \"%s\" to address: %s",

              hostName, service, gai_strerror(ret))));

    else

      ereport(LOG,

          (errmsg("could not translate service \"%s\" to address: %s",

              service, gai_strerror(ret))));

    if (addrs)

      pg_freeaddrinfo_all(hint.ai_family, addrs);

    return STATUS_ERROR;

  }

  for (addr = addrs; addr; addr = addr->ai_next)

  {

    if (family != AF_UNIX && addr->ai_family == AF_UNIX)

    {

      /*

       * Only set up a unix domain socket when they really asked for it.

       * The service/port is different in that case.

       */

      continue;

    }

    /* See if there is still room to add 1 more socket. */

    if (*NumListenSockets == MaxListen)

    {

      ereport(LOG,

          (errmsg("could not bind to all requested addresses: MAXLISTEN (%d) exceeded",

              MaxListen)));

      break;

    }

    /* set up address family name for log messages */

    switch (addr->ai_family)

    {

      case AF_INET:

        familyDesc = _("IPv4");

        break;

      case AF_INET6:

        familyDesc = _("IPv6");

        break;

      case AF_UNIX:

        familyDesc = _("Unix");

        break;

      default:

        snprintf(familyDescBuf, sizeof(familyDescBuf),

             _("unrecognized address family %d"),

             addr->ai_family);

        familyDesc = familyDescBuf;

        break;

    }

    /* set up text form of address for log messages */

    if (addr->ai_family == AF_UNIX)

      addrDesc = unixSocketPath;

    else

    {

      pg_getnameinfo_all((const struct sockaddr_storage *) addr->ai_addr,

                 addr->ai_addrlen,

                 addrBuf, sizeof(addrBuf),

                 NULL, 0,

                 NI_NUMERICHOST);

      addrDesc = addrBuf;

    }

    if ((fd = socket(addr->ai_family, SOCK_STREAM, 0)) == PGINVALID_SOCKET)

    {

      ereport(LOG,

          (errcode_for_socket_access(),

      /* translator: first %s is IPv4, IPv6, or Unix */

           errmsg("could not create %s socket for address \"%s\": %m",

              familyDesc, addrDesc)));

      continue;

    }

#ifndef WIN32

    /* Don't give the listen socket to any subprograms we execute. */

    if (fcntl(fd, F_SETFD, FD_CLOEXEC) < 0)

      elog(FATAL, "fcntl(F_SETFD) failed on socket: %m");

    /*

     * Without the SO_REUSEADDR flag, a new postmaster can't be started

     * right away after a stop or crash, giving "address already in use"

     * error on TCP ports.

     *

     * On win32, however, this behavior only happens if the

     * SO_EXCLUSIVEADDRUSE is set. With SO_REUSEADDR, win32 allows

     * multiple servers to listen on the same address, resulting in

     * unpredictable behavior. With no flags at all, win32 behaves as Unix

     * with SO_REUSEADDR.

     */

    if (addr->ai_family != AF_UNIX)

    {

      if ((setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,

              (char *) &one, sizeof(one))) == -1)

      {

        ereport(LOG,

            (errcode_for_socket_access(),

        /* translator: third %s is IPv4 or IPv6 */

             errmsg("%s(%s) failed for %s address \"%s\": %m",

                "setsockopt", "SO_REUSEADDR",

                familyDesc, addrDesc)));

        closesocket(fd);

        continue;

      }

    }

#endif

#ifdef IPV6_V6ONLY

    if (addr->ai_family == AF_INET6)

    {

      if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,

               (char *) &one, sizeof(one)) == -1)

      {

        ereport(LOG,

            (errcode_for_socket_access(),

        /* translator: third %s is IPv6 */

             errmsg("%s(%s) failed for %s address \"%s\": %m",

                "setsockopt", "IPV6_V6ONLY",

                familyDesc, addrDesc)));

        closesocket(fd);

        continue;

      }

    }

#endif

    /*

     * Note: This might fail on some OS's, like Linux older than

     * 2.4.21-pre3, that don't have the IPV6_V6ONLY socket option, and map

     * ipv4 addresses to ipv6.  It will show ::ffff:ipv4 for all ipv4

     * connections.

     */

    err = bind(fd, addr->ai_addr, addr->ai_addrlen);

    if (err < 0)

    {

      int     saved_errno = errno;

      ereport(LOG,

          (errcode_for_socket_access(),

      /* translator: first %s is IPv4, IPv6, or Unix */

           errmsg("could not bind %s address \"%s\": %m",

              familyDesc, addrDesc),

           saved_errno == EADDRINUSE ?

           (addr->ai_family == AF_UNIX ?

            errhint("Is another postmaster already running on port %d?",

                (int) portNumber) :

            errhint("Is another postmaster already running on port %d?"

