rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/backend/postmaster/postmaster.c

2904 lines
71 KiB
C
Raw Normal View History

Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
/*-------------------------------------------------------------------------
*
Change my-function-name-- to my_function_name, and optimizer renames.
1999-02-14 00:22:53 +01:00
* postmaster.c
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
* This program acts as a clearing house for requests to the
* POSTGRES system. Frontend programs send a startup message
* to the Postmaster and the postmaster uses the info in the
* message to setup a backend process.
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
*
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
* The postmaster also manages system-wide operations such as
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
* startup, shutdown, and periodic checkpoints. The postmaster
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
* itself doesn't do those operations, mind you --- it just forks
* off a subprocess to do them at the right times. It also takes
* care of resetting the system if a backend crashes.
*
* The postmaster process creates the shared memory and semaphore
* pools during startup, but as a rule does not touch them itself.
Katherine Ward wrote: > Changes to avoid collisions with WIN32 & MFC names... > 1. Renamed: > a. PROC => PGPROC > b. GetUserName() => GetUserNameFromId() > c. GetCurrentTime() => GetCurrentDateTime() > d. IGNORE => IGNORE_DTF in include/utils/datetime.h & utils/adt/datetim > > 2. Added _P to some lex/yacc tokens: > CONST, CHAR, DELETE, FLOAT, GROUP, IN, OUT Jan
2002-06-11 15:40:53 +02:00
* In particular, it is not a member of the PGPROC array of backends
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
* and so it cannot participate in lock-manager operations. Keeping
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
* the postmaster away from shared memory operations makes it simpler
* and more reliable. The postmaster is almost always able to recover
* from crashes of individual backends by resetting shared memory;
* if it did much with shared memory then it would be prone to crashing
* along with the backends.
*
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
* When a request message is received, we now fork() immediately.
* The child process performs authentication of the request, and
* then becomes a backend if successful. This allows the auth code
* to be written in a simple single-threaded style (as opposed to the
* crufty "poor man's multitasking" code that used to be needed).
* More importantly, it ensures that blockages in non-multithreaded
* libraries like SSL or PAM cannot cause denial of service to other
* clients.
*
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
*
Update copyright to 2002.
2002-06-20 22:29:54 +02:00
* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
Add: * Portions Copyright (c) 1996-2000, PostgreSQL, Inc to all files copyright Regents of Berkeley. Man, that's a lot of files.
2000-01-26 06:58:53 +01:00
* Portions Copyright (c) 1994, Regents of the University of California
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
*
*
* IDENTIFICATION
I think we're done with protocol instability, so mark server and libpq as speaking the one true 3.0 protocol.
2003-05-08 20:33:39 +02:00
* $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.324 2003/05/08 18:33:25 tgl Exp $
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
*
* NOTES
*
* Initialization:
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
* The Postmaster sets up a few shared memory data structures
* for the backends. It should at the very least initialize the
* lock manager.
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
*
* Synchronization:
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
* The Postmaster shares memory with the backends but should avoid
* touching shared memory, so as not to become stuck if a crashing
* backend screws up locks or shared memory. Likewise, the Postmaster
* should never block on messages from frontend clients.
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
*
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
* Garbage Collection:
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
* The Postmaster cleans up after backends if they have an emergency
* exit and/or core dump.
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
*
*-------------------------------------------------------------------------
*/
Revise aggregate functions per earlier discussions in pghackers. There's now only one transition value and transition function. NULL handling in aggregates is a lot cleaner. Also, use Numeric accumulators instead of integer accumulators for sum/avg on integer datatypes --- this avoids overflow at the cost of being a little slower. Implement VARIANCE() and STDDEV() aggregates in the standard backend. Also, enable new LIKE selectivity estimators by default. Unrelated change, but as long as I had to force initdb anyway...
2000-07-17 05:05:41 +02:00
New ps display code, works on more platforms. Install a default configuration file. Clean up some funny business in the config file code.
2000-06-04 03:44:38 +02:00
#include "postgres.h"
Re-add getopt.h check, remove NT-specific tests for it.
1999-07-19 04:27:16 +02:00
#include <unistd.h>
#include <signal.h>
#include <sys/wait.h>
#include <ctype.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <errno.h>
#include <fcntl.h>
Tweak includes to avoid compiler warning on HPUX.
2000-01-20 05:11:52 +01:00
#include <time.h>
Update #include cleanups
1999-07-16 05:14:30 +02:00
#include <sys/param.h>
Silence compiler warning caused by removal of netinet/in.h
2003-01-07 19:48:13 +01:00
#include <netinet/in.h>
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
#include <arpa/inet.h>
Update #include cleanups
1999-07-16 05:14:30 +02:00
#include <netdb.h>
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
#include <limits.h>
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
Another switch for configure: NEED_SYS_SELECT_H to HAVE_SYS_SELECT_H
1997-01-24 19:27:32 +01:00
#ifdef HAVE_SYS_SELECT_H
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
#include <sys/select.h>
#endif
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
Re-add getopt.h check, remove NT-specific tests for it.
1999-07-19 04:27:16 +02:00
#ifdef HAVE_GETOPT_H
Add -V option to backend, to show version, since --version doesn't seem to work everywhere. Also, on FreeBSD you need to set the optreset variable to 1 before parsing the command line a second time with getopt().
2000-11-06 23:18:10 +01:00
#include <getopt.h>
Apply Win32 patch from Horak Daniel.
1999-01-17 07:20:06 +01:00
#endif
New file naming. Database OID is used as "tablespace" id and relation OID is used as file node on creation but may be changed later if required. Regression Tests Approved (c) -:)))
2000-10-16 16:52:28 +02:00
#include "catalog/pg_database.h"
Final cleanup.
1999-07-16 07:00:38 +02:00
#include "commands/async.h"
#include "lib/dllist.h"
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
#include "libpq/auth.h"
Final cleanup.
1999-07-16 07:00:38 +02:00
#include "libpq/crypt.h"
#include "libpq/libpq.h"
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
#include "libpq/pqcomm.h"
pq/signal() portability patch. Also psql copy prompt fix.
1996-12-26 23:08:34 +01:00
#include "libpq/pqsignal.h"
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
#include "miscadmin.h"
Clean up Makefile, make sure that postmaster.c compiles
1996-11-03 05:48:27 +01:00
#include "nodes/nodes.h"
Major code cleanup following the pg_password insertion... ...malloc/free -> palloc/pfree ...fopen/fclose -> AllocateFile/FreeFile
1997-12-09 04:11:25 +01:00
#include "storage/fd.h"
Final cleanup.
1999-07-16 07:00:38 +02:00
#include "storage/ipc.h"
Pass shared memory id and socket descriptor number on command line for fork/exec.
2003-05-07 01:34:56 +02:00
#include "storage/pg_shmem.h"
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
#include "storage/pmsignal.h"
Final cleanup.
1999-07-16 07:00:38 +02:00
#include "storage/proc.h"
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
#include "access/xlog.h"
Final cleanup.
1999-07-16 07:00:38 +02:00
#include "tcop/tcopprot.h"
The heralded `Grand Unified Configuration scheme' (GUC) That means you can now set your options in either or all of $PGDATA/configuration, some postmaster option (--enable-fsync=off), or set a SET command. The list of options is in backend/utils/misc/guc.c, documentation will be written post haste. pg_options is gone, so is that pq_geqo config file. Also removed were backend -K, -Q, and -T options (no longer applicable, although -d0 does the same as -Q). Added to configure an --enable-syslog option. changed all callers from TPRINTF to elog(DEBUG)
2000-05-31 02:28:42 +02:00
#include "utils/guc.h"
Revise aggregate functions per earlier discussions in pghackers. There's now only one transition value and transition function. NULL handling in aggregates is a lot cleaner. Also, use Numeric accumulators instead of integer accumulators for sum/avg on integer datatypes --- this avoids overflow at the cost of being a little slower. Implement VARIANCE() and STDDEV() aggregates in the standard backend. Also, enable new LIKE selectivity estimators by default. Unrelated change, but as long as I had to force initdb anyway...
2000-07-17 05:05:41 +02:00
#include "utils/memutils.h"
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
#include "utils/ps_status.h"
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
#include "bootstrap/bootstrap.h"
Statistical system views (yet without the config stuff, but it's hard to keep such massive changes in sync with the tree so I need to get it in and work from there now). Jan
2001-06-22 21:16:24 +02:00
#include "pgstat.h"
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
#define INVALID_SOCK (-1)
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
#ifdef HAVE_SIGPROCMASK
sigset_t UnBlockSig,
Enable SIGTERM and SIGQUIT during client authentication so the postmaster can kill the forked off processes when shutdown is requested. Jan
2001-09-07 18:12:49 +02:00
BlockSig,
AuthBlockSig;
pgindent run.
2002-09-04 22:31:48 +02:00
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
#else
int UnBlockSig,
Enable SIGTERM and SIGQUIT during client authentication so the postmaster can kill the forked off processes when shutdown is requested. Jan
2001-09-07 18:12:49 +02:00
BlockSig,
AuthBlockSig;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
#endif
New host-based authentication -- send error message when authentication fails
1996-10-12 09:48:49 +02:00
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
/*
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
* List of active backends (or child processes anyway; we don't actually
* know whether a given child has become a backend or is still in the
* authorization phase). This is used mainly to keep track of how many
* children we have and send them appropriate signals when necessary.
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
*/
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
typedef struct bkend
{
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
pid_t pid; /* process id of backend */
Attached is a patch that fixes these leaks, and does a couple other things as well: * Computes and saves a cancel key for each backend. * fflush before forking, to eliminate double-buffering problems between postmaster and backends. Other cleanups. Tom Lane
1998-06-09 06:06:12 +02:00
long cancel_key; /* cancel key for cancels for this backend */
Add typdefs to pgindent run.
1997-09-08 22:59:27 +02:00
} Backend;
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
static Dllist *BackendList;
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
Keep track of the last active slot in the shared ProcState array, so that search loops only have to scan that far and not through all maxBackends entries. This eliminates a performance penalty for setting maxBackends much higher than the average number of active backends. Also, eliminate no-longer-used 'backend tag' concept. Remove setting of environment variables at backend start (except for CYR_RECODE), since none of them are being examined by the backend any longer.
2000-11-12 21:51:52 +01:00
/* The socket number we are listening for connections on */
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
int PostPortNumber;
char *UnixSocketDir;
char *VirtualHost;
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
Keep track of the last active slot in the shared ProcState array, so that search loops only have to scan that far and not through all maxBackends entries. This eliminates a performance penalty for setting maxBackends much higher than the average number of active backends. Also, eliminate no-longer-used 'backend tag' concept. Remove setting of environment variables at backend start (except for CYR_RECODE), since none of them are being examined by the backend any longer.
2000-11-12 21:51:52 +01:00
/*
Get rid of PID entries in shmem hash table; there is no longer any need for them, and making them just wastes time during backend startup/shutdown. Also, remove compile-time MAXBACKENDS limit per long-ago proposal. You can now set MaxBackends as high as your kernel can stand without any reconfiguration/recompilation.
2001-09-07 02:27:30 +02:00
* MaxBackends is the limit on the number of backends we can start.
Generate pg_config.h.in by autoheader. Separate out manually editable parts. Standardize spelling of comments in pg_config.h.
2003-04-07 00:45:23 +02:00
* Note that a larger MaxBackends value will increase the size of the
* shared memory area as well as cause the postmaster to grab more
* kernel semaphores, even if you never actually use that many
* backends.
Keep track of the last active slot in the shared ProcState array, so that search loops only have to scan that far and not through all maxBackends entries. This eliminates a performance penalty for setting maxBackends much higher than the average number of active backends. Also, eliminate no-longer-used 'backend tag' concept. Remove setting of environment variables at backend start (except for CYR_RECODE), since none of them are being examined by the backend any longer.
2000-11-12 21:51:52 +01:00
*/
Generate pg_config.h.in by autoheader. Separate out manually editable parts. Standardize spelling of comments in pg_config.h.
2003-04-07 00:45:23 +02:00
int MaxBackends;
Apply Bryan's IPC Patches From: Bryan Henderson <bryanh@giraffe.netgate.net>
1997-11-17 04:47:31 +01:00
This patch reserves the last superuser_reserved_connections slots for connections by the superuser only. This patch replaces the last patch I sent a couple of days ago. It closes a connection that has not been authorised by a superuser if it would leave less than the GUC variable ReservedBackends (superuser_reserved_connections in postgres.conf) backend process slots free in the SISeg. This differs to the first patch which only reserved the last ReservedBackends slots in the procState array. This has made the free slot test more expensive due to the use of a lock. After thinking about a comment on the first patch I've also made it a fatal error if the number of reserved slots is not less than the maximum number of connections. Nigel J. Andrews
2002-08-29 23:02:12 +02:00
/*
* ReservedBackends is the number of backends reserved for superuser use.
* This number is taken out of the pool size given by MaxBackends so
Code review for superuser_reserved_connections patch. Don't try to do database access outside a transaction; revert bogus performance improvement in SIBackendInit(); improve comments; add documentation (this part courtesy Neil Conway).
2002-11-21 07:36:08 +01:00
* number of backend slots available to non-superusers is
* (MaxBackends - ReservedBackends). Note what this really means is
* "if there are <= ReservedBackends connections available, only superusers
* can make new connections" --- pre-existing superuser connections don't
* count against the limit.
This patch reserves the last superuser_reserved_connections slots for connections by the superuser only. This patch replaces the last patch I sent a couple of days ago. It closes a connection that has not been authorised by a superuser if it would leave less than the GUC variable ReservedBackends (superuser_reserved_connections in postgres.conf) backend process slots free in the SISeg. This differs to the first patch which only reserved the last ReservedBackends slots in the procState array. This has made the free slot test more expensive due to the use of a lock. After thinking about a comment on the first patch I've also made it a fatal error if the number of reserved slots is not less than the maximum number of connections. Nigel J. Andrews
2002-08-29 23:02:12 +02:00
*/
Generate pg_config.h.in by autoheader. Separate out manually editable parts. Standardize spelling of comments in pg_config.h.
