diff options
| -rw-r--r-- | src/backend/access/transam/parallel.c | 9 | ||||
| -rw-r--r-- | src/backend/access/transam/twophase.c | 2 | ||||
| -rw-r--r-- | src/backend/postmaster/autovacuum.c | 6 | ||||
| -rw-r--r-- | src/backend/storage/ipc/procarray.c | 4 | ||||
| -rw-r--r-- | src/backend/storage/lmgr/proc.c | 4 | ||||
| -rw-r--r-- | src/backend/utils/init/miscinit.c | 75 | ||||
| -rw-r--r-- | src/backend/utils/init/postinit.c | 40 | ||||
| -rw-r--r-- | src/include/miscadmin.h | 2 | ||||
| -rw-r--r-- | src/include/storage/proc.h | 2 |
9 files changed, 68 insertions, 76 deletions
diff --git a/src/backend/access/transam/parallel.c b/src/backend/access/transam/parallel.c index d1167cf5e80..4fdeb5c6f3a 100644 --- a/src/backend/access/transam/parallel.c +++ b/src/backend/access/transam/parallel.c @@ -1414,10 +1414,15 @@ ParallelWorkerMain(Datum main_arg) fps->session_user_is_superuser); SetCurrentRoleId(fps->outer_user_id, fps->role_is_superuser); - /* Restore database connection. */ + /* + * Restore database connection. We skip connection authorization checks, + * reasoning that (a) the leader checked these things when it started, and + * (b) we do not want parallel mode to cause these failures, because that + * would make use of parallel query plans not transparent to applications. + */ BackgroundWorkerInitializeConnectionByOid(fps->database_id, fps->authenticated_user_id, - 0); + BGWORKER_BYPASS_ALLOWCONN); /* * Set the client encoding to the database encoding, since that is what diff --git a/src/backend/access/transam/twophase.c b/src/backend/access/transam/twophase.c index f62aded79a7..16848fa226c 100644 --- a/src/backend/access/transam/twophase.c +++ b/src/backend/access/transam/twophase.c @@ -481,7 +481,7 @@ MarkAsPreparingGuts(GlobalTransaction gxact, TransactionId xid, const char *gid, proc->databaseId = databaseid; proc->roleId = owner; proc->tempNamespaceId = InvalidOid; - proc->isBackgroundWorker = false; + proc->isBackgroundWorker = true; proc->lwWaiting = LW_WS_NOT_WAITING; proc->lwWaitMode = 0; proc->waitLock = NULL; diff --git a/src/backend/postmaster/autovacuum.c b/src/backend/postmaster/autovacuum.c index 192837bfa36..e70f32d0ab4 100644 --- a/src/backend/postmaster/autovacuum.c +++ b/src/backend/postmaster/autovacuum.c @@ -1699,12 +1699,14 @@ AutoVacWorkerMain(int argc, char *argv[]) pgstat_report_autovac(dbid); /* - * Connect to the selected database + * Connect to the selected database, specifying no particular user, + * and ignoring datallowconn. Collect the database's name for + * display. * * Note: if we have selected a just-deleted database (due to using * stale stats info), we'll fail and exit here. */ - InitPostgres(NULL, dbid, NULL, InvalidOid, dbname, false); + InitPostgres(NULL, dbid, NULL, InvalidOid, dbname, true); SetProcessingMode(NormalProcessing); set_ps_display(dbname); ereport(DEBUG1, diff --git a/src/backend/storage/ipc/procarray.c b/src/backend/storage/ipc/procarray.c index 76093e6c162..7348e7a217a 100644 --- a/src/backend/storage/ipc/procarray.c +++ b/src/backend/storage/ipc/procarray.c @@ -3668,8 +3668,7 @@ CountDBBackends(Oid databaseid) } /* - * CountDBConnections --- counts database backends ignoring any background - * worker processes + * CountDBConnections --- counts database backends (only regular backends) */ int CountDBConnections(Oid databaseid) @@ -3741,6 +3740,7 @@ CancelDBBackends(Oid databaseid, ProcSignalReason sigmode, bool conflictPending) /* * CountUserBackends --- count backends that are used by specified user + * (only regular backends, not any type of background worker) */ int CountUserBackends(Oid roleid) diff --git a/src/backend/storage/lmgr/proc.c b/src/backend/storage/lmgr/proc.c index f62e622a7bf..f029100cd8b 100644 --- a/src/backend/storage/lmgr/proc.c +++ b/src/backend/storage/lmgr/proc.c @@ -393,7 +393,7 @@ InitProcess(void) MyProc->databaseId = InvalidOid; MyProc->roleId = InvalidOid; MyProc->tempNamespaceId = InvalidOid; - MyProc->isBackgroundWorker = IsBackgroundWorker; + MyProc->isBackgroundWorker = !AmRegularBackendProcess(); MyProc->delayChkpt = false; MyProc->delayChkptEnd = false; MyProc->statusFlags = 0; @@ -579,7 +579,7 @@ InitAuxiliaryProcess(void) MyProc->databaseId = InvalidOid; MyProc->roleId = InvalidOid; MyProc->tempNamespaceId = InvalidOid; - MyProc->isBackgroundWorker = IsBackgroundWorker; + MyProc->isBackgroundWorker = true; MyProc->delayChkpt = false; MyProc->delayChkptEnd = false; MyProc->statusFlags = 0; diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c index 9687bb45745..3a8bb94a5c0 100644 --- a/src/backend/utils/init/miscinit.c +++ b/src/backend/utils/init/miscinit.c @@ -721,6 +721,16 @@ InitializeSessionUserId(const char *rolename, Oid roleid) bool is_superuser; /* + * In a parallel worker, we don't have to do anything here. + * ParallelWorkerMain already set our output variables, and we aren't + * going to enforce either rolcanlogin or rolconnlimit. Furthermore, we + * don't really want to perform a catalog lookup for the role: we don't + * want to fail if it's been dropped. + */ + if (InitializingParallelWorker) + return; + + /* * Don't do scans if we're bootstrapping, none of the system catalogs * exist yet, and they should be owned by postgres anyway. */ @@ -735,34 +745,22 @@ InitializeSessionUserId(const char *rolename, Oid roleid) /* * Look up the role, either by name if that's given or by OID if not. - * Normally we have to fail if we don't find it, but in parallel workers - * just return without doing anything: all the critical work has been done - * already. The upshot of that is that if the role has been deleted, we - * will not enforce its rolconnlimit against parallel workers anymore. */ if (rolename != NULL) { roleTup = SearchSysCache1(AUTHNAME, PointerGetDatum(rolename)); if (!HeapTupleIsValid(roleTup)) - { - if (InitializingParallelWorker) - return; ereport(FATAL, (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), errmsg("role \"%s\" does not exist", rolename))); - } } else { roleTup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid)); if (!HeapTupleIsValid(roleTup)) - { - if (InitializingParallelWorker) - return; ereport(FATAL, (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), errmsg("role with OID %u does not exist", roleid))); - } } rform = (Form_pg_authid) GETSTRUCT(roleTup); @@ -770,33 +768,29 @@ InitializeSessionUserId(const char *rolename, Oid roleid) rname = NameStr(rform->rolname); is_superuser = rform->rolsuper; - /* In a parallel worker, ParallelWorkerMain already set these variables */ - if (!InitializingParallelWorker) - { - SetAuthenticatedUserId(roleid, is_superuser); + SetAuthenticatedUserId(roleid, is_superuser); - /* - * Set SessionUserId and related variables, including "role", via the - * GUC mechanisms. - * - * Note: ideally we would use PGC_S_DYNAMIC_DEFAULT here, so that - * session_authorization could subsequently be changed from - * pg_db_role_setting entries. Instead, session_authorization in - * pg_db_role_setting has no effect. Changing that would require - * solving two problems: - * - * 1. If pg_db_role_setting has values for both session_authorization - * and role, we could not be sure which order those would be applied - * in, and it would matter. - * - * 2. Sites may have years-old session_authorization entries. There's - * not been any particular reason to remove them. Ending the dormancy - * of those entries could seriously change application behavior, so - * only a major release should do that. - */ - SetConfigOption("session_authorization", rname, - PGC_BACKEND, PGC_S_OVERRIDE); - } + /* + * Set SessionUserId and related variables, including "role", via the GUC + * mechanisms. + * + * Note: ideally we would use PGC_S_DYNAMIC_DEFAULT here, so that + * session_authorization could subsequently be changed from + * pg_db_role_setting entries. Instead, session_authorization in + * pg_db_role_setting has no effect. Changing that would require solving + * two problems: + * + * 1. If pg_db_role_setting has values for both session_authorization and + * role, we could not be sure which order those would be applied in, and + * it would matter. + * + * 2. Sites may have years-old session_authorization entries. There's not + * been any particular reason to remove them. Ending the dormancy of + * those entries could seriously change application behavior, so only a + * major release should do that. + */ + SetConfigOption("session_authorization", rname, + PGC_BACKEND, PGC_S_OVERRIDE); /* * These next checks are not enforced when in standalone mode, so that @@ -815,7 +809,9 @@ InitializeSessionUserId(const char *rolename, Oid roleid) rname))); /* - * Check connection limit for this role. + * Check connection limit for this role. We enforce the limit only + * for regular backends, since other process types have their own + * PGPROC pools. * * There is a race condition here --- we create our PGPROC before * checking for other PGPROCs. If two backends did this at about the @@ -825,6 +821,7 @@ InitializeSessionUserId(const char *rolename, Oid roleid) * just document that the connection limit is approximate. */ if (rform->rolconnlimit >= 0 && + AmRegularBackendProcess() && !is_superuser && CountUserBackends(roleid) > rform->rolconnlimit) ereport(FATAL, diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index