                " If not, wait a few seconds and retry.",

                (int) portNumber)) : 0));

      closesocket(fd);

      continue;

    }

    if (addr->ai_family == AF_UNIX)

    {

      if (Setup_AF_UNIX(service) != STATUS_OK)

      {

        closesocket(fd);

        break;

      }

    }

    /*

     * Select appropriate accept-queue length limit.  It seems reasonable

     * to use a value similar to the maximum number of child processes

     * that the postmaster will permit.

     */

    maxconn = MaxConnections * 2;

    err = listen(fd, maxconn);

    if (err < 0)

    {

      ereport(LOG,

          (errcode_for_socket_access(),

      /* translator: first %s is IPv4, IPv6, or Unix */

           errmsg("could not listen on %s address \"%s\": %m",

              familyDesc, addrDesc)));

      closesocket(fd);

      continue;

    }

    if (addr->ai_family == AF_UNIX)

      ereport(LOG,

          (errmsg("listening on Unix socket \"%s\"",

              addrDesc)));

    else

      ereport(LOG,

      /* translator: first %s is IPv4 or IPv6 */

          (errmsg("listening on %s address \"%s\", port %d",

              familyDesc, addrDesc, (int) portNumber)));

    ListenSockets[*NumListenSockets] = fd;

    (*NumListenSockets)++;

    added++;

  }

  pg_freeaddrinfo_all(hint.ai_family, addrs);

  if (!added)

    return STATUS_ERROR;

  return STATUS_OK;

}

/*

 * Lock_AF_UNIX -- configure unix socket file path

 */

static int

Lock_AF_UNIX(const char *unixSocketDir, const char *unixSocketPath)

{

  /* no lock file for abstract sockets */

  if (unixSocketPath[0] == '@')

    return STATUS_OK;

  /*

   * Grab an interlock file associated with the socket file.

   *

   * Note: there are two reasons for using a socket lock file, rather than

   * trying to interlock directly on the socket itself.  First, it's a lot

   * more portable, and second, it lets us remove any pre-existing socket

   * file without race conditions.

   */

  CreateSocketLockFile(unixSocketPath, true, unixSocketDir);

  /*

   * Once we have the interlock, we can safely delete any pre-existing

   * socket file to avoid failure at bind() time.

   */

  (void) unlink(unixSocketPath);

  /*

   * Remember socket file pathnames for later maintenance.

   */

  sock_paths = lappend(sock_paths, pstrdup(unixSocketPath));

  return STATUS_OK;

}

/*

 * Setup_AF_UNIX -- configure unix socket permissions

 */

static int

Setup_AF_UNIX(const char *sock_path)

{

  /* no file system permissions for abstract sockets */

  if (sock_path[0] == '@')

    return STATUS_OK;

  /*

   * Fix socket ownership/permission if requested.  Note we must do this

   * before we listen() to avoid a window where unwanted connections could

   * get accepted.

   */

  Assert(Unix_socket_group);

  if (Unix_socket_group[0] != '\0')

  {

#ifdef WIN32

    elog(WARNING, "configuration item \"unix_socket_group\" is not supported on this platform");

#else

    char     *endptr;

    unsigned long val;

    gid_t   gid;

    val = strtoul(Unix_socket_group, &endptr, 10);

    if (*endptr == '\0')

    {           /* numeric group id */

      gid = val;

    }

    else

    {           /* convert group name to id */

      struct group *gr;

      gr = getgrnam(Unix_socket_group);

      if (!gr)

      {

        ereport(LOG,

            (errmsg("group \"%s\" does not exist",

                Unix_socket_group)));

        return STATUS_ERROR;

      }

      gid = gr->gr_gid;

    }

    if (chown(sock_path, -1, gid) == -1)

    {

      ereport(LOG,

          (errcode_for_file_access(),

           errmsg("could not set group of file \"%s\": %m",

              sock_path)));

      return STATUS_ERROR;

    }

#endif

  }

  if (chmod(sock_path, Unix_socket_permissions) == -1)

  {

    ereport(LOG,

        (errcode_for_file_access(),

         errmsg("could not set permissions of file \"%s\": %m",

            sock_path)));

    return STATUS_ERROR;

  }

  return STATUS_OK;

}

/*

 * AcceptConnection -- accept a new connection with client using

 *    server port.  Fills *client_sock with the FD and endpoint info

 *    of the new connection.

 *

 * ASSUME: that this doesn't need to be non-blocking because

 *    the Postmaster waits for the socket to be ready to accept().