2003-04-07 00:45:23 +02:00
int ReservedBackends;
This patch reserves the last superuser_reserved_connections slots for connections by the superuser only. This patch replaces the last patch I sent a couple of days ago. It closes a connection that has not been authorised by a superuser if it would leave less than the GUC variable ReservedBackends (superuser_reserved_connections in postgres.conf) backend process slots free in the SISeg. This differs to the first patch which only reserved the last ReservedBackends slots in the procState array. This has made the free slot test more expensive due to the use of a lock. After thinking about a comment on the first patch I've also made it a fatal error if the number of reserved slots is not less than the maximum number of connections. Nigel J. Andrews
2002-08-29 23:02:12 +02:00
Allow maximum number of backends to be set at configure time (--with-maxbackends). Add a postmaster switch (-N backends) that allows the limit to be reduced at postmaster start time. (You can't increase it, sorry to say, because there are still some fixed-size arrays.) Grab the number of semaphores indicated by min(MAXBACKENDS, -N) at postmaster startup, so that this particular form of bogus configuration is exposed immediately rather than under heavy load.
1999-02-19 07:06:39 +01:00
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
static char *progname = (char *) NULL;
More startup/shutdown log messages.
1999-10-08 04:16:22 +02:00
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
/*
* Default Values
*/
Fix case issues with quotes.
1997-11-10 06:10:50 +01:00
static int ServerSock_INET = INVALID_SOCK; /* stream socket server */
pgindent run over code.
1999-05-25 18:15:34 +02:00
Introduce HAVE_UNIX_SOCKETS symbol to replace repeatedly listing all the unsupported platforms.
2000-08-20 12:55:35 +02:00
#ifdef HAVE_UNIX_SOCKETS
Fix case issues with quotes.
1997-11-10 06:10:50 +01:00
static int ServerSock_UNIX = INVALID_SOCK; /* stream socket server */
Apply Win32 patch from Horak Daniel.
1999-01-17 07:20:06 +01:00
#endif
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
Handle clog structure in shared memory in exec() case, for Win32.
2003-05-03 05:52:07 +02:00
/* Used to reduce macros tests */
#ifdef EXEC_BACKEND
const bool ExecBackend = true;
#else
const bool ExecBackend = false;
#endif
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
/*
* Set by the -o option
*/
Standardize on MAXPGPATH as the size of a file pathname buffer, eliminating some wildly inconsistent coding in various parts of the system. I set MAXPGPATH = 1024 in config.h.in. If anyone is really convinced that there ought to be a configure-time test to set the value, go right ahead ... but I think it's a waste of time.
1999-10-25 05:08:03 +02:00
static char ExtraOptions[MAXPGPATH];
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
/*
* These globals control the behavior of the postmaster in case some
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
* backend dumps core. Normally, it kills all peers of the dead backend
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
* and reinitializes shared memory. By specifying -s or -n, we can have
* the postmaster stop (rather than kill) peers and not reinitialize
* shared data structures.
*/
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
static bool Reinit = true;
postmaster/postgres options cleanup.
1998-05-27 20:32:05 +02:00
static int SendStop = false;
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
/* still more option variables */
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
bool NetServer = false; /* listen on TCP/IP */
bool EnableSSL = false;
bool SilentMode = false; /* silent mode (-S) */
Remove fork()/exec() and only do fork(). Small cleanups.
1998-05-29 19:00:34 +02:00
Add an overall timeout on the client authentication cycle, so that a hung client or lost connection can't indefinitely block a postmaster child (not to mention the possibility of deliberate DoS attacks). Timeout is controlled by new authentication_timeout GUC variable, which I set to 60 seconds by default ... does that seem reasonable?
2001-09-21 19:06:12 +02:00
int PreAuthDelay = 0;
int AuthenticationTimeout = 60;
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
int CheckPointTimeout = 300;
Add checkpoint_warning to warn of excessive checkpoints caused by too few WAL files.
2002-11-15 03:44:57 +01:00
int CheckPointWarning = 30;
time_t LastSignalledCheckpoint = 0;
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
Rename hostname_lookup to log_hostname.
2002-11-15 02:57:28 +01:00
bool log_hostname; /* for ps display */
Rename show_source_port to log_source_port.
2002-11-15 02:40:20 +01:00
bool LogSourcePort;
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
bool Log_connections = false;
Add db-local user names, per discussion on hackers.
2002-08-18 05:03:26 +02:00
bool Db_user_namespace = false;
> I can see a couple possible downsides: (a) the library might have some > weird behavior across fork boundaries; (b) the additional memory space > that has to be duplicated into child processes will cost something per > child launch, even if the child never uses it. But these are only > arguments that it might not *always* be a prudent thing to do, not that > we shouldn't give the DBA the tool to do it if he wants. So fire away. Here is a patch for the above, including a documentation update. It creates a new GUC variable "preload_libraries", that accepts a list in the form: preload_libraries = '$libdir/mylib1:initfunc,$libdir/mylib2' If ":initfunc" is omitted or not found, no initialization function is executed, but the library is still preloaded. If "$libdir/mylib" isn't found, the postmaster refuses to start. In my testing with PL/R, it reduces the first call to a PL/R function (after connecting) from almost 2 seconds, down to about 8 ms. Joe Conway
2003-03-20 05:51:44 +01:00
/* list of library:init-function to be preloaded */
char *preload_libraries_string = NULL;
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
/* Startup/shutdown state */
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
static pid_t StartupPID = 0,
ShutdownPID = 0,
CheckPointPID = 0;
static time_t checkpointed = 0;
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
#define NoShutdown 0
#define SmartShutdown 1
#define FastShutdown 2
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
static int Shutdown = NoShutdown;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
static bool FatalError = false; /* T if recovering from backend crash */
Remove fork()/exec() and only do fork(). Small cleanups.
1998-05-29 19:00:34 +02:00
pgindent run.
2002-09-04 22:31:48 +02:00
bool ClientAuthInProgress = false; /* T during new-client
* authentication */
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
Attached is a patch that fixes these leaks, and does a couple other things as well: * Computes and saves a cancel key for each backend. * fflush before forking, to eliminate double-buffering problems between postmaster and backends. Other cleanups. Tom Lane
1998-06-09 06:06:12 +02:00
/*
* State for assigning random salts and cancel keys.
* Also, the global MyCancelKey passes the cancel key assigned to a given
* backend from the postmaster to that backend (via fork).
*/
Add real random() call to postmaster for use in cancel.
1998-06-08 06:27:59 +02:00
static unsigned int random_seed = 0;
Pass postmaster -d down to the postgres backend to trigger special -d handling in the backend.
2002-09-26 07:17:00 +02:00
static int debug_flag = 0;
Add real random() call to postmaster for use in cancel.
1998-06-08 06:27:59 +02:00
extern char *optarg;
extern int optind,
opterr;
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
Add extern int optreset declaration, per bug report from <info@decc.nl>.
2001-04-19 21:09:23 +02:00
#ifdef HAVE_INT_OPTRESET
extern int optreset;
#endif
Add real random() call to postmaster for use in cancel.
1998-06-08 06:27:59 +02:00
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
/*
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
* postmaster.c - function prototypes
*/
Another round of those unportable config/build changes :-/ * Add option to build with OpenSSL out of the box. Fix thusly exposed bit rot. Although it compiles now, getting this to do something useful is left as an exercise. * Fix Kerberos options to defer checking for required libraries until all the other libraries are checked for. * Change default odbcinst.ini and krb5.srvtab path to PREFIX/etc. * Install work around for Autoconf's install-sh relative path anomaly. Get rid of old INSTL_*_OPTS variables, now that we don't need them anymore. * Use `gunzip -c' instead of g?zcat. Reportedly broke on AIX. * Look for only one of readline.h or readline/readline.h, not both. * Make check for PS_STRINGS cacheable. Don't test for the header files separately. * Disable fcntl(F_SETLK) test on Linux. * Substitute the standard GCC warnings set into CFLAGS in configure, don't add it on in Makefile.global. * Sweep through contrib tree to teach makefiles standard semantics. ... and in completely unrelated news: * Make postmaster.opts arbitrary options-aware. I still think we need to save the environment as well.
2000-07-09 15:14:19 +02:00
static void pmdaemonize(int argc, char *argv[]);
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
static Port *ConnCreate(int serverFd);
static void ConnFree(Port *port);
UUNET is looking into offering PostgreSQL as a part of a managed web hosting product, on both shared and dedicated machines. We currently offer Oracle and MySQL, and it would be a nice middle-ground. However, as shipped, PostgreSQL lacks the following features we need that MySQL has: 1. The ability to listen only on a particular IP address. Each hosting customer has their own IP address, on which all of their servers (http, ftp, real media, etc.) run. 2. The ability to place the Unix-domain socket in a mode 700 directory. This allows us to automatically create an empty database, with an empty DBA password, for new or upgrading customers without having to interactively set a DBA password and communicate it to (or from) the customer. This in turn cuts down our install and upgrade times. 3. The ability to connect to the Unix-domain socket from within a change-rooted environment. We run CGI programs chrooted to the user's home directory, which is another reason why we need to be able to specify where the Unix-domain socket is, instead of /tmp. 4. The ability to, if run as root, open a pid file in /var/run as root, and then setuid to the desired user. (mysqld -u can almost do this; I had to patch it, too). The patch below fixes problem 1-3. I plan to address #4, also, but haven't done so yet. These diffs are big enough that they should give the PG development team something to think about in the meantime :-) Also, I'm about to leave for 2 weeks' vacation, so I thought I'd get out what I have, which works (for the problems it tackles), now. With these changes, we can set up and run PostgreSQL with scripts the same way we can with apache or proftpd or mysql. In summary, this patch makes the following enhancements: 1. Adds an environment variable PGUNIXSOCKET, analogous to MYSQL_UNIX_PORT, and command line options -k --unix-socket to the relevant programs. 2. Adds a -h option to postmaster to set the hostname or IP address to listen on instead of the default INADDR_ANY. 3. Extends some library interfaces to support the above. 4. Fixes a few memory leaks in PQconnectdb(). The default behavior is unchanged from stock 7.0.2; if you don't use any of these new features, they don't change the operation. David J. MacKenzie
2000-11-13 16:18:15 +01:00
static void reset_shared(unsigned short port);
Revert removal of signed, volatile, and signal handler arg type tests.
2000-08-29 11:36:51 +02:00
static void SIGHUP_handler(SIGNAL_ARGS);
static void pmdie(SIGNAL_ARGS);
static void reaper(SIGNAL_ARGS);
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
static void sigusr1_handler(SIGNAL_ARGS);
static void dummy_handler(SIGNAL_ARGS);
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
static void CleanupProc(int pid, int exitstatus);
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
static void LogChildExit(int lev, const char *procname,
pgindent run.
2002-09-04 22:31:48 +02:00
int pid, int exitstatus);
SECOND ATTEMPT Dump/read non-default GUC values for use by exec'ed backend, for Win32.
2003-05-03 00:02:47 +02:00
static int BackendFinalize(Port *port);
pgindent run.
2002-09-04 22:31:48 +02:00
void ExitPostmaster(int status);
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
static void usage(const char *);
static int ServerLoop(void);
static int BackendStartup(Port *port);
SECOND ATTEMPT Dump/read non-default GUC values for use by exec'ed backend, for Win32.
2003-05-03 00:02:47 +02:00
static void BackendFork(Port *port, Backend *bn);
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
static int ProcessStartupPacket(Port *port, bool SSLdone);
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
static void processCancelRequest(Port *port, void *pkt);
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
static int initMasks(fd_set *rmask, fd_set *wmask);
If we fail to fork a new backend process, (try to) report the failure to the client before closing the connection. Before 7.2 this was done correctly, but new code would simply close the connection with no report to the client.
2002-01-06 22:40:02 +01:00
static void report_fork_failure_to_client(Port *port, int errnum);
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
enum CAC_state
{
CAC_OK, CAC_STARTUP, CAC_SHUTDOWN, CAC_RECOVERY, CAC_TOOMANY
};
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
static enum CAC_state canAcceptConnections(void);
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
static long PostmasterRandom(void);
Add 4-byte MD5 salt.
2001-08-17 04:59:20 +02:00
static void RandomSalt(char *cryptSalt, char *md5Salt);
Ensure that 'errno' is saved and restored by all signal handlers that might change it. Experimentation shows that the signal handler call mechanism does not save/restore errno for you, at least not on Linux or HPUX, so this is definitely a real risk.
2000-12-18 18:33:42 +01:00
static void SignalChildren(int signal);
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
static int CountChildren(void);
Another round of those unportable config/build changes :-/ * Add option to build with OpenSSL out of the box. Fix thusly exposed bit rot. Although it compiles now, getting this to do something useful is left as an exercise. * Fix Kerberos options to defer checking for required libraries until all the other libraries are checked for. * Change default odbcinst.ini and krb5.srvtab path to PREFIX/etc. * Install work around for Autoconf's install-sh relative path anomaly. Get rid of old INSTL_*_OPTS variables, now that we don't need them anymore. * Use `gunzip -c' instead of g?zcat. Reportedly broke on AIX. * Look for only one of readline.h or readline/readline.h, not both. * Make check for PS_STRINGS cacheable. Don't test for the header files separately. * Disable fcntl(F_SETLK) test on Linux. * Substitute the standard GCC warnings set into CFLAGS in configure, don't add it on in Makefile.global. * Sweep through contrib tree to teach makefiles standard semantics. ... and in completely unrelated news: * Make postmaster.opts arbitrary options-aware. I still think we need to save the environment as well.
2000-07-09 15:14:19 +02:00
static bool CreateOptsFile(int argc, char *argv[]);
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
static pid_t SSDataBase(int xlop);
pgindent run.
2002-09-04 22:31:48 +02:00
void
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
postmaster_error(const char *fmt,...)
Consistently use gcc's __attribute__((format)) to check sprintf-style format strings wherever possible. Remarkably, this exercise didn't turn up any inconsistencies, but it seems a good idea for the future.
2001-10-03 23:58:28 +02:00
/* This lets gcc check the format string for consistency. */
__attribute__((format(printf, 1, 2)));
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
#define StartupDataBase() SSDataBase(BS_XLOG_STARTUP)
#define CheckPointDataBase() SSDataBase(BS_XLOG_CHECKPOINT)
#define ShutdownDataBase() SSDataBase(BS_XLOG_SHUTDOWN)
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
#ifdef USE_SSL
pgindent run.