b865575bfda..2baf41a7cd6 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -22,7 +22,6 @@ #include "access/genam.h" #include "access/heapam.h" #include "access/htup_details.h" -#include "access/parallel.h" #include "access/session.h" #include "access/sysattr.h" #include "access/tableam.h" @@ -332,13 +331,13 @@ CheckMyDatabase(const char *name, bool am_superuser, bool override_allow_connect * These checks are not enforced when in standalone mode, so that there is * a way to recover from disabling all access to all databases, for * example "UPDATE pg_database SET datallowconn = false;". - * - * We do not enforce them for autovacuum worker processes either. */ - if (IsUnderPostmaster && !IsAutoVacuumWorkerProcess()) + if (IsUnderPostmaster) { /* * Check that the database is currently allowing connections. + * (Background processes can override this test and the next one by + * setting override_allow_connections.) */ if (!dbform->datallowconn && !override_allow_connections) ereport(FATAL, @@ -351,7 +350,7 @@ CheckMyDatabase(const char *name, bool am_superuser, bool override_allow_connect * is redundant, but since we have the flag, might as well check it * and save a few cycles.) */ - if (!am_superuser && + if (!am_superuser && !override_allow_connections && pg_database_aclcheck(MyDatabaseId, GetUserId(), ACL_CONNECT) != ACLCHECK_OK) ereport(FATAL, @@ -360,7 +359,9 @@ CheckMyDatabase(const char *name, bool am_superuser, bool override_allow_connect errdetail("User does not have CONNECT privilege."))); /* - * Check connection limit for this database. + * Check connection limit for this database. We enforce the limit + * only for regular backends, since other process types have their own + * PGPROC pools. * * There is a race condition here --- we create our PGPROC before * checking for other PGPROCs. If two backends did this at about the @@ -370,6 +371,7 @@ CheckMyDatabase(const char *name, bool am_superuser, bool override_allow_connect * just document that the connection limit is approximate. */ if (dbform->datconnlimit >= 0 && + AmRegularBackendProcess() && !am_superuser && CountDBConnections(MyDatabaseId) > dbform->datconnlimit) ereport(FATAL, @@ -773,23 +775,7 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username, else { InitializeSessionUserId(username, useroid); - - /* - * In a parallel worker, set am_superuser based on the - * authenticated user ID, not the current role. This is pretty - * dubious but it matches our historical behavior. Note that this - * value of am_superuser is used only for connection-privilege - * checks here and in CheckMyDatabase (we won't reach - * process_startup_options in a background worker). - * - * In other cases, there's been no opportunity for the current - * role to diverge from the authenticated user ID yet, so we can - * just rely on superuser() and avoid an extra catalog lookup. - */ - if (InitializingParallelWorker) - am_superuser = superuser_arg(GetAuthenticatedUserId()); - else - am_superuser = superuser(); + am_superuser = superuser(); } } else @@ -830,11 +816,11 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username, } /* - * The last few connection slots are reserved for superusers. Replication - * connections are drawn from slots reserved with max_wal_senders and not - * limited by max_connections or superuser_reserved_connections. + * The last few regular connection slots are reserved for superusers. We + * do not apply this limit to background processes, since they all have + * their own pools of PGPROC slots. */ - if (!am_superuser && !am_walsender && + if (AmRegularBackendProcess() && !am_superuser && ReservedBackends > 0 && !HaveNFreeProcs(ReservedBackends)) ereport(FATAL, diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h index 8f9a59f6e08..6c5d84891fe 100644 --- a/src/include/miscadmin.h +++ b/src/include/miscadmin.h @@ -340,6 +340,8 @@ typedef enum BackendType extern BackendType MyBackendType; +#define AmRegularBackendProcess() (MyBackendType == B_BACKEND) + extern const char *GetBackendTypeDesc(BackendType backendType); extern void SetDatabasePath(const char *path); diff --git a/src/include/storage/proc.h b/src/include/storage/proc.h index 9cc37aa0d93..02c12df699b 100644 --- a/src/include/storage/proc.h +++ b/src/include/storage/proc.h @@ -170,7 +170,7 @@ struct PGPROC Oid tempNamespaceId; /* OID of temp schema this backend is * using */ - bool isBackgroundWorker; /* true if background worker. */ + bool isBackgroundWorker; /* true if not a regular backend. */ /* * While in hot standby mode, shows that a conflict signal has been sent |