/* callback from SBuf */
bool client_proto(SBuf *sbuf, SBufEvent evtype, struct MBuf *data)
{
bool res = false;
PgSocket *client = container_of(sbuf, PgSocket, sbuf);
PktHdr pkt;
Assert(!is_server_socket(client));
Assert(client->sbuf.sock);
Assert(client->state != CL_FREE);
/* may happen if close failed */
if (client->state == CL_JUSTFREE)
return false;
switch (evtype) {
case SBUF_EV_CONNECT_OK:
case SBUF_EV_CONNECT_FAILED:
/* ^ those should not happen */
case SBUF_EV_RECV_FAILED:
disconnect_client(client, false, "client unexpected eof");
break;
case SBUF_EV_SEND_FAILED:
disconnect_server(client->link, false, "Server connection closed");
break;
case SBUF_EV_READ:
if (mbuf_avail_for_read(data) < NEW_HEADER_LEN && client->state != CL_LOGIN) {
slog_noise(client, "C: got partial header, trying to wait a bit");
return false;
}
if (!get_header(data, &pkt)) {
char hex[8*2 + 1];
disconnect_client(client, true, "bad packet header: '%s'",
hdr2hex(data, hex, sizeof(hex)));
return false;
}
slog_noise(client, "pkt='%c' len=%d", pkt_desc(&pkt), pkt.len);
client->request_time = get_cached_time();
switch (client->state) {
case CL_LOGIN:
res = handle_client_startup(client, &pkt);
break;
case CL_ACTIVE:
if (client->wait_for_welcome)
res = handle_client_startup(client, &pkt);
else
res = handle_client_work(client, &pkt);
break;
case CL_WAITING:
fatal("why waiting client in client_proto()");
default:
fatal("bad client state: %d", client->state);
}
break;
case SBUF_EV_FLUSH:
/* client is not interested in it */
break;
case SBUF_EV_PKT_CALLBACK:
/* unused ATM */
break;
}
return res;
}
/* decide on packets of client in login phase */
static bool handle_client_startup(PgSocket *client, PktHdr *pkt)
{
const char *passwd;
const uint8_t *key;
bool ok;
SBuf *sbuf = &client->sbuf;
/* don't tolerate partial packets */
if (incomplete_pkt(pkt)) {
disconnect_client(client, true, "client sent partial pkt in startup phase");
return false;
}
if (client->wait_for_welcome) {
if (finish_client_login(client)) {
/* the packet was already parsed */
sbuf_prepare_skip(sbuf, pkt->len);
return true;
} else
return false;
}
switch (pkt->type) {
case PKT_SSLREQ:
slog_noise(client, "C: req SSL");
slog_noise(client, "P: nak");
/* reject SSL attempt */
if (!sbuf_answer(&client->sbuf, "N", 1)) {
disconnect_client(client, false, "failed to nak SSL");
return false;
}
break;
case PKT_STARTUP_V2:
disconnect_client(client, true, "Old V2 protocol not supported");
return false;
case PKT_STARTUP:
if (client->pool && !client->wait_for_user_conn && !client->wait_for_user) {
disconnect_client(client, true, "client re-sent startup pkt");
return false;
}
if (client->wait_for_user) {
client->wait_for_user = false;
if (!finish_set_pool(client, false))
return false;
} else if (!decide_startup_pool(client, pkt)) {
return false;
}
break;
case 'p': /* PasswordMessage */
/* haven't requested it */
if (cf_auth_type <= AUTH_TRUST) {
disconnect_client(client, true, "unrequested passwd pkt");
return false;
}
ok = mbuf_get_string(&pkt->data, &passwd);
if (ok && check_client_passwd(client, passwd)) {
if (!finish_client_login(client))
return false;
} else {
disconnect_client(client, true, "Auth failed");
return false;
}
break;
case PKT_CANCEL:
if (mbuf_avail_for_read(&pkt->data) == BACKENDKEY_LEN
&& mbuf_get_bytes(&pkt->data, BACKENDKEY_LEN, &key))
{
memcpy(client->cancel_key, key, BACKENDKEY_LEN);
accept_cancel_request(client);
} else
disconnect_client(client, false, "bad cancel request");
return false;
default:
disconnect_client(client, false, "bad packet");
return false;
}
sbuf_prepare_skip(sbuf, pkt->len);
client->request_time = get_cached_time();
return true;
}
/* decide on packets of logged-in client */
static bool handle_client_work(PgSocket *client, PktHdr *pkt)
{
SBuf *sbuf = &client->sbuf;
switch (pkt->type) {
/* one-packet queries */
case 'Q': /* Query */
if (cf_disable_pqexec) {
slog_error(client, "Client used 'Q' packet type.");
disconnect_client(client, true, "PQexec disallowed");
return false;
}
case 'F': /* FunctionCall */
/* request immediate response from server */
case 'H': /* Flush */
