v1-Allow-client-goaway.patch
text/x-patch
Filename: v1-Allow-client-goaway.patch
Type: text/x-patch
Part: 0
Patch
Same data as JSON:
GET /api/v1/attachments/:id/patch
the parsed metadata as JSON — format, series position, per-file stats; never the diff bytes.
API reference →
Format: unified
Series: patch v1
| File | + | − |
|---|---|---|
| src/backend/tcop/postgres.c | 48 | 0 |
| src/backend/utils/misc/guc_parameters.dat | 11 | 0 |
| src/include/storage/proc.h | 1 | 0 |
diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c
index 7a59e65f2d3..e05fa76f108 100644
--- a/src/backend/tcop/postgres.c
+++ b/src/backend/tcop/postgres.c
@@ -115,6 +115,8 @@ int client_connection_check_interval = 0;
/* flags for non-system relation kinds to restrict use */
int restrict_nonsystem_relation_kind;
+int auth_expiration_check_interval = 0;
+
/* ----------------
* private typedefs etc
* ----------------
@@ -4213,6 +4215,45 @@ PostgresSingleUserMain(int argc, char *argv[],
PostgresMain(dbname, username);
}
+/*
+ * check_auth_status_expired
+ *
+ * This function is a placeholder for the actual logic to determine if the
+ * user's authorization has expired or been revoked since the connection
+ * was established.
+ */
+static bool
+check_auth_status_expired(UserAuth auth_method)
+{
+ return false; /* Placeholder: Always returns false until implemented */
+}
+
+/*
+ * CheckSessionAuthorizationExpired
+ *
+ * Performs a periodic check to see if the session's external authorization
+ * has expired. If it has, the backend process is terminated with a FATAL error.
+ */
+static void
+CheckSessionAuthorizationExpired()
+{
+ static time_t last_check_time = 0;
+ time_t current_time = time(NULL);
+
+ if (current_time - last_check_time < auth_expiration_check_interval * 60)
+ return;
+
+ last_check_time = current_time;
+
+ if (check_auth_status_expired(MyClientConnectionInfo.auth_method))
+ {
+ StringInfoData buf;
+
+ pq_beginmessage(&buf, PqMsg_GoAway);
+ pq_endmessage(&buf);
+ pq_flush();
+ }
+}
/* ----------------------------------------------------------------
* PostgresMain
@@ -4651,6 +4692,13 @@ PostgresMain(const char *dbname, const char *username)
if (notifyInterruptPending)
ProcessNotifyInterrupt(false);
+ /*
+ * If the backend is about to wait for the next command (i.e., it's idle),
+ * this is the safest time to perform the external authorization check.
+ */
+ if (auth_expiration_check_interval > 0)
+ CheckSessionAuthorizationExpired();
+
/*
* Check if we need to report stats. If pgstat_report_stat()
* decides it's too soon to flush out pending stats / lock
diff --git a/src/backend/utils/misc/guc_parameters.dat b/src/backend/utils/misc/guc_parameters.dat
index 3b9d8349078..467c7687f28 100644
--- a/src/backend/utils/misc/guc_parameters.dat
+++ b/src/backend/utils/misc/guc_parameters.dat
@@ -113,6 +113,17 @@
boot_val => 'true',
},
+
+{ name => 'auth_expiration_check_interval', type => 'int', context => 'PGC_SIGHUP', group => 'CONN_AUTH_AUTH',
+ short_desc => 'Sets the periodic interval for checking a session external authorization status.',
+ long_desc => '0 disables the interval.',
+ flags => 'GUC_UNIT_MIN',
+ variable => 'auth_expiration_check_interval',
+ boot_val => '0',
+ min => '0',
+ max => 'INT_MAX',
+},
+
{ name => 'authentication_timeout', type => 'int', context => 'PGC_SIGHUP', group => 'CONN_AUTH_AUTH',
short_desc => 'Sets the maximum allowed time to complete client authentication.',
flags => 'GUC_UNIT_S',
diff --git a/src/include/storage/proc.h b/src/include/storage/proc.h
index c6f5ebceefd..a2c18c3b501 100644
--- a/src/include/storage/proc.h
+++ b/src/include/storage/proc.h
@@ -477,6 +477,7 @@ extern PGDLLIMPORT int IdleInTransactionSessionTimeout;
extern PGDLLIMPORT int TransactionTimeout;
extern PGDLLIMPORT int IdleSessionTimeout;
extern PGDLLIMPORT bool log_lock_waits;
+extern PGDLLIMPORT int auth_expiration_check_interval;
#ifdef EXEC_BACKEND
extern PGDLLIMPORT slock_t *ProcStructLock;