2002-09-04 22:31:48 +02:00
extern int secure_initialize(void);
UPDATED PATCH: Attached are a revised set of SSL patches. Many of these patches are motivated by security concerns, it's not just bug fixes. The key differences (from stock 7.2.1) are: *) almost all code that directly uses the OpenSSL library is in two new files, src/interfaces/libpq/fe-ssl.c src/backend/postmaster/be-ssl.c in the long run, it would be nice to merge these two files. *) the legacy code to read and write network data have been encapsulated into read_SSL() and write_SSL(). These functions should probably be renamed - they handle both SSL and non-SSL cases. the remaining code should eliminate the problems identified earlier, albeit not very cleanly. *) both front- and back-ends will send a SSL shutdown via the new close_SSL() function. This is necessary for sessions to work properly. (Sessions are not yet fully supported, but by cleanly closing the SSL connection instead of just sending a TCP FIN packet other SSL tools will be much happier.) *) The client certificate and key are now expected in a subdirectory of the user's home directory. Specifically, - the directory .postgresql must be owned by the user, and allow no access by 'group' or 'other.' - the file .postgresql/postgresql.crt must be a regular file owned by the user. - the file .postgresql/postgresql.key must be a regular file owned by the user, and allow no access by 'group' or 'other'. At the current time encrypted private keys are not supported. There should also be a way to support multiple client certs/keys. *) the front-end performs minimal validation of the back-end cert. Self-signed certs are permitted, but the common name *must* match the hostname used by the front-end. (The cert itself should always use a fully qualified domain name (FDQN) in its common name field.) This means that psql -h eris db will fail, but psql -h eris.example.com db will succeed. At the current time this must be an exact match; future patches may support any FQDN that resolves to the address returned by getpeername(2). Another common "problem" is expiring certs. For now, it may be a good idea to use a very-long-lived self-signed cert. As a compile-time option, the front-end can specify a file containing valid root certificates, but it is not yet required. *) the back-end performs minimal validation of the client cert. It allows self-signed certs. It checks for expiration. It supports a compile-time option specifying a file containing valid root certificates. *) both front- and back-ends default to TLSv1, not SSLv3/SSLv2. *) both front- and back-ends support DSA keys. DSA keys are moderately more expensive on startup, but many people consider them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.) *) if /dev/urandom exists, both client and server will read 16k of randomization data from it. *) the server can read empheral DH parameters from the files $DataDir/dh512.pem $DataDir/dh1024.pem $DataDir/dh2048.pem $DataDir/dh4096.pem if none are provided, the server will default to hardcoded parameter files provided by the OpenSSL project. Remaining tasks: *) the select() clauses need to be revisited - the SSL abstraction layer may need to absorb more of the current code to avoid rare deadlock conditions. This also touches on a true solution to the pg_eof() problem. *) the SIGPIPE signal handler may need to be revisited. *) support encrypted private keys. *) sessions are not yet fully supported. (SSL sessions can span multiple "connections," and allow the client and server to avoid costly renegotiations.) *) makecert - a script that creates back-end certs. *) pgkeygen - a tool that creates front-end certs. *) the whole protocol issue, SASL, etc. *) certs are fully validated - valid root certs must be available. This is a hassle, but it means that you *can* trust the identity of the server. *) the client library can handle hardcoded root certificates, to avoid the need to copy these files. *) host name of server cert must resolve to IP address, or be a recognized alias. This is more liberal than the previous iteration. *) the number of bytes transferred is tracked, and the session key is periodically renegotiated. *) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The configuration files have reasonable defaults for each type of use. Bear Giles
2002-06-14 06:23:17 +02:00
extern void secure_destroy(void);
pgindent run.
2002-09-04 22:31:48 +02:00
extern int secure_open_server(Port *);
UPDATED PATCH: Attached are a revised set of SSL patches. Many of these patches are motivated by security concerns, it's not just bug fixes. The key differences (from stock 7.2.1) are: *) almost all code that directly uses the OpenSSL library is in two new files, src/interfaces/libpq/fe-ssl.c src/backend/postmaster/be-ssl.c in the long run, it would be nice to merge these two files. *) the legacy code to read and write network data have been encapsulated into read_SSL() and write_SSL(). These functions should probably be renamed - they handle both SSL and non-SSL cases. the remaining code should eliminate the problems identified earlier, albeit not very cleanly. *) both front- and back-ends will send a SSL shutdown via the new close_SSL() function. This is necessary for sessions to work properly. (Sessions are not yet fully supported, but by cleanly closing the SSL connection instead of just sending a TCP FIN packet other SSL tools will be much happier.) *) The client certificate and key are now expected in a subdirectory of the user's home directory. Specifically, - the directory .postgresql must be owned by the user, and allow no access by 'group' or 'other.' - the file .postgresql/postgresql.crt must be a regular file owned by the user. - the file .postgresql/postgresql.key must be a regular file owned by the user, and allow no access by 'group' or 'other'. At the current time encrypted private keys are not supported. There should also be a way to support multiple client certs/keys. *) the front-end performs minimal validation of the back-end cert. Self-signed certs are permitted, but the common name *must* match the hostname used by the front-end. (The cert itself should always use a fully qualified domain name (FDQN) in its common name field.) This means that psql -h eris db will fail, but psql -h eris.example.com db will succeed. At the current time this must be an exact match; future patches may support any FQDN that resolves to the address returned by getpeername(2). Another common "problem" is expiring certs. For now, it may be a good idea to use a very-long-lived self-signed cert. As a compile-time option, the front-end can specify a file containing valid root certificates, but it is not yet required. *) the back-end performs minimal validation of the client cert. It allows self-signed certs. It checks for expiration. It supports a compile-time option specifying a file containing valid root certificates. *) both front- and back-ends default to TLSv1, not SSLv3/SSLv2. *) both front- and back-ends support DSA keys. DSA keys are moderately more expensive on startup, but many people consider them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.) *) if /dev/urandom exists, both client and server will read 16k of randomization data from it. *) the server can read empheral DH parameters from the files $DataDir/dh512.pem $DataDir/dh1024.pem $DataDir/dh2048.pem $DataDir/dh4096.pem if none are provided, the server will default to hardcoded parameter files provided by the OpenSSL project. Remaining tasks: *) the select() clauses need to be revisited - the SSL abstraction layer may need to absorb more of the current code to avoid rare deadlock conditions. This also touches on a true solution to the pg_eof() problem. *) the SIGPIPE signal handler may need to be revisited. *) support encrypted private keys. *) sessions are not yet fully supported. (SSL sessions can span multiple "connections," and allow the client and server to avoid costly renegotiations.) *) makecert - a script that creates back-end certs. *) pgkeygen - a tool that creates front-end certs. *) the whole protocol issue, SASL, etc. *) certs are fully validated - valid root certs must be available. This is a hassle, but it means that you *can* trust the identity of the server. *) the client library can handle hardcoded root certificates, to avoid the need to copy these files. *) host name of server cert must resolve to IP address, or be a recognized alias. This is more liberal than the previous iteration. *) the number of bytes transferred is tracked, and the session key is periodically renegotiated. *) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The configuration files have reasonable defaults for each type of use. Bear Giles
2002-06-14 06:23:17 +02:00
extern void secure_close(Port *);
pgindent run.
2002-09-04 22:31:48 +02:00
#endif /* USE_SSL */
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
Remove most compile-time options, add a few runtime options to make up for it. In particular, no more compiled-in default for PGDATA or LIBDIR. Commands that need them need either invocation options or environment variables. PGPORT default is hardcoded as 5432, but overrideable with options or environment variables.
1996-11-14 11:25:54 +01:00
static void
Make the backend grok relative paths for the data directory by converting it to an absolute path.
2000-11-04 13:43:24 +01:00
checkDataDir(const char *checkdir)
Remove most compile-time options, add a few runtime options to make up for it. In particular, no more compiled-in default for PGDATA or LIBDIR. Commands that need them need either invocation options or environment variables. PGPORT default is hardcoded as 5432, but overrideable with options or environment variables.
1996-11-14 11:25:54 +01:00
{
Version number now set in configure, available through Makefile.global and config.h. Adjusted all referring code. Scrapped pg_version and changed initdb accordingly. Integrated src/utils/version.c into src/backend/utils/init/miscinit.c. Changed all callers. Set version number to `7.1devel'. (Non-numeric version suffixes now allowed.)
2000-07-02 17:21:27 +02:00
char path[MAXPGPATH];
FILE *fp;
pgindent run.
2002-09-04 22:31:48 +02:00
Set optreset on platforms that have it before launching postmaster subprocesses; perhaps this will fix portability problem just noted by Lockhart. Also, move test for bad permissions of DataDir to a more logical place.
2001-10-19 20:19:41 +02:00
struct stat stat_buf;
Version number now set in configure, available through Makefile.global and config.h. Adjusted all referring code. Scrapped pg_version and changed initdb accordingly. Integrated src/utils/version.c into src/backend/utils/init/miscinit.c. Changed all callers. Set version number to `7.1devel'. (Non-numeric version suffixes now allowed.)
2000-07-02 17:21:27 +02:00
Make the backend grok relative paths for the data directory by converting it to an absolute path.
2000-11-04 13:43:24 +01:00
if (checkdir == NULL)
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
{
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
fprintf(stderr, gettext(
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
"%s does not know where to find the database system data.\n"
"You must specify the directory that contains the database system\n"
"either by specifying the -D invocation option or by setting the\n"
"PGDATA environment variable.\n\n"),
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
progname);
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
ExitPostmaster(2);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
}
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
Set optreset on platforms that have it before launching postmaster subprocesses; perhaps this will fix portability problem just noted by Lockhart. Also, move test for bad permissions of DataDir to a more logical place.
2001-10-19 20:19:41 +02:00
if (stat(checkdir, &stat_buf) == -1)
{
if (errno == ENOENT)
elog(FATAL, "data directory %s was not found", checkdir);
else
elog(FATAL, "could not read permissions of directory %s: %m",
checkdir);
}
Make Win32 tests to match existing Cygwin tests, where appropriate.
2003-04-18 03:03:42 +02:00
/*
* Check if the directory has group or world access. If so, reject.
*
* XXX temporarily suppress check when on Windows, because there may not
* be proper support for Unix-y file permissions. Need to think of a
* reasonable check to apply on Windows.
*/
#if !defined(__CYGWIN__) && !defined(WIN32)
Set optreset on platforms that have it before launching postmaster subprocesses; perhaps this will fix portability problem just noted by Lockhart. Also, move test for bad permissions of DataDir to a more logical place.
2001-10-19 20:19:41 +02:00
if (stat_buf.st_mode & (S_IRWXG | S_IRWXO))
elog(FATAL, "data directory %s has group or world access; permissions should be u=rwx (0700)",
checkdir);
Make Win32 tests to match existing Cygwin tests, where appropriate.
2003-04-18 03:03:42 +02:00
#endif
Suppress data directory access-permissions check when __CYGWIN__, per recent pghackers discussions. Improving this should be a TODO for 7.3.
2001-12-04 17:17:48 +01:00
Ensure that all startup paths (postmaster, standalone postgres, or bootstrap) check for a valid PG_VERSION file before looking at anything else in the data directory. This fixes confusing error report when trying to start current sources in a pre-7.1 data directory. Per trouble report from Rich Shepard 10/18/01.
2001-10-19 19:03:08 +02:00
/* Look for PG_VERSION before looking for pg_control */
ValidatePgVersion(checkdir);
Remove SEP_CHAR, replace with / or '/' as appropriate.
2001-05-30 16:15:27 +02:00
snprintf(path, sizeof(path), "%s/global/pg_control", checkdir);
Version number now set in configure, available through Makefile.global and config.h. Adjusted all referring code. Scrapped pg_version and changed initdb accordingly. Integrated src/utils/version.c into src/backend/utils/init/miscinit.c. Changed all callers. Set version number to `7.1devel'. (Non-numeric version suffixes now allowed.)
2000-07-02 17:21:27 +02:00
fp = AllocateFile(path, PG_BINARY_R);
if (fp == NULL)
{
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
fprintf(stderr, gettext(
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
"%s does not find the database system.\n"
"Expected to find it in the PGDATA directory \"%s\",\n"
"but unable to open file \"%s\": %s\n\n"),
Make the backend grok relative paths for the data directory by converting it to an absolute path.
2000-11-04 13:43:24 +01:00
progname, checkdir, path, strerror(errno));
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
ExitPostmaster(2);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
}
Version number now set in configure, available through Makefile.global and config.h. Adjusted all referring code. Scrapped pg_version and changed initdb accordingly. Integrated src/utils/version.c into src/backend/utils/init/miscinit.c. Changed all callers. Set version number to `7.1devel'. (Non-numeric version suffixes now allowed.)
2000-07-02 17:21:27 +02:00
FreeFile(fp);
Remove most compile-time options, add a few runtime options to make up for it. In particular, no more compiled-in default for PGDATA or LIBDIR. Commands that need them need either invocation options or environment variables. PGPORT default is hardcoded as 5432, but overrideable with options or environment variables.
1996-11-14 11:25:54 +01:00
}
Version number now set in configure, available through Makefile.global and config.h. Adjusted all referring code. Scrapped pg_version and changed initdb accordingly. Integrated src/utils/version.c into src/backend/utils/init/miscinit.c. Changed all callers. Set version number to `7.1devel'. (Non-numeric version suffixes now allowed.)
2000-07-02 17:21:27 +02:00
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
int
PostmasterMain(int argc, char *argv[])
{
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
int opt;
int status;
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
char original_extraoptions[MAXPGPATH];
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
char *potential_DataDir = NULL;
Create postmaster.pid and postmaster.opts under $PGDATA
1999-12-03 07:26:34 +01:00
*original_extraoptions = '\0';
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
Show backend status on ps command line. Remove unused args from pg_exec_query().
1998-06-04 19:26:49 +02:00
progname = argv[0];
Advertise --help (rather than '-?') as help option (problems with csh). Accept --help even if no general long options support exists.
2000-11-25 20:05:44 +01:00
/*
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
* Catch standard options before doing much else. This even works on
* systems without getopt_long.
Advertise --help (rather than '-?') as help option (problems with csh). Accept --help even if no general long options support exists.
2000-11-25 20:05:44 +01:00
*/
if (argc > 1)
{
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
Advertise --help (rather than '-?') as help option (problems with csh). Accept --help even if no general long options support exists.
2000-11-25 20:05:44 +01:00
{
usage(progname);
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
ExitPostmaster(0);
Advertise --help (rather than '-?') as help option (problems with csh). Accept --help even if no general long options support exists.
2000-11-25 20:05:44 +01:00
}
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
Advertise --help (rather than '-?') as help option (problems with csh). Accept --help even if no general long options support exists.
2000-11-25 20:05:44 +01:00
{
puts("postmaster (PostgreSQL) " PG_VERSION);
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
ExitPostmaster(0);
Advertise --help (rather than '-?') as help option (problems with csh). Accept --help even if no general long options support exists.
2000-11-25 20:05:44 +01:00
}
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
}
Advertise --help (rather than '-?') as help option (problems with csh). Accept --help even if no general long options support exists.