case 'S': /* Sync */
/* copy end markers */
case 'c': /* CopyDone(F/B) */
case 'f': /* CopyFail(F/B) */
/*
* extended protocol allows server (and thus pooler)
* to buffer packets until sync or flush is sent by client
*/
case 'P': /* Parse */
case 'E': /* Execute */
case 'C': /* Close */
case 'B': /* Bind */
case 'D': /* Describe */
case 'd': /* CopyData(F/B) */
/* update stats */
if (!client->query_start) {
client->pool->stats.request_count++;
client->query_start = get_cached_time();
}
if (client->pool->db->admin)
return admin_handle_client(client, pkt);
/* aquire server */
if (!find_server(client))
return false;
client->pool->stats.client_bytes += pkt->len;
/* tag the server as dirty */
client->link->ready = false;
client->link->idle_tx = false;
/* forward the packet */
sbuf_prepare_send(sbuf, &client->link->sbuf, pkt->len);
break;
/* client wants to go away */
default:
slog_error(client, "unknown pkt from client: %d/0x%x", pkt->type, pkt->type);
disconnect_client(client, true, "unknown pkt");
return false;
case 'X': /* Terminate */
disconnect_client(client, false, "client close request");
return false;
}
return true;
}
/* decide on packets of client in login phase */
static bool handle_client_startup(PgSocket *client, PktHdr *pkt)
{
const char *passwd;
const uint8_t *key;
bool ok;
bool is_unix = pga_is_unix(&client->remote_addr);
SBuf *sbuf = &client->sbuf;
/* don't tolerate partial packets */
if (incomplete_pkt(pkt)) {
disconnect_client(client, true, "client sent partial pkt in startup phase");
return false;
}
if (client->wait_for_welcome || client->wait_for_auth) {
if (finish_client_login(client)) {
/* the packet was already parsed */
sbuf_prepare_skip(sbuf, pkt->len);
return true;
} else {
return false;
}
}
switch (pkt->type) {
case PKT_SSLREQ:
slog_noise(client, "C: req SSL");
if (client->sbuf.tls) {
disconnect_client(client, false, "SSL req inside SSL");
return false;
}
if (cf_client_tls_sslmode != SSLMODE_DISABLED && !is_unix) {
slog_noise(client, "P: SSL ack");
if (!sbuf_answer(&client->sbuf, "S", 1)) {
disconnect_client(client, false, "failed to ack SSL");
return false;
}
if (!sbuf_tls_accept(&client->sbuf)) {
disconnect_client(client, false, "failed to accept SSL");
return false;
}
break;
}
/* reject SSL attempt */
slog_noise(client, "P: nak");
if (!sbuf_answer(&client->sbuf, "N", 1)) {
disconnect_client(client, false, "failed to nak SSL");
return false;
}
break;
case PKT_STARTUP_V2:
disconnect_client(client, true, "old V2 protocol not supported");
return false;
case PKT_STARTUP:
/* require SSL except on unix socket */
if (cf_client_tls_sslmode >= SSLMODE_REQUIRE && !client->sbuf.tls && !is_unix) {
disconnect_client(client, true, "SSL required");
return false;
}
if (client->pool && !client->wait_for_user_conn && !client->wait_for_user) {
disconnect_client(client, true, "client re-sent startup pkt");
return false;
}
if (client->wait_for_user) {
client->wait_for_user = false;
if (!finish_set_pool(client, false))
return false;
} else if (!decide_startup_pool(client, pkt)) {
return false;
}
break;
case 'p': /* PasswordMessage */
/* too early */
if (!client->auth_user) {
disconnect_client(client, true, "client password pkt before startup packet");
return false;
}
ok = mbuf_get_string(&pkt->data, &passwd);
if (ok) {
if (client->client_auth_type == AUTH_PAM) {
if (!sbuf_pause(&client->sbuf)) {
disconnect_client(client, true, "pause failed");
return false;
}
pam_auth_begin(client, passwd);
return false;
}
if (check_client_passwd(client, passwd)) {
if (!finish_client_login(client))
return false;
} else {
disconnect_client(client, true, "auth failed");
return false;
}
}
break;
case PKT_CANCEL:
if (mbuf_avail_for_read(&pkt->data) == BACKENDKEY_LEN
&& mbuf_get_bytes(&pkt->data, BACKENDKEY_LEN, &key))
{
memcpy(client->cancel_key, key, BACKENDKEY_LEN);
accept_cancel_request(client);
} else {
disconnect_client(client, false, "bad cancel request");
}
return false;
default:
disconnect_client(client, false, "bad packet");
return false;
}
sbuf_prepare_skip(sbuf, pkt->len);
client->request_time = get_cached_time();
return true;
}