 *

 * RETURNS: STATUS_OK or STATUS_ERROR

 */

int

AcceptConnection(pgsocket server_fd, ClientSocket *client_sock)

{

  /* accept connection and fill in the client (remote) address */

  client_sock->raddr.salen = sizeof(client_sock->raddr.addr);

  if ((client_sock->sock = accept(server_fd,

                  (struct sockaddr *) &client_sock->raddr.addr,

                  &client_sock->raddr.salen)) == PGINVALID_SOCKET)

  {

    ereport(LOG,

        (errcode_for_socket_access(),

         errmsg("could not accept new connection: %m")));

    /*

     * If accept() fails then postmaster.c will still see the server

     * socket as read-ready, and will immediately try again.  To avoid

     * uselessly sucking lots of CPU, delay a bit before trying again.

     * (The most likely reason for failure is being out of kernel file

     * table slots; we can do little except hope some will get freed up.)

     */

    pg_usleep(100000L);   /* wait 0.1 sec */

    return STATUS_ERROR;

  }

  return STATUS_OK;

}

/*

 * TouchSocketFiles -- mark socket files as recently accessed

 *

 * This routine should be called every so often to ensure that the socket

 * files have a recent mod date (ordinary operations on sockets usually won't

 * change the mod date).  That saves them from being removed by

 * overenthusiastic /tmp-directory-cleaner daemons.  (Another reason we should

 * never have put the socket file in /tmp...)

 */

void

TouchSocketFiles(void)

{

  ListCell   *l;

  /* Loop through all created sockets... */

  foreach(l, sock_paths)

  {

    char     *sock_path = (char *) lfirst(l);

    /* Ignore errors; there's no point in complaining */

    (void) utime(sock_path, NULL);

  }

}

/*

 * RemoveSocketFiles -- unlink socket files at postmaster shutdown

 */

void

RemoveSocketFiles(void)

{

  ListCell   *l;

  /* Loop through all created sockets... */

  foreach(l, sock_paths)

  {

    char     *sock_path = (char *) lfirst(l);

    /* Ignore any error. */

    (void) unlink(sock_path);

  }

  /* Since we're about to exit, no need to reclaim storage */

  sock_paths = NIL;

}

/* --------------------------------

 * Low-level I/O routines begin here.

 *

 * These routines communicate with a frontend client across a connection

 * already established by the preceding routines.

 * --------------------------------

 */

/* --------------------------------

 *        socket_set_nonblocking - set socket blocking/non-blocking

 *

 * Sets the socket non-blocking if nonblocking is true, or sets it

 * blocking otherwise.

 * --------------------------------

 */

static void

socket_set_nonblocking(bool nonblocking)

{

  if (MyProcPort == NULL)

    ereport(ERROR,

        (errcode(ERRCODE_CONNECTION_DOES_NOT_EXIST),

         errmsg("there is no client connection")));

  MyProcPort->noblock = nonblocking;

}

/* --------------------------------

 *    pq_recvbuf - load some bytes into the input buffer

 *

 *    returns 0 if OK, EOF if trouble

 * --------------------------------

 */

static int

pq_recvbuf(void)

{

  if (PqRecvPointer > 0)

  {

    if (PqRecvLength > PqRecvPointer)

    {

      /* still some unread data, left-justify it in the buffer */

      memmove(PqRecvBuffer, PqRecvBuffer + PqRecvPointer,

          PqRecvLength - PqRecvPointer);

      PqRecvLength -= PqRecvPointer;

      PqRecvPointer = 0;

    }

    else

      PqRecvLength = PqRecvPointer = 0;

  }

  /* Ensure that we're in blocking mode */

  socket_set_nonblocking(false);

  /* Can fill buffer from PqRecvLength and upwards */

  for (;;)

  {

    int     r;

    errno = 0;

    r = secure_read(MyProcPort, PqRecvBuffer + PqRecvLength,

            PQ_RECV_BUFFER_SIZE - PqRecvLength);

    if (r < 0)

    {

      if (errno == EINTR)

        continue;   /* Ok if interrupted */

      /*

       * Careful: an ereport() that tries to write to the client would

       * cause recursion to here, leading to stack overflow and core

       * dump!  This message must go *only* to the postmaster log.

       *

       * If errno is zero, assume it's EOF and let the caller complain.

       */

      if (errno != 0)

        ereport(COMMERROR,

            (errcode_for_socket_access(),

             errmsg("could not receive data from client: %m")));

      return EOF;

    }

    if (r == 0)

    {

      /*

       * EOF detected.  We used to write a log message here, but it's

       * better to expect the ultimate caller to do that.

       */

      return EOF;

    }

    /* r contains number of bytes read, so just incr length */

    PqRecvLength += r;

    return 0;

  }

}

/* --------------------------------

 *    pq_getbyte  - get a single byte from connection, or return EOF

 * --------------------------------

 */

int

pq_getbyte(void)

{

  Assert(PqCommReadingMsg);

  while (PqRecvPointer >= PqRecvLength)

  {

    if (pq_recvbuf())   /* If nothing in buffer, then recv some */

      return EOF;     /* Failed to recv data */

  }

  return (unsigned char) PqRecvBuffer[PqRecvPointer++];

}