2000-11-25 20:05:44 +01:00
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
/*
* for security, no dir or file created can be group or other
* accessible
*/
umask((mode_t) 0077);
From: Massimo Dal Zotto <dz@cs.unitn.it> > tprintf.patch > > tprintf.patch > > adds functions and macros which implement a conditional trace package > with the ability to change flags and numeric options of running > backends at runtime. > Options/flags can be specified in the command line and/or read from > the file pg_options in the data directory.
1998-08-25 23:34:10 +02:00
MyProcPid = getpid();
First phase of memory management rewrite (see backend/utils/mmgr/README for details). It doesn't really do that much yet, since there are no short-term memory contexts in the executor, but the infrastructure is in place and long-term contexts are handled reasonably. A few long- standing bugs have been fixed, such as 'VACUUM; anything' in a single query string crashing. Also, out-of-memory is now considered a recoverable ERROR, not FATAL. Eliminate a large amount of crufty, now-dead code in and around memory management. Fix problem with holding off SIGTRAP, SIGSEGV, etc in postmaster and backend startup.
2000-06-28 05:33:33 +02:00
/*
This patch removes a lot of unused code related to assertions and error handling, and simplifies the code that remains. Apparently, the code that left Berkeley had a whole "error handling subsystem", which exceptions and whatnot. Since we don't use that anymore, there's no reason to keep it around. The regression tests pass with the patch applied. Unless anyone sees a problem, please apply. Neil Conway
2002-08-10 22:29:18 +02:00
* Fire up essential subsystems: memory management
First phase of memory management rewrite (see backend/utils/mmgr/README for details). It doesn't really do that much yet, since there are no short-term memory contexts in the executor, but the infrastructure is in place and long-term contexts are handled reasonably. A few long- standing bugs have been fixed, such as 'VACUUM; anything' in a single query string crashing. Also, out-of-memory is now considered a recoverable ERROR, not FATAL. Eliminate a large amount of crufty, now-dead code in and around memory management. Fix problem with holding off SIGTRAP, SIGSEGV, etc in postmaster and backend startup.
2000-06-28 05:33:33 +02:00
*/
MemoryContextInit();
/*
* By default, palloc() requests in the postmaster will be allocated
* in the PostmasterContext, which is space that can be recycled by
* backends. Allocated data that needs to be available to backends
* should be allocated in TopMemoryContext.
*/
PostmasterContext = AllocSetContextCreate(TopMemoryContext,
"Postmaster",
ALLOCSET_DEFAULT_MINSIZE,
ALLOCSET_DEFAULT_INITSIZE,
ALLOCSET_DEFAULT_MAXSIZE);
MemoryContextSwitchTo(PostmasterContext);
Save source of GUC settings, allowing different sources to be processed in any order without affecting results.
2002-02-23 02:31:37 +01:00
IgnoreSystemIndexes(false);
First phase of memory management rewrite (see backend/utils/mmgr/README for details). It doesn't really do that much yet, since there are no short-term memory contexts in the executor, but the infrastructure is in place and long-term contexts are handled reasonably. A few long- standing bugs have been fixed, such as 'VACUUM; anything' in a single query string crashing. Also, out-of-memory is now considered a recoverable ERROR, not FATAL. Eliminate a large amount of crufty, now-dead code in and around memory management. Fix problem with holding off SIGTRAP, SIGSEGV, etc in postmaster and backend startup.
2000-06-28 05:33:33 +02:00
/*
* Options setup
*/
Merge the last few variable.c configuration variables into the generic GUC support. It's now possible to set datestyle, timezone, and client_encoding from postgresql.conf and per-database or per-user settings. Also, implement rollback of SET commands that occur in a transaction that later fails. Create a SET LOCAL var = value syntax that sets the variable only for the duration of the current transaction. All per previous discussions in pghackers.
2002-05-17 03:19:19 +02:00
InitializeGUCOptions();
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
Extend GUC concepts of parse_hook and assign_hook to all four supported datatypes, not only strings. parse_hook is useless for bool, I suppose, but it seems possibly useful for int and double to apply variable-specific constraints that are more complex than simple range limits. assign_hook is definitely useful for all datatypes --- we need it right now for bool to support date cache reset when changing Australian timezone rule setting. Also, clean up some residual problems with the reset all/show all patch, including memory leaks and mistaken reset of PostPortNumber. It seems best that RESET ALL not touch variables that don't have SUSET or USERSET context.
2001-06-13 00:54:06 +02:00
potential_DataDir = getenv("PGDATA"); /* default value */
First phase of memory management rewrite (see backend/utils/mmgr/README for details). It doesn't really do that much yet, since there are no short-term memory contexts in the executor, but the infrastructure is in place and long-term contexts are handled reasonably. A few long- standing bugs have been fixed, such as 'VACUUM; anything' in a single query string crashing. Also, out-of-memory is now considered a recoverable ERROR, not FATAL. Eliminate a large amount of crufty, now-dead code in and around memory management. Fix problem with holding off SIGTRAP, SIGSEGV, etc in postmaster and backend startup.
2000-06-28 05:33:33 +02:00
The heralded `Grand Unified Configuration scheme' (GUC) That means you can now set your options in either or all of $PGDATA/configuration, some postmaster option (--enable-fsync=off), or set a SET command. The list of options is in backend/utils/misc/guc.c, documentation will be written post haste. pg_options is gone, so is that pq_geqo config file. Also removed were backend -K, -Q, and -T options (no longer applicable, although -d0 does the same as -Q). Added to configure an --enable-syslog option. changed all callers from TPRINTF to elog(DEBUG)
2000-05-31 02:28:42 +02:00
opterr = 1;
Proper fix for glibc getopt() botch. Surprising we did not see this before.
2001-10-19 22:47:09 +02:00
Reverse out XLogDir/-X write-ahead log handling, per discussion. Original patch from Thomas.
2002-08-17 17:12:07 +02:00
while ((opt = getopt(argc, argv, "A:a:B:b:c:D:d:Fh:ik:lm:MN:no:p:Ss-:")) != -1)
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
{
switch (opt)
{
From: Massimo Dal Zotto <dz@cs.unitn.it> assert.patch adds a switch to turn on/off the assert checking if enabled at compile time. You can now compile postgres with assert checking and disable it at runtime in a production environment.
1998-08-25 23:04:41 +02:00
case 'A':
Fix erroneous GUC variable references from commandline-GUC patch.
2001-06-29 18:05:57 +02:00
#ifdef USE_ASSERT_CHECKING
Save source of GUC settings, allowing different sources to be processed in any order without affecting results.
2002-02-23 02:31:37 +01:00
SetConfigOption("debug_assertions", optarg, PGC_POSTMASTER, PGC_S_ARGV);
Fix erroneous GUC variable references from commandline-GUC patch.
2001-06-29 18:05:57 +02:00
#else
postmaster_error("Assert checking is not compiled in.");
From: Massimo Dal Zotto <dz@cs.unitn.it> assert.patch adds a switch to turn on/off the assert checking if enabled at compile time. You can now compile postgres with assert checking and disable it at runtime in a production environment.
1998-08-25 23:04:41 +02:00
#endif
break;
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
case 'a':
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
/* Can no longer set authentication method. */
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
break;
case 'B':
Save source of GUC settings, allowing different sources to be processed in any order without affecting results.
2002-02-23 02:31:37 +01:00
SetConfigOption("shared_buffers", optarg, PGC_POSTMASTER, PGC_S_ARGV);
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
break;
case 'b':
New ps display code, works on more platforms. Install a default configuration file. Clean up some funny business in the config file code.
2000-06-04 03:44:38 +02:00
/* Can no longer set the backend executable file to use. */
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
break;
case 'D':
Save source of GUC settings, allowing different sources to be processed in any order without affecting results.
2002-02-23 02:31:37 +01:00
potential_DataDir = optarg;
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
break;
case 'd':
pgindent run.
2002-09-04 22:31:48 +02:00
{
/* Turn on debugging for the postmaster. */
char *debugstr = palloc(strlen("debug") + strlen(optarg) + 1);
sprintf(debugstr, "debug%s", optarg);
Rename server_min_messages to log_min_messages. Part of consolidation of log_ settings.
2002-11-15 00:53:27 +01:00
SetConfigOption("log_min_messages", debugstr,
pgindent run.
2002-09-04 22:31:48 +02:00
PGC_POSTMASTER, PGC_S_ARGV);
pfree(debugstr);
Pass postmaster -d down to the postgres backend to trigger special -d handling in the backend.
2002-09-26 07:17:00 +02:00
debug_flag = atoi(optarg);
pgindent run.
2002-09-04 22:31:48 +02:00
break;
}
Remove NT-specific file open defines by defining our own open macros for "rb" and "wb".
2000-06-02 17:57:44 +02:00
case 'F':
Save source of GUC settings, allowing different sources to be processed in any order without affecting results.
2002-02-23 02:31:37 +01:00
SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV);
Remove NT-specific file open defines by defining our own open macros for "rb" and "wb".
2000-06-02 17:57:44 +02:00
break;
UUNET is looking into offering PostgreSQL as a part of a managed web hosting product, on both shared and dedicated machines. We currently offer Oracle and MySQL, and it would be a nice middle-ground. However, as shipped, PostgreSQL lacks the following features we need that MySQL has: 1. The ability to listen only on a particular IP address. Each hosting customer has their own IP address, on which all of their servers (http, ftp, real media, etc.) run. 2. The ability to place the Unix-domain socket in a mode 700 directory. This allows us to automatically create an empty database, with an empty DBA password, for new or upgrading customers without having to interactively set a DBA password and communicate it to (or from) the customer. This in turn cuts down our install and upgrade times. 3. The ability to connect to the Unix-domain socket from within a change-rooted environment. We run CGI programs chrooted to the user's home directory, which is another reason why we need to be able to specify where the Unix-domain socket is, instead of /tmp. 4. The ability to, if run as root, open a pid file in /var/run as root, and then setuid to the desired user. (mysqld -u can almost do this; I had to patch it, too). The patch below fixes problem 1-3. I plan to address #4, also, but haven't done so yet. These diffs are big enough that they should give the PG development team something to think about in the meantime :-) Also, I'm about to leave for 2 weeks' vacation, so I thought I'd get out what I have, which works (for the problems it tackles), now. With these changes, we can set up and run PostgreSQL with scripts the same way we can with apache or proftpd or mysql. In summary, this patch makes the following enhancements: 1. Adds an environment variable PGUNIXSOCKET, analogous to MYSQL_UNIX_PORT, and command line options -k --unix-socket to the relevant programs. 2. Adds a -h option to postmaster to set the hostname or IP address to listen on instead of the default INADDR_ANY. 3. Extends some library interfaces to support the above. 4. Fixes a few memory leaks in PQconnectdb(). The default behavior is unchanged from stock 7.0.2; if you don't use any of these new features, they don't change the operation. David J. MacKenzie
2000-11-13 16:18:15 +01:00
case 'h':
Save source of GUC settings, allowing different sources to be processed in any order without affecting results.
2002-02-23 02:31:37 +01:00
SetConfigOption("virtual_host", optarg, PGC_POSTMASTER, PGC_S_ARGV);
UUNET is looking into offering PostgreSQL as a part of a managed web hosting product, on both shared and dedicated machines. We currently offer Oracle and MySQL, and it would be a nice middle-ground. However, as shipped, PostgreSQL lacks the following features we need that MySQL has: 1. The ability to listen only on a particular IP address. Each hosting customer has their own IP address, on which all of their servers (http, ftp, real media, etc.) run. 2. The ability to place the Unix-domain socket in a mode 700 directory. This allows us to automatically create an empty database, with an empty DBA password, for new or upgrading customers without having to interactively set a DBA password and communicate it to (or from) the customer. This in turn cuts down our install and upgrade times. 3. The ability to connect to the Unix-domain socket from within a change-rooted environment. We run CGI programs chrooted to the user's home directory, which is another reason why we need to be able to specify where the Unix-domain socket is, instead of /tmp. 4. The ability to, if run as root, open a pid file in /var/run as root, and then setuid to the desired user. (mysqld -u can almost do this; I had to patch it, too). The patch below fixes problem 1-3. I plan to address #4, also, but haven't done so yet. These diffs are big enough that they should give the PG development team something to think about in the meantime :-) Also, I'm about to leave for 2 weeks' vacation, so I thought I'd get out what I have, which works (for the problems it tackles), now. With these changes, we can set up and run PostgreSQL with scripts the same way we can with apache or proftpd or mysql. In summary, this patch makes the following enhancements: 1. Adds an environment variable PGUNIXSOCKET, analogous to MYSQL_UNIX_PORT, and command line options -k --unix-socket to the relevant programs. 2. Adds a -h option to postmaster to set the hostname or IP address to listen on instead of the default INADDR_ANY. 3. Extends some library interfaces to support the above. 4. Fixes a few memory leaks in PQconnectdb(). The default behavior is unchanged from stock 7.0.2; if you don't use any of these new features, they don't change the operation. David J. MacKenzie
2000-11-13 16:18:15 +01:00
break;
Fix case issues with quotes.
1997-11-10 06:10:50 +01:00
case 'i':
Save source of GUC settings, allowing different sources to be processed in any order without affecting results.
2002-02-23 02:31:37 +01:00
SetConfigOption("tcpip_socket", "true", PGC_POSTMASTER, PGC_S_ARGV);
Cleanup -is flag to -l for SSL. Another PERL variable name fix. Clean up debugging options for postmaster and postgres programs. postmaster -d is no longer optional. Documentation updates.
1999-10-08 06:28:57 +02:00
break;
UUNET is looking into offering PostgreSQL as a part of a managed web hosting product, on both shared and dedicated machines. We currently offer Oracle and MySQL, and it would be a nice middle-ground. However, as shipped, PostgreSQL lacks the following features we need that MySQL has: 1. The ability to listen only on a particular IP address. Each hosting customer has their own IP address, on which all of their servers (http, ftp, real media, etc.) run. 2. The ability to place the Unix-domain socket in a mode 700 directory. This allows us to automatically create an empty database, with an empty DBA password, for new or upgrading customers without having to interactively set a DBA password and communicate it to (or from) the customer. This in turn cuts down our install and upgrade times. 3. The ability to connect to the Unix-domain socket from within a change-rooted environment. We run CGI programs chrooted to the user's home directory, which is another reason why we need to be able to specify where the Unix-domain socket is, instead of /tmp. 4. The ability to, if run as root, open a pid file in /var/run as root, and then setuid to the desired user. (mysqld -u can almost do this; I had to patch it, too). The patch below fixes problem 1-3. I plan to address #4, also, but haven't done so yet. These diffs are big enough that they should give the PG development team something to think about in the meantime :-) Also, I'm about to leave for 2 weeks' vacation, so I thought I'd get out what I have, which works (for the problems it tackles), now. With these changes, we can set up and run PostgreSQL with scripts the same way we can with apache or proftpd or mysql. In summary, this patch makes the following enhancements: 1. Adds an environment variable PGUNIXSOCKET, analogous to MYSQL_UNIX_PORT, and command line options -k --unix-socket to the relevant programs. 2. Adds a -h option to postmaster to set the hostname or IP address to listen on instead of the default INADDR_ANY. 3. Extends some library interfaces to support the above. 4. Fixes a few memory leaks in PQconnectdb(). The default behavior is unchanged from stock 7.0.2; if you don't use any of these new features, they don't change the operation. David J. MacKenzie
2000-11-13 16:18:15 +01:00
case 'k':
Save source of GUC settings, allowing different sources to be processed in any order without affecting results.
2002-02-23 02:31:37 +01:00
SetConfigOption("unix_socket_directory", optarg, PGC_POSTMASTER, PGC_S_ARGV);
UUNET is looking into offering PostgreSQL as a part of a managed web hosting product, on both shared and dedicated machines. We currently offer Oracle and MySQL, and it would be a nice middle-ground. However, as shipped, PostgreSQL lacks the following features we need that MySQL has: 1. The ability to listen only on a particular IP address. Each hosting customer has their own IP address, on which all of their servers (http, ftp, real media, etc.) run. 2. The ability to place the Unix-domain socket in a mode 700 directory. This allows us to automatically create an empty database, with an empty DBA password, for new or upgrading customers without having to interactively set a DBA password and communicate it to (or from) the customer. This in turn cuts down our install and upgrade times. 3. The ability to connect to the Unix-domain socket from within a change-rooted environment. We run CGI programs chrooted to the user's home directory, which is another reason why we need to be able to specify where the Unix-domain socket is, instead of /tmp. 4. The ability to, if run as root, open a pid file in /var/run as root, and then setuid to the desired user. (mysqld -u can almost do this; I had to patch it, too). The patch below fixes problem 1-3. I plan to address #4, also, but haven't done so yet. These diffs are big enough that they should give the PG development team something to think about in the meantime :-) Also, I'm about to leave for 2 weeks' vacation, so I thought I'd get out what I have, which works (for the problems it tackles), now. With these changes, we can set up and run PostgreSQL with scripts the same way we can with apache or proftpd or mysql. In summary, this patch makes the following enhancements: 1. Adds an environment variable PGUNIXSOCKET, analogous to MYSQL_UNIX_PORT, and command line options -k --unix-socket to the relevant programs. 2. Adds a -h option to postmaster to set the hostname or IP address to listen on instead of the default INADDR_ANY. 3. Extends some library interfaces to support the above. 4. Fixes a few memory leaks in PQconnectdb(). The default behavior is unchanged from stock 7.0.2; if you don't use any of these new features, they don't change the operation. David J. MacKenzie
2000-11-13 16:18:15 +01:00
break;
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
#ifdef USE_SSL
Cleanup -is flag to -l for SSL. Another PERL variable name fix. Clean up debugging options for postmaster and postgres programs. postmaster -d is no longer optional. Documentation updates.
1999-10-08 06:28:57 +02:00
case 'l':
Save source of GUC settings, allowing different sources to be processed in any order without affecting results.
2002-02-23 02:31:37 +01:00
SetConfigOption("ssl", "true", PGC_POSTMASTER, PGC_S_ARGV);
Add Unix domain socket support, from Goran Thyni, goran@bildbasen.se
1997-11-07 21:52:15 +01:00
break;
Cleanup -is flag to -l for SSL. Another PERL variable name fix. Clean up debugging options for postmaster and postgres programs. postmaster -d is no longer optional. Documentation updates.
1999-10-08 06:28:57 +02:00
#endif
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
case 'm':
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
/* Multiplexed backends no longer supported. */
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
break;
case 'M':
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
/*
* ignore this flag. This may be passed in because the
* program was run as 'postgres -M' instead of
* 'postmaster'
*/
break;
Allow maximum number of backends to be set at configure time (--with-maxbackends). Add a postmaster switch (-N backends) that allows the limit to be reduced at postmaster start time. (You can't increase it, sorry to say, because there are still some fixed-size arrays.) Grab the number of semaphores indicated by min(MAXBACKENDS, -N) at postmaster startup, so that this particular form of bogus configuration is exposed immediately rather than under heavy load.
1999-02-19 07:06:39 +01:00
case 'N':
Missed a few places that referred to a compile-time limit on max_connections.
2001-09-07 02:46:42 +02:00
/* The max number of backends to start. */
Save source of GUC settings, allowing different sources to be processed in any order without affecting results.
2002-02-23 02:31:37 +01:00
SetConfigOption("max_connections", optarg, PGC_POSTMASTER, PGC_S_ARGV);
Allow maximum number of backends to be set at configure time (--with-maxbackends). Add a postmaster switch (-N backends) that allows the limit to be reduced at postmaster start time. (You can't increase it, sorry to say, because there are still some fixed-size arrays.) Grab the number of semaphores indicated by min(MAXBACKENDS, -N) at postmaster startup, so that this particular form of bogus configuration is exposed immediately rather than under heavy load.
1999-02-19 07:06:39 +01:00
break;
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
case 'n':
/* Don't reinit shared mem after abnormal exit */
postmaster/postgres options cleanup.
1998-05-27 20:32:05 +02:00
Reinit = false;
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
break;
case 'o':
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
/*
* Other options to pass to the backend on the command
* line -- useful only for debugging.
*/
strcat(ExtraOptions, " ");
strcat(ExtraOptions, optarg);
Create postmaster.pid and postmaster.opts under $PGDATA
1999-12-03 07:26:34 +01:00
strcpy(original_extraoptions, optarg);
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
break;
case 'p':
Save source of GUC settings, allowing different sources to be processed in any order without affecting results.
2002-02-23 02:31:37 +01:00
SetConfigOption("port", optarg, PGC_POSTMASTER, PGC_S_ARGV);
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
break;
case 'S':
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
/*
* Start in 'S'ilent mode (disassociate from controlling
* tty). You may also think of this as 'S'ysV mode since
* it's most badly needed on SysV-derived systems like
* SVR4 and HP-UX.
*/
Save source of GUC settings, allowing different sources to be processed in any order without affecting results.
2002-02-23 02:31:37 +01:00
SetConfigOption("silent_mode", "true", PGC_POSTMASTER, PGC_S_ARGV);
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
break;
case 's':
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
/*
* In the event that some backend dumps core, send
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
* SIGSTOP, rather than SIGQUIT, to all its peers. This
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
* lets the wily post_hacker collect core dumps from
* everyone.
*/
postmaster/postgres options cleanup.
1998-05-27 20:32:05 +02:00
SendStop = true;
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
break;
Add '-c name=val' flag for setting run-time parameters.
2000-11-08 18:57:46 +01:00
case 'c':
Remove NT-specific file open defines by defining our own open macros for "rb" and "wb".
2000-06-02 17:57:44 +02:00
case '-':
Add '-c name=val' flag for setting run-time parameters.
2000-11-08 18:57:46 +01:00
{
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
char *name,
*value;
ParseLongOption(optarg, &name, &value);
if (!value)
{
if (opt == '-')
elog(ERROR, "--%s requires argument", optarg);
else
elog(ERROR, "-c %s requires argument", optarg);
}
Save source of GUC settings, allowing different sources to be processed in any order without affecting results.
2002-02-23 02:31:37 +01:00
SetConfigOption(name, value, PGC_POSTMASTER, PGC_S_ARGV);
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
free(name);
if (value)
free(value);
break;
Add '-c name=val' flag for setting run-time parameters.
2000-11-08 18:57:46 +01:00
}
Move PGPORT envar handling to ResetAllOptions(). Improve long options parsing to not clobber the optarg string -- so that we can bring SetOptsFile() up to speed.
2000-07-03 22:46:10 +02:00
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
default:
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
fprintf(stderr, gettext("Try '%s --help' for more information.\n"), progname);
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
ExitPostmaster(1);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
}
}
Add startup-time check that -B is not unreasonably small for given number of backends (-N), per recent discussion in pghackers list.
1999-06-04 23:14:46 +02:00
Save source of GUC settings, allowing different sources to be processed in any order without affecting results.
2002-02-23 02:31:37 +01:00
/*
* Postmaster accepts no non-option switch arguments.
*/
if (optind < argc)
{
postmaster_error("invalid argument -- %s", argv[optind]);
fprintf(stderr, gettext("Try '%s --help' for more information.\n"),
progname);
ExitPostmaster(1);
}
Add startup-time check that -B is not unreasonably small for given number of backends (-N), per recent discussion in pghackers list.
1999-06-04 23:14:46 +02:00
/*
Code review for superuser_reserved_connections patch. Don't try to do database access outside a transaction; revert bogus performance improvement in SIBackendInit(); improve comments; add documentation (this part courtesy Neil Conway).
2002-11-21 07:36:08 +01:00
* Now we can set the data directory, and then read postgresql.conf.
*/
checkDataDir(potential_DataDir); /* issues error messages */
SetDataDir(potential_DataDir);
ProcessConfigFile(PGC_POSTMASTER);
SECOND ATTEMPT Dump/read non-default GUC values for use by exec'ed backend, for Win32.
2003-05-03 00:02:47 +02:00
#ifdef EXEC_BACKEND
write_nondefault_variables(PGC_POSTMASTER);
#endif
Code review for superuser_reserved_connections patch. Don't try to do database access outside a transaction; revert bogus performance improvement in SIBackendInit(); improve comments; add documentation (this part courtesy Neil Conway).
2002-11-21 07:36:08 +01:00
/*
* Check for invalid combinations of GUC settings.
Add startup-time check that -B is not unreasonably small for given number of backends (-N), per recent discussion in pghackers list.
1999-06-04 23:14:46 +02:00
*/
if (NBuffers < 2 * MaxBackends || NBuffers < 16)
{
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
/*
* Do not accept -B so small that backends are likely to starve
* for lack of buffers. The specific choices here are somewhat
* arbitrary.
Add startup-time check that -B is not unreasonably small for given number of backends (-N), per recent discussion in pghackers list.
1999-06-04 23:14:46 +02:00
*/
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
postmaster_error("The number of buffers (-B) must be at least twice the number of allowed connections (-N) and at least 16.");
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
ExitPostmaster(1);
Add startup-time check that -B is not unreasonably small for given number of backends (-N), per recent discussion in pghackers list.
1999-06-04 23:14:46 +02:00
}
This patch reserves the last superuser_reserved_connections slots for connections by the superuser only. This patch replaces the last patch I sent a couple of days ago. It closes a connection that has not been authorised by a superuser if it would leave less than the GUC variable ReservedBackends (superuser_reserved_connections in postgres.conf) backend process slots free in the SISeg. This differs to the first patch which only reserved the last ReservedBackends slots in the procState array. This has made the free slot test more expensive due to the use of a lock. After thinking about a comment on the first patch I've also made it a fatal error if the number of reserved slots is not less than the maximum number of connections. Nigel J. Andrews
2002-08-29 23:02:12 +02:00
if (ReservedBackends >= MaxBackends)
Code review for superuser_reserved_connections patch. Don't try to do database access outside a transaction; revert bogus performance improvement in SIBackendInit(); improve comments; add documentation (this part courtesy Neil Conway).
2002-11-21 07:36:08 +01:00
{
postmaster_error("superuser_reserved_connections must be less than max_connections.");
ExitPostmaster(1);
}
This patch reserves the last superuser_reserved_connections slots for connections by the superuser only. This patch replaces the last patch I sent a couple of days ago. It closes a connection that has not been authorised by a superuser if it would leave less than the GUC variable ReservedBackends (superuser_reserved_connections in postgres.conf) backend process slots free in the SISeg. This differs to the first patch which only reserved the last ReservedBackends slots in the procState array. This has made the free slot test more expensive due to the use of a lock. After thinking about a comment on the first patch I've also made it a fatal error if the number of reserved slots is not less than the maximum number of connections. Nigel J. Andrews
2002-08-29 23:02:12 +02:00
Repair an embarrassingly large number of alphabetization mistakes in the datetime token tables. Even more embarrassing, the regression tests revealed some of the problems --- but evidently the bogus output wasn't questioned. Add code to postmaster startup to directly check the tables for correct ordering, in hopes of not being embarrassed like this again.
2003-01-16 01:26:49 +01:00
/*
* Other one-time internal sanity checks can go here.
*/
if (!CheckDateTokenTables())
{
postmaster_error("Invalid datetoken tables, please fix.");
ExitPostmaster(1);
}
Proper fix for glibc getopt() botch. Surprising we did not see this before.
2001-10-19 22:47:09 +02:00
/*
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
* Now that we are done processing the postmaster arguments, reset
* getopt(3) library so that it will work correctly in subprocesses.
Proper fix for glibc getopt() botch. Surprising we did not see this before.
2001-10-19 22:47:09 +02:00
*/
optind = 1;
#ifdef HAVE_INT_OPTRESET
Fix getopt-vs-init_ps_display problem by copying original argv[] info, per suggestion from Peter. Simplify several APIs by transmitting the original argv location directly from main.c to ps_status.c, instead of passing it down through several levels of subroutines.
2001-10-21 05:25:36 +02:00
optreset = 1; /* some systems need this too */
Proper fix for glibc getopt() botch. Surprising we did not see this before.
2001-10-19 22:47:09 +02:00
#endif
/* For debugging: display postmaster environment */
Keep track of the last active slot in the shared ProcState array, so that search loops only have to scan that far and not through all maxBackends entries. This eliminates a performance penalty for setting maxBackends much higher than the average number of active backends. Also, eliminate no-longer-used 'backend tag' concept. Remove setting of environment variables at backend start (except for CYR_RECODE), since none of them are being examined by the backend any longer.
2000-11-12 21:51:52 +01:00
{
extern char **environ;
char **p;
pgindent run.
2002-09-04 22:31:48 +02:00
elog(DEBUG2, "%s: PostmasterMain: initial environ dump:", progname);
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(DEBUG2, "-----------------------------------------");
Keep track of the last active slot in the shared ProcState array, so that search loops only have to scan that far and not through all maxBackends entries. This eliminates a performance penalty for setting maxBackends much higher than the average number of active backends. Also, eliminate no-longer-used 'backend tag' concept. Remove setting of environment variables at backend start (except for CYR_RECODE), since none of them are being examined by the backend any longer.
2000-11-12 21:51:52 +01:00
for (p = environ; *p; ++p)
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(DEBUG2, "\t%s", *p);
elog(DEBUG2, "-----------------------------------------");
Keep track of the last active slot in the shared ProcState array, so that search loops only have to scan that far and not through all maxBackends entries. This eliminates a performance penalty for setting maxBackends much higher than the average number of active backends. Also, eliminate no-longer-used 'backend tag' concept. Remove setting of environment variables at backend start (except for CYR_RECODE), since none of them are being examined by the backend any longer.
2000-11-12 21:51:52 +01:00
}
Fix getopt-vs-init_ps_display problem by copying original argv[] info, per suggestion from Peter. Simplify several APIs by transmitting the original argv location directly from main.c to ps_status.c, instead of passing it down through several levels of subroutines.
2001-10-21 05:25:36 +02:00
/*
* On some systems our dynloader code needs the executable's pathname.
*/
if (FindExec(pg_pathname, progname, "postgres") < 0)
elog(FATAL, "%s: could not locate executable, bailing out...",
progname);
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
/*
* Initialize SSL library, if specified.
*/
#ifdef USE_SSL
if (EnableSSL && !NetServer)
{
postmaster_error("For SSL, TCP/IP connections must be enabled.");
fprintf(stderr, gettext("Try '%s --help' for more information.\n"), progname);
ExitPostmaster(1);
}
if (EnableSSL)
UPDATED PATCH: Attached are a revised set of SSL patches. Many of these patches are motivated by security concerns, it's not just bug fixes. The key differences (from stock 7.2.1) are: *) almost all code that directly uses the OpenSSL library is in two new files, src/interfaces/libpq/fe-ssl.c src/backend/postmaster/be-ssl.c in the long run, it would be nice to merge these two files. *) the legacy code to read and write network data have been encapsulated into read_SSL() and write_SSL(). These functions should probably be renamed - they handle both SSL and non-SSL cases. the remaining code should eliminate the problems identified earlier, albeit not very cleanly. *) both front- and back-ends will send a SSL shutdown via the new close_SSL() function. This is necessary for sessions to work properly. (Sessions are not yet fully supported, but by cleanly closing the SSL connection instead of just sending a TCP FIN packet other SSL tools will be much happier.) *) The client certificate and key are now expected in a subdirectory of the user's home directory. Specifically, - the directory .postgresql must be owned by the user, and allow no access by 'group' or 'other.' - the file .postgresql/postgresql.crt must be a regular file owned by the user. - the file .postgresql/postgresql.key must be a regular file owned by the user, and allow no access by 'group' or 'other'. At the current time encrypted private keys are not supported. There should also be a way to support multiple client certs/keys. *) the front-end performs minimal validation of the back-end cert. Self-signed certs are permitted, but the common name *must* match the hostname used by the front-end. (The cert itself should always use a fully qualified domain name (FDQN) in its common name field.) This means that psql -h eris db will fail, but psql -h eris.example.com db will succeed. At the current time this must be an exact match; future patches may support any FQDN that resolves to the address returned by getpeername(2). Another common "problem" is expiring certs. For now, it may be a good idea to use a very-long-lived self-signed cert. As a compile-time option, the front-end can specify a file containing valid root certificates, but it is not yet required. *) the back-end performs minimal validation of the client cert. It allows self-signed certs. It checks for expiration. It supports a compile-time option specifying a file containing valid root certificates. *) both front- and back-ends default to TLSv1, not SSLv3/SSLv2. *) both front- and back-ends support DSA keys. DSA keys are moderately more expensive on startup, but many people consider them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.) *) if /dev/urandom exists, both client and server will read 16k of randomization data from it. *) the server can read empheral DH parameters from the files $DataDir/dh512.pem $DataDir/dh1024.pem $DataDir/dh2048.pem $DataDir/dh4096.pem if none are provided, the server will default to hardcoded parameter files provided by the OpenSSL project. Remaining tasks: *) the select() clauses need to be revisited - the SSL abstraction layer may need to absorb more of the current code to avoid rare deadlock conditions. This also touches on a true solution to the pg_eof() problem. *) the SIGPIPE signal handler may need to be revisited. *) support encrypted private keys. *) sessions are not yet fully supported. (SSL sessions can span multiple "connections," and allow the client and server to avoid costly renegotiations.) *) makecert - a script that creates back-end certs. *) pgkeygen - a tool that creates front-end certs. *) the whole protocol issue, SASL, etc. *) certs are fully validated - valid root certs must be available. This is a hassle, but it means that you *can* trust the identity of the server. *) the client library can handle hardcoded root certificates, to avoid the need to copy these files. *) host name of server cert must resolve to IP address, or be a recognized alias. This is more liberal than the previous iteration. *) the number of bytes transferred is tracked, and the session key is periodically renegotiated. *) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The configuration files have reasonable defaults for each type of use. Bear Giles
2002-06-14 06:23:17 +02:00
secure_initialize();
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
#endif
> I can see a couple possible downsides: (a) the library might have some > weird behavior across fork boundaries; (b) the additional memory space > that has to be duplicated into child processes will cost something per > child launch, even if the child never uses it. But these are only > arguments that it might not *always* be a prudent thing to do, not that > we shouldn't give the DBA the tool to do it if he wants. So fire away. Here is a patch for the above, including a documentation update. It creates a new GUC variable "preload_libraries", that accepts a list in the form: preload_libraries = '$libdir/mylib1:initfunc,$libdir/mylib2' If ":initfunc" is omitted or not found, no initialization function is executed, but the library is still preloaded. If "$libdir/mylib" isn't found, the postmaster refuses to start. In my testing with PL/R, it reduces the first call to a PL/R function (after connecting) from almost 2 seconds, down to about 8 ms. Joe Conway
2003-03-20 05:51:44 +01:00
/*
* process any libraries that should be preloaded and
* optionally pre-initialized
*/
if (preload_libraries_string)
process_preload_libraries(preload_libraries_string);
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
/*
* Fork away from controlling terminal, if -S specified.
*
* Must do this before we grab any interlock files, else the interlocks
* will show the wrong PID.
*/
if (SilentMode)
pmdaemonize(argc, argv);
/*
* Create lockfile for data directory.
*
* We want to do this before we try to grab the input sockets, because
* the data directory interlock is more reliable than the socket-file
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
* interlock (thanks to whoever decided to put socket files in /tmp
* :-(). For the same reason, it's best to grab the TCP socket before
* the Unix socket.
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
*/
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
if (!CreateDataDirLockFile(DataDir, true))
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
ExitPostmaster(1);
Move temporary files into 'pg_tempfiles' subdirectory of each database directory (which can be made a symlink to put temp files on another disk). Add code to delete leftover temp files during postmaster startup. Bruce, with some kibitzing from Tom.
2001-06-11 06:12:29 +02:00
/*
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
* Remove old temporary files. At this point there can be no other
* Postgres processes running in this directory, so this should be
* safe.
Move temporary files into 'pg_tempfiles' subdirectory of each database directory (which can be made a symlink to put temp files on another disk). Add code to delete leftover temp files during postmaster startup. Bruce, with some kibitzing from Tom.
2001-06-11 06:12:29 +02:00
*/
RemovePgTempFiles();
Keep track of the last active slot in the shared ProcState array, so that search loops only have to scan that far and not through all maxBackends entries. This eliminates a performance penalty for setting maxBackends much higher than the average number of active backends. Also, eliminate no-longer-used 'backend tag' concept. Remove setting of environment variables at backend start (except for CYR_RECODE), since none of them are being examined by the backend any longer.
2000-11-12 21:51:52 +01:00
/*
* Establish input sockets.
*/
Add Unix domain socket support, from Goran Thyni, goran@bildbasen.se
1997-11-07 21:52:15 +01:00
if (NetServer)
Fix case issues with quotes.
1997-11-10 06:10:50 +01:00
{
Enable IPv6 connections to the server, and add pg_hba.conf IPv6 entries if the OS supports it. Code will still compile on non-IPv6-aware machines (feature added by Bruce). Nigel Kukard
2003-01-06 04:18:27 +01:00
#ifdef HAVE_IPV6
/* Try INET6 first. May fail if kernel doesn't support IP6 */
status = StreamServerPort(AF_INET6, VirtualHost,
Move temporary files into 'pg_tempfiles' subdirectory of each database directory (which can be made a symlink to put temp files on another disk). Add code to delete leftover temp files during postmaster startup. Bruce, with some kibitzing from Tom.
2001-06-11 06:12:29 +02:00
(unsigned short) PostPortNumber,
UnixSocketDir,
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
&ServerSock_INET);
Un-break optarg() call --- some peoples' optarg libraries don't like extraneous colons in the option list...
1999-09-30 04:17:23 +02:00
if (status != STATUS_OK)
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
{
Enable IPv6 connections to the server, and add pg_hba.conf IPv6 entries if the OS supports it. Code will still compile on non-IPv6-aware machines (feature added by Bruce). Nigel Kukard
2003-01-06 04:18:27 +01:00
elog(LOG, "IPv6 support disabled --- perhaps the kernel does not support IPv6");
#endif
status = StreamServerPort(AF_INET, VirtualHost,
(unsigned short) PostPortNumber,
UnixSocketDir,
&ServerSock_INET);
if (status != STATUS_OK)
{
postmaster_error("cannot create INET stream port");
ExitPostmaster(1);
}
#ifdef HAVE_IPV6
else
elog(LOG, "IPv4 socket created");
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
}
Enable IPv6 connections to the server, and add pg_hba.conf IPv6 entries if the OS supports it. Code will still compile on non-IPv6-aware machines (feature added by Bruce). Nigel Kukard
2003-01-06 04:18:27 +01:00
#endif
Fix case issues with quotes.
1997-11-10 06:10:50 +01:00
}
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
Introduce HAVE_UNIX_SOCKETS symbol to replace repeatedly listing all the unsupported platforms.
2000-08-20 12:55:35 +02:00
#ifdef HAVE_UNIX_SOCKETS
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
status = StreamServerPort(AF_UNIX, VirtualHost,
Move temporary files into 'pg_tempfiles' subdirectory of each database directory (which can be made a symlink to put temp files on another disk). Add code to delete leftover temp files during postmaster startup. Bruce, with some kibitzing from Tom.
2001-06-11 06:12:29 +02:00
(unsigned short) PostPortNumber,
UnixSocketDir,
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
&ServerSock_UNIX);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
if (status != STATUS_OK)
{
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
postmaster_error("cannot create UNIX stream port");
Add runtime configuration options to control permission bits and group owner of unix socket.
2000-11-01 22:14:03 +01:00
ExitPostmaster(1);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
}
Apply Win32 patch from Horak Daniel.
1999-01-17 07:20:06 +01:00
#endif
Keep track of the last active slot in the shared ProcState array, so that search loops only have to scan that far and not through all maxBackends entries. This eliminates a performance penalty for setting maxBackends much higher than the average number of active backends. Also, eliminate no-longer-used 'backend tag' concept. Remove setting of environment variables at backend start (except for CYR_RECODE), since none of them are being examined by the backend any longer.
2000-11-12 21:51:52 +01:00
Store current LC_COLLATE and LC_CTYPE settings in pg_control during initdb; re-adopt these settings at every postmaster or standalone-backend startup. This should fix problems with indexes becoming corrupt due to failure to provide consistent locale environment for postmaster at all times. Also, refuse to start up a non-locale-enabled compilation in a database originally initdb'd with a non-C locale. Suppress LIKE index optimization if locale is not "C" or "POSIX" (are there any other locales where it's safe?). Issue NOTICE during initdb if selected locale disables LIKE optimization.
2000-11-25 21:33:54 +01:00
XLOGPathInit();
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
/*
* Set up shared memory and semaphores.
*/
Rename PortName to PortNumber.
2000-11-14 02:15:06 +01:00
reset_shared(PostPortNumber);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
/*
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
* Initialize the list of active backends.
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
*/
BackendList = DLNewList();
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
/*
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
* Record postmaster options. We delay this till now to avoid
* recording bogus options (eg, NBuffers too high for available
* memory).
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
*/
if (!CreateOptsFile(argc, argv))
ExitPostmaster(1);
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
/*
* Set up signal handlers for the postmaster process.
Arrange to call localtime() during postmaster startup. On most Unixen, the first call of localtime() in a process will read /usr/lib/tztab or local equivalent. Better to do this once in the postmaster and inherit the data by fork() than to have to do it during every backend start.
2002-02-19 20:53:35 +01:00
*
pgindent run.
2002-09-04 22:31:48 +02:00
* CAUTION: when changing this list, check for side-effects on the signal
* handling setup of child processes. See tcop/postgres.c,
Arrange to call localtime() during postmaster startup. On most Unixen, the first call of localtime() in a process will read /usr/lib/tztab or local equivalent. Better to do this once in the postmaster and inherit the data by fork() than to have to do it during every backend start.
2002-02-19 20:53:35 +01:00
* bootstrap/bootstrap.c, and postmaster/pgstat.c.
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
*/
First phase of memory management rewrite (see backend/utils/mmgr/README for details). It doesn't really do that much yet, since there are no short-term memory contexts in the executor, but the infrastructure is in place and long-term contexts are handled reasonably. A few long- standing bugs have been fixed, such as 'VACUUM; anything' in a single query string crashing. Also, out-of-memory is now considered a recoverable ERROR, not FATAL. Eliminate a large amount of crufty, now-dead code in and around memory management. Fix problem with holding off SIGTRAP, SIGSEGV, etc in postmaster and backend startup.
2000-06-28 05:33:33 +02:00
pqinitmask();
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
PG_SETMASK(&BlockSig);
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
pqsignal(SIGHUP, SIGHUP_handler); /* reread config file and have
* children do same */
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
pqsignal(SIGINT, pmdie); /* send SIGTERM and ShutdownDataBase */
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
pqsignal(SIGQUIT, pmdie); /* send SIGQUIT and die */
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
pqsignal(SIGTERM, pmdie); /* wait for children and ShutdownDataBase */
pqsignal(SIGALRM, SIG_IGN); /* ignored */
pqsignal(SIGPIPE, SIG_IGN); /* ignored */
New pgindent run with fixes suggested by Tom. Patch manually reviewed, initdb/regression tests pass.
2001-11-05 18:46:40 +01:00
pqsignal(SIGUSR1, sigusr1_handler); /* message from child process */
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
pqsignal(SIGUSR2, dummy_handler); /* unused, reserve for children */
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
pqsignal(SIGCHLD, reaper); /* handle child termination */
pqsignal(SIGTTIN, SIG_IGN); /* ignored */
pqsignal(SIGTTOU, SIG_IGN); /* ignored */
Ignore SIGXFSZ (if platform has it), so that ulimit violations work like disk-full conditions instead of provoking a backend crash. Per suggestion from Frederic Surleau.
2003-03-24 23:40:14 +01:00
/* ignore SIGXFSZ, so that ulimit violations work like disk full */
#ifdef SIGXFSZ
pqsignal(SIGXFSZ, SIG_IGN); /* ignored */
#endif
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
Clean up some confusion about where and how to set whereToSendOutput. We will no longer try to send elog messages to the client before we have initialized backend libpq (oops); however, reporting bogus commandline switches via elog does work now (not irrelevant, because of PGOPTIONS). Fix problem with inappropriate sending of checkpoint-process messages to stderr.
2001-09-08 03:10:21 +02:00
/*
* Reset whereToSendOutput from Debug (its starting state) to None.
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
* This prevents elog from sending log messages to stderr unless the
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
* syslog/stderr switch permits. We don't do this until the
* postmaster is fully launched, since startup failures may as well be
* reported to stderr.
Clean up some confusion about where and how to set whereToSendOutput. We will no longer try to send elog messages to the client before we have initialized backend libpq (oops); however, reporting bogus commandline switches via elog does work now (not irrelevant, because of PGOPTIONS). Fix problem with inappropriate sending of checkpoint-process messages to stderr.
2001-09-08 03:10:21 +02:00
*/
whereToSendOutput = None;
Arrange to call localtime() during postmaster startup. On most Unixen, the first call of localtime() in a process will read /usr/lib/tztab or local equivalent. Better to do this once in the postmaster and inherit the data by fork() than to have to do it during every backend start.
2002-02-19 20:53:35 +01:00
/*
* On many platforms, the first call of localtime() incurs significant
* overhead to load timezone info from the system configuration files.
pgindent run.
2002-09-04 22:31:48 +02:00
* By doing it once in the postmaster, we avoid having to do it in
* every started child process. The savings are not huge, but they
* add up...
Arrange to call localtime() during postmaster startup. On most Unixen, the first call of localtime() in a process will read /usr/lib/tztab or local equivalent. Better to do this once in the postmaster and inherit the data by fork() than to have to do it during every backend start.
2002-02-19 20:53:35 +01:00
*/
{
time_t now = time(NULL);
(void) localtime(&now);
}
Start the stats collector at a less randomly chosen time. Bad idea to start it before we have acquired the data directory lock; also a bad idea to start it before we have set up to catch SIGCHLD signals.
2001-07-03 18:52:12 +02:00
/*
Tweak stats collector start logic so that we will not try to spawn a new stats collector oftener than once a minute. Per gripe from Erik Walthinsen 4/25/03.
2003-04-26 04:57:14 +02:00
* Initialize and try to startup the statistics collector process
Start the stats collector at a less randomly chosen time. Bad idea to start it before we have acquired the data directory lock; also a bad idea to start it before we have set up to catch SIGCHLD signals.
2001-07-03 18:52:12 +02:00
*/
Tweak stats collector start logic so that we will not try to spawn a new stats collector oftener than once a minute. Per gripe from Erik Walthinsen 4/25/03.
2003-04-26 04:57:14 +02:00
pgstat_init();
pgstat_start();
Start the stats collector at a less randomly chosen time. Bad idea to start it before we have acquired the data directory lock; also a bad idea to start it before we have set up to catch SIGCHLD signals.
2001-07-03 18:52:12 +02:00
Fix pg_pwd caching mechanism, which was broken by changes to fork postmaster children before client auth step. Postmaster now rereads pg_pwd on receipt of SIGHUP, the same way that pg_hba.conf is handled. No cycles need be expended to validate password cache validity during connection startup.
2001-11-02 19:39:57 +01:00
/*
* Load cached files for client authentication.
*/
Authentication improvements: A new pg_hba.conf column, USER Allow specifiction of lists of users separated by commas Allow group names specified by + Allow include files containing lists of users specified by @ Allow lists of databases, and database files Allow samegroup in database column to match group name matching dbname Removal of secondary password files Remove pg_passwd utility Lots of code cleanup in user.c and hba.c New data/global/pg_pwd format New data/global/pg_group file
2002-04-04 06:25:54 +02:00
load_hba();
load_ident();
load_user();
load_group();
Fix pg_pwd caching mechanism, which was broken by changes to fork postmaster children before client auth step. Postmaster now rereads pg_pwd on receipt of SIGHUP, the same way that pg_hba.conf is handled. No cycles need be expended to validate password cache validity during connection startup.
2001-11-02 19:39:57 +01:00
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
/*
* We're ready to rock and roll...
*/
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
StartupPID = StartupDataBase();
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
status = ServerLoop();
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
/*
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
* ServerLoop probably shouldn't ever return, but if it does, close
* down.
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
*/
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
ExitPostmaster(status != STATUS_OK);
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
return 0; /* not reached */
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
}
static void
Another round of those unportable config/build changes :-/ * Add option to build with OpenSSL out of the box. Fix thusly exposed bit rot. Although it compiles now, getting this to do something useful is left as an exercise. * Fix Kerberos options to defer checking for required libraries until all the other libraries are checked for. * Change default odbcinst.ini and krb5.srvtab path to PREFIX/etc. * Install work around for Autoconf's install-sh relative path anomaly. Get rid of old INSTL_*_OPTS variables, now that we don't need them anymore. * Use `gunzip -c' instead of g?zcat. Reportedly broke on AIX. * Look for only one of readline.h or readline/readline.h, not both. * Make check for PS_STRINGS cacheable. Don't test for the header files separately. * Disable fcntl(F_SETLK) test on Linux. * Substitute the standard GCC warnings set into CFLAGS in configure, don't add it on in Makefile.global. * Sweep through contrib tree to teach makefiles standard semantics. ... and in completely unrelated news: * Make postmaster.opts arbitrary options-aware. I still think we need to save the environment as well.
2000-07-09 15:14:19 +02:00
pmdaemonize(int argc, char *argv[])
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
{
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
int i;
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
pid_t pid;
pgindent run.
2002-09-04 22:31:48 +02:00
Add code to allow profiling of backends on Linux: save and restore the profiling timer setting across fork(). The correct way to build a profilable backend on Linux is now gmake PROFILE="-pg -DLINUX_PROFILE"
2002-03-02 21:46:12 +01:00
#ifdef LINUX_PROFILE
struct itimerval prof_itimer;
#endif
#ifdef LINUX_PROFILE
/* see comments in BackendStartup */
getitimer(ITIMER_PROF, &prof_itimer);
#endif
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
Unlink the pid file if it's bogus (no associated process exists)
1999-12-04 09:23:43 +01:00
pid = fork();
Just noticed that with -S switch, MyProcPid is permanently wrong in postmaster, because it isn't updated after forking away from the terminal. Apparently it's not used anyplace in the postmaster ... but seems best to make it show the correct PID ...
2000-11-29 23:04:04 +01:00
if (pid == (pid_t) -1)
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
{
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
postmaster_error("fork failed: %s", strerror(errno));
Unlink the pid file if it's bogus (no associated process exists)
1999-12-04 09:23:43 +01:00
ExitPostmaster(1);
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
return; /* not reached */
}
else if (pid)
{ /* parent */
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
/* Parent should just exit, without doing any atexit cleanup */
_exit(0);
Unlink the pid file if it's bogus (no associated process exists)
1999-12-04 09:23:43 +01:00
}
Fix bugs regarding pid file.
1999-12-06 08:21:12 +01:00
Add code to allow profiling of backends on Linux: save and restore the profiling timer setting across fork(). The correct way to build a profilable backend on Linux is now gmake PROFILE="-pg -DLINUX_PROFILE"
2002-03-02 21:46:12 +01:00
#ifdef LINUX_PROFILE
setitimer(ITIMER_PROF, &prof_itimer, NULL);
#endif
Just noticed that with -S switch, MyProcPid is permanently wrong in postmaster, because it isn't updated after forking away from the terminal. Apparently it's not used anyplace in the postmaster ... but seems best to make it show the correct PID ...
2000-11-29 23:04:04 +01:00
MyProcPid = getpid(); /* reset MyProcPid to child */
Various patches for nextstep by GregorHoffleit Replaced NEED_STRDUP by !HAVE_STRDUP
1997-02-13 09:32:20 +01:00
/* GH: If there's no setsid(), we hopefully don't need silent mode.
* Until there's a better solution.
*/
#ifdef HAVE_SETSID
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
if (setsid() < 0)
{
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
postmaster_error("cannot disassociate from controlling TTY: %s",
strerror(errno));
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
ExitPostmaster(1);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
}
Various patches for nextstep by GregorHoffleit Replaced NEED_STRDUP by !HAVE_STRDUP
1997-02-13 09:32:20 +01:00
#endif
Remove NT-specific file open defines by defining our own open macros for "rb" and "wb".
2000-06-02 17:57:44 +02:00
i = open(NULL_DEV, O_RDWR | PG_BINARY);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
dup2(i, 0);
dup2(i, 1);
dup2(i, 2);
close(i);
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
}
Add assert checking to GUC ("debug_assertions") Rename settings net_server to tcpip_socket, max_backends to max_connections Add --help and --version to postmaster, reformat help output
2000-07-12 19:38:53 +02:00
/*
* Print out help message
*/
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
static void
The remainder of D'Arcy's changes, most notibly the usage of SIGNAL_ARGS
1996-10-04 22:17:11 +02:00
usage(const char *progname)
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
{
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
printf(gettext("%s is the PostgreSQL server.\n\n"), progname);
Improve formatting of --help output.
2002-10-19 00:05:36 +02:00
printf(gettext("Usage:\n %s [OPTION]...\n\n"), progname);
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
printf(gettext("Options:\n"));
From: Massimo Dal Zotto <dz@cs.unitn.it> assert.patch adds a switch to turn on/off the assert checking if enabled at compile time. You can now compile postgres with assert checking and disable it at runtime in a production environment.
1998-08-25 23:04:41 +02:00
#ifdef USE_ASSERT_CHECKING
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
printf(gettext(" -A 1|0 enable/disable run-time assert checking\n"));
From: Massimo Dal Zotto <dz@cs.unitn.it> assert.patch adds a switch to turn on/off the assert checking if enabled at compile time. You can now compile postgres with assert checking and disable it at runtime in a production environment.
1998-08-25 23:04:41 +02:00
#endif
Generate pg_config.h.in by autoheader. Separate out manually editable parts. Standardize spelling of comments in pg_config.h.
2003-04-07 00:45:23 +02:00
printf(gettext(" -B NBUFFERS number of shared buffers\n"));
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
printf(gettext(" -c NAME=VALUE set run-time parameter\n"));
printf(gettext(" -d 1-5 debugging level\n"));
printf(gettext(" -D DATADIR database directory\n"));
printf(gettext(" -F turn fsync off\n"));
printf(gettext(" -h HOSTNAME host name or IP address to listen on\n"));
printf(gettext(" -i enable TCP/IP connections\n"));
printf(gettext(" -k DIRECTORY Unix-domain socket location\n"));
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
#ifdef USE_SSL
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
printf(gettext(" -l enable SSL connections\n"));
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
#endif
Generate pg_config.h.in by autoheader. Separate out manually editable parts. Standardize spelling of comments in pg_config.h.
2003-04-07 00:45:23 +02:00
printf(gettext(" -N MAX-CONNECT maximum number of allowed connections\n"));
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
printf(gettext(" -o OPTIONS pass 'OPTIONS' to each backend server\n"));
Generate pg_config.h.in by autoheader. Separate out manually editable parts. Standardize spelling of comments in pg_config.h.
2003-04-07 00:45:23 +02:00
printf(gettext(" -p PORT port number to listen on\n"));
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
printf(gettext(" -S silent mode (start in background without logging output)\n"));
Improve formatting of --help output.
2002-10-19 00:05:36 +02:00
printf(gettext(" --help show this help, then exit\n"));
printf(gettext(" --version output version information, then exit\n"));
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
printf(gettext("\nDeveloper options:\n"));
printf(gettext(" -n do not reinitialize shared memory after abnormal exit\n"));
printf(gettext(" -s send SIGSTOP to all backend servers if one dies\n"));
printf(gettext("\nPlease read the documentation for the complete list of run-time\n"
"configuration settings and how to set them on the command line or in\n"
"the configuration file.\n\n"
"Report bugs to <pgsql-bugs@postgresql.org>.\n"));
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
}
Make functions static where possible, enclose unused functions in #ifdef NOT_USED.
1997-08-19 23:40:56 +02:00
static int
The remainder of D'Arcy's changes, most notibly the usage of SIGNAL_ARGS
1996-10-04 22:17:11 +02:00
ServerLoop(void)
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
{
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
fd_set readmask,
writemask;
int nSockets;
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
struct timeval now,
later;
Add real random() call to postmaster for use in cancel.
1998-06-08 06:27:59 +02:00
struct timezone tz;
gettimeofday(&now, &tz);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
nSockets = initMasks(&readmask, &writemask);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
for (;;)
{
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
Port *port;
fd_set rmask,
wmask;
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
struct timeval timeout;
/*
* The timeout for the select() below is normally set on the basis
New pgindent run with fixes suggested by Tom. Patch manually reviewed, initdb/regression tests pass.
2001-11-05 18:46:40 +01:00
* of the time to the next checkpoint. However, if for some
* reason we don't have a next-checkpoint time, time out after 60
* seconds. This keeps checkpoint scheduling from locking up when
* we get new connection requests infrequently (since we are
* likely to detect checkpoint completion just after enabling
* signals below, after we've already made the decision about how
* long to wait this time).
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
*/
timeout.tv_sec = 60;
timeout.tv_usec = 0;
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
if (CheckPointPID == 0 && checkpointed &&
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
Shutdown == NoShutdown && !FatalError && random_seed != 0)
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
{
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
time_t now = time(NULL);
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
if (CheckPointTimeout + checkpointed > now)
{
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
/*
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
* Not time for checkpoint yet, so set select timeout
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
*/
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
timeout.tv_sec = CheckPointTimeout + checkpointed - now;
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
}
else
Re-read Unix-socket lock file every so often (every CheckPoint interval, actually) to ensure that its file access time doesn't get old enough to tempt a /tmp directory cleaner to remove it. Still another reason we should never have put the sockets in /tmp in the first place ...
2001-01-27 01:05:31 +01:00
{
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
/* Time to make the checkpoint... */
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
CheckPointPID = CheckPointDataBase();
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
/*
* if fork failed, schedule another try at 0.1 normal
* delay
*/
Don't go belly-up if fork() fails for a routine checkpoint subprocess. Just try again later.
2001-03-14 18:58:46 +01:00
if (CheckPointPID == 0)
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
{
timeout.tv_sec = CheckPointTimeout / 10;
checkpointed = now + timeout.tv_sec - CheckPointTimeout;
}
Re-read Unix-socket lock file every so often (every CheckPoint interval, actually) to ensure that its file access time doesn't get old enough to tempt a /tmp directory cleaner to remove it. Still another reason we should never have put the sockets in /tmp in the first place ...
2001-01-27 01:05:31 +01:00
}
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
}
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
Clean up broken test for whether to wait for input in SSL case. Per discussion with Magnus Hagander.
2000-10-26 00:27:25 +02:00
/*
* Wait for something to happen.
*/
memcpy((char *) &rmask, (char *) &readmask, sizeof(fd_set));
memcpy((char *) &wmask, (char *) &writemask, sizeof(fd_set));
Check for SIGHUP and process config file updates just after waiting for input, not just before.
2000-10-24 23:33:52 +02:00
PG_SETMASK(&UnBlockSig);
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
if (select(nSockets, &rmask, &wmask, (fd_set *) NULL, &timeout) < 0)
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
{
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
PG_SETMASK(&BlockSig);
New diff that now covers the entire tree. Applying this gets postgresql working on the VERY latest version of BeOS. I'm sure there will be alot of comments, but then if there weren't I'd be disappointed! Thanks for your continuing efforts to get this into your tree. Haven't bothered with the new files as they haven't changed. BTW Peter, the compiler is "broken" about the bool define and so on. I'm filing a bug report to try and get it addressed. Hopefully then we can tidy up the code a bit. I await the replies with interest :) David Reid
2000-10-03 05:11:26 +02:00
if (errno == EINTR || errno == EWOULDBLOCK)
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
continue;
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(LOG, "ServerLoop: select failed: %m");
Renaming cleanup, no pgindent yet.
1998-09-01 05:29:17 +02:00
return STATUS_ERROR;
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
}
Check for SIGHUP and process config file updates just after waiting for input, not just before.
2000-10-24 23:33:52 +02:00
/*
New pgindent run with fixes suggested by Tom. Patch manually reviewed, initdb/regression tests pass.
2001-11-05 18:46:40 +01:00
* Block all signals until we wait again. (This makes it safe for
* our signal handlers to do nontrivial work.)
Check for SIGHUP and process config file updates just after waiting for input, not just before.
2000-10-24 23:33:52 +02:00
*/
PG_SETMASK(&BlockSig);
Attached is a patch that fixes these leaks, and does a couple other things as well: * Computes and saves a cancel key for each backend. * fflush before forking, to eliminate double-buffering problems between postmaster and backends. Other cleanups. Tom Lane
1998-06-09 06:06:12 +02:00
/*
* Select a random seed at the time of first receiving a request.
*/
while (random_seed == 0)
Add real random() call to postmaster for use in cancel.
1998-06-08 06:27:59 +02:00
{
gettimeofday(&later, &tz);
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
Add real random() call to postmaster for use in cancel.
1998-06-08 06:27:59 +02:00
/*
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
* We are not sure how much precision is in tv_usec, so we
* swap the nibbles of 'later' and XOR them with 'now'. On the
* off chance that the result is 0, we loop until it isn't.
Add real random() call to postmaster for use in cancel.
1998-06-08 06:27:59 +02:00
*/
random_seed = now.tv_usec ^
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
((later.tv_usec << 16) |
((later.tv_usec >> 16) & 0xffff));
Add real random() call to postmaster for use in cancel.
1998-06-08 06:27:59 +02:00
}
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
/*
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
* New connection pending on our well-known port's socket? If so,
* fork a child process to deal with it.
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
*/
Fix case issues with quotes.
1997-11-10 06:10:50 +01:00
Introduce HAVE_UNIX_SOCKETS symbol to replace repeatedly listing all the unsupported platforms.
2000-08-20 12:55:35 +02:00
#ifdef HAVE_UNIX_SOCKETS
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
if (ServerSock_UNIX != INVALID_SOCK
&& FD_ISSET(ServerSock_UNIX, &rmask))
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
{
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
port = ConnCreate(ServerSock_UNIX);
if (port)
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
{
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
BackendStartup(port);
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
/*
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
* We no longer need the open socket or port structure in
* this process
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
*/
StreamClose(port->sock);
ConnFree(port);
}
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
}
Apply Win32 patch from Horak Daniel.
1999-01-17 07:20:06 +01:00
#endif
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
if (ServerSock_INET != INVALID_SOCK
&& FD_ISSET(ServerSock_INET, &rmask))
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
{
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
port = ConnCreate(ServerSock_INET);
if (port)
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
{
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
BackendStartup(port);
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
/*
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
* We no longer need the open socket or port structure in
* this process
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
*/
StreamClose(port->sock);
ConnFree(port);
}
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
}
Tweak stats collector start logic so that we will not try to spawn a new stats collector oftener than once a minute. Per gripe from Erik Walthinsen 4/25/03.
2003-04-26 04:57:14 +02:00
/* If we have lost the stats collector, try to start a new one */
if (!pgstat_is_running)
pgstat_start();
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
}
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
}
New host-based authentication -- send error message when authentication fails
1996-10-12 09:48:49 +02:00
/*
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
* Initialise the read and write masks for select() for the well-known ports
* we are listening on. Return the number of sockets to listen on.
*/
New host-based authentication -- send error message when authentication fails
1996-10-12 09:48:49 +02:00
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
static int
initMasks(fd_set *rmask, fd_set *wmask)
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
{
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
int nsocks = -1;
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
FD_ZERO(rmask);
FD_ZERO(wmask);
Introduce HAVE_UNIX_SOCKETS symbol to replace repeatedly listing all the unsupported platforms.
2000-08-20 12:55:35 +02:00
#ifdef HAVE_UNIX_SOCKETS
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
if (ServerSock_UNIX != INVALID_SOCK)
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
{
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
FD_SET(ServerSock_UNIX, rmask);
if (ServerSock_UNIX > nsocks)
nsocks = ServerSock_UNIX;
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
}
Apply Win32 patch from Horak Daniel.
1999-01-17 07:20:06 +01:00
#endif
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
if (ServerSock_INET != INVALID_SOCK)
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
{
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
FD_SET(ServerSock_INET, rmask);
if (ServerSock_INET > nsocks)
nsocks = ServerSock_INET;
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
}
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
Renaming cleanup, no pgindent yet.
1998-09-01 05:29:17 +02:00
return nsocks + 1;
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
}
New host-based authentication -- send error message when authentication fails
1996-10-12 09:48:49 +02:00
/*
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
* Read the startup packet and do something according to it.
*
* Returns STATUS_OK or STATUS_ERROR, or might call elog(FATAL) and
* not return at all.
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
*
* (Note that elog(FATAL) stuff is sent to the client, so only use it
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
* if that's what you want. Return STATUS_ERROR if you don't want to
* send anything to the client, which would typically be appropriate
* if we detect a communications failure.)
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
*/
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
static int
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
ProcessStartupPacket(Port *port, bool SSLdone)
New host-based authentication -- send error message when authentication fails
1996-10-12 09:48:49 +02:00
{
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
enum CAC_state cac;
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
int32 len;
void *buf;
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
ProtocolVersion proto;
MemoryContext oldcontext;
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
if (pq_getbytes((char *) &len, 4) == EOF)
{
Another round of protocol changes. Backend-to-frontend messages now all have length words. COPY OUT reimplemented per new protocol: it doesn't need \. anymore, thank goodness. COPY BINARY to/from frontend works, at least as far as the backend is concerned --- libpq's PQgetline API is not up to snuff, and will have to be replaced with something that is null-safe. libpq uses message length words for performance improvement (no cycles wasted rescanning long messages), but not yet for error recovery.
2003-04-22 02:08:07 +02:00
/*
* EOF after SSLdone probably means the client didn't like our
* response to NEGOTIATE_SSL_CODE. That's not an error condition,
* so don't clutter the log with a complaint.
*/
if (!SSLdone)
elog(COMMERROR, "incomplete startup packet");
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
return STATUS_ERROR;
}
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
len = ntohl(len);
len -= 4;
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
if (len < (int32) sizeof(ProtocolVersion) ||
len > MAX_STARTUP_PACKET_LENGTH)
Another round of protocol changes. Backend-to-frontend messages now all have length words. COPY OUT reimplemented per new protocol: it doesn't need \. anymore, thank goodness. COPY BINARY to/from frontend works, at least as far as the backend is concerned --- libpq's PQgetline API is not up to snuff, and will have to be replaced with something that is null-safe. libpq uses message length words for performance improvement (no cycles wasted rescanning long messages), but not yet for error recovery.
2003-04-22 02:08:07 +02:00
{
elog(COMMERROR, "invalid length of startup packet");
return STATUS_ERROR;
}
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
/*
* Allocate at least the size of an old-style startup packet, plus one
* extra byte, and make sure all are zeroes. This ensures we will have
* null termination of all strings, in both fixed- and variable-length
* packet layouts.
*/
if (len <= (int32) sizeof(StartupPacket))
buf = palloc0(sizeof(StartupPacket) + 1);
else
buf = palloc0(len + 1);
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
if (pq_getbytes(buf, len) == EOF)
{
Second round of FE/BE protocol changes. Frontend->backend messages now have length counts, and COPY IN data is packetized into messages.
2003-04-19 02:02:30 +02:00
elog(COMMERROR, "incomplete startup packet");
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
return STATUS_ERROR;
}
Load pg_hba.conf and pg_ident.conf on startup and SIGHUP into List of Lists, and use that for user validation. Bruce Momjian
2001-07-30 16:50:24 +02:00
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
/*
* The first field is either a protocol version number or a special
* request code.
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
*/
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
port->proto = proto = ntohl(*((ProtocolVersion *) buf));
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
if (proto == CANCEL_REQUEST_CODE)
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
{
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
processCancelRequest(port, buf);
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
return 127; /* XXX */
}
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
if (proto == NEGOTIATE_SSL_CODE && !SSLdone)
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
{
char SSLok;
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
#ifdef USE_SSL
Clean up broken test for whether to wait for input in SSL case. Per discussion with Magnus Hagander.
2000-10-26 00:27:25 +02:00
/* No SSL when disabled or on Unix sockets */
if (!EnableSSL || port->laddr.sa.sa_family != AF_INET)
SSLok = 'N';
SSL patch from Magnus
2000-08-30 16:54:24 +02:00
else
Clean up broken test for whether to wait for input in SSL case. Per discussion with Magnus Hagander.
2000-10-26 00:27:25 +02:00
SSLok = 'S'; /* Support for SSL */
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
#else
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
SSLok = 'N'; /* No support for SSL */
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
#endif
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
if (send(port->sock, &SSLok, 1, 0) != 1)
{
Another round of protocol changes. Backend-to-frontend messages now all have length words. COPY OUT reimplemented per new protocol: it doesn't need \. anymore, thank goodness. COPY BINARY to/from frontend works, at least as far as the backend is concerned --- libpq's PQgetline API is not up to snuff, and will have to be replaced with something that is null-safe. libpq uses message length words for performance improvement (no cycles wasted rescanning long messages), but not yet for error recovery.
2003-04-22 02:08:07 +02:00
elog(COMMERROR, "failed to send SSL negotiation response: %m");
Another pgindent run. Fixes enum indenting, and improves #endif spacing. Also adds space for one-line comments.
2001-10-28 07:26:15 +01:00
return STATUS_ERROR; /* close the connection */
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
}
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
#ifdef USE_SSL
UPDATED PATCH: Attached are a revised set of SSL patches. Many of these patches are motivated by security concerns, it's not just bug fixes. The key differences (from stock 7.2.1) are: *) almost all code that directly uses the OpenSSL library is in two new files, src/interfaces/libpq/fe-ssl.c src/backend/postmaster/be-ssl.c in the long run, it would be nice to merge these two files. *) the legacy code to read and write network data have been encapsulated into read_SSL() and write_SSL(). These functions should probably be renamed - they handle both SSL and non-SSL cases. the remaining code should eliminate the problems identified earlier, albeit not very cleanly. *) both front- and back-ends will send a SSL shutdown via the new close_SSL() function. This is necessary for sessions to work properly. (Sessions are not yet fully supported, but by cleanly closing the SSL connection instead of just sending a TCP FIN packet other SSL tools will be much happier.) *) The client certificate and key are now expected in a subdirectory of the user's home directory. Specifically, - the directory .postgresql must be owned by the user, and allow no access by 'group' or 'other.' - the file .postgresql/postgresql.crt must be a regular file owned by the user. - the file .postgresql/postgresql.key must be a regular file owned by the user, and allow no access by 'group' or 'other'. At the current time encrypted private keys are not supported. There should also be a way to support multiple client certs/keys. *) the front-end performs minimal validation of the back-end cert. Self-signed certs are permitted, but the common name *must* match the hostname used by the front-end. (The cert itself should always use a fully qualified domain name (FDQN) in its common name field.) This means that psql -h eris db will fail, but psql -h eris.example.com db will succeed. At the current time this must be an exact match; future patches may support any FQDN that resolves to the address returned by getpeername(2). Another common "problem" is expiring certs. For now, it may be a good idea to use a very-long-lived self-signed cert. As a compile-time option, the front-end can specify a file containing valid root certificates, but it is not yet required. *) the back-end performs minimal validation of the client cert. It allows self-signed certs. It checks for expiration. It supports a compile-time option specifying a file containing valid root certificates. *) both front- and back-ends default to TLSv1, not SSLv3/SSLv2. *) both front- and back-ends support DSA keys. DSA keys are moderately more expensive on startup, but many people consider them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.) *) if /dev/urandom exists, both client and server will read 16k of randomization data from it. *) the server can read empheral DH parameters from the files $DataDir/dh512.pem $DataDir/dh1024.pem $DataDir/dh2048.pem $DataDir/dh4096.pem if none are provided, the server will default to hardcoded parameter files provided by the OpenSSL project. Remaining tasks: *) the select() clauses need to be revisited - the SSL abstraction layer may need to absorb more of the current code to avoid rare deadlock conditions. This also touches on a true solution to the pg_eof() problem. *) the SIGPIPE signal handler may need to be revisited. *) support encrypted private keys. *) sessions are not yet fully supported. (SSL sessions can span multiple "connections," and allow the client and server to avoid costly renegotiations.) *) makecert - a script that creates back-end certs. *) pgkeygen - a tool that creates front-end certs. *) the whole protocol issue, SASL, etc. *) certs are fully validated - valid root certs must be available. This is a hassle, but it means that you *can* trust the identity of the server. *) the client library can handle hardcoded root certificates, to avoid the need to copy these files. *) host name of server cert must resolve to IP