From 6647248e3708843be93c7ca670cd219fe8e61026 Mon Sep 17 00:00:00 2001 From: Andres Freund Date: Tue, 3 Feb 2015 22:54:48 +0100 Subject: Don't allow immediate interrupts during authentication anymore. We used to handle authentication_timeout by setting ImmediateInterruptOK to true during large parts of the authentication phase of a new connection. While that happens to work acceptably in practice, it's not particularly nice and has ugly corner cases. Previous commits converted the FE/BE communication to use latches and implemented support for interrupt handling during both send/recv. Building on top of that work we can get rid of ImmediateInterruptOK during authentication, by immediately treating timeouts during authentication as a reason to die. As die interrupts are handled immediately during client communication that provides a sensibly quick reaction time to authentication timeout. Additionally add a few CHECK_FOR_INTERRUPTS() to some more complex authentication methods. More could be added, but this already should provides a reasonable coverage. While it this overall increases the maximum time till a timeout is reacted to, it greatly reduces complexity and increases reliability. That seems like a overall win. If the increase proves to be noticeable we can deal with those cases by moving to nonblocking network code and add interrupt checking there. Reviewed-By: Heikki Linnakangas --- src/backend/libpq/crypt.c | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'src/backend/libpq/crypt.c') diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c index 599b63a48b..97be9443c0 100644 --- a/src/backend/libpq/crypt.c +++ b/src/backend/libpq/crypt.c @@ -47,13 +47,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass, Datum datum; bool isnull; - /* - * Disable immediate interrupts while doing database access. (Note we - * don't bother to turn this back on if we hit one of the failure - * conditions, since we can expect we'll just exit right away anyway.) - */ - ImmediateInterruptOK = false; - /* Get role info from pg_authid */ roleTup = SearchSysCache1(AUTHNAME, PointerGetDatum(role)); if (!HeapTupleIsValid(roleTup)) @@ -80,9 +73,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass, if (*shadow_pass == '\0') return STATUS_ERROR; /* empty password */ - /* Re-enable immediate response to SIGTERM/SIGINT/timeout interrupts */ - ImmediateInterruptOK = true; - /* And don't forget to detect one that already arrived */ CHECK_FOR_INTERRUPTS(); /* -- cgit v1.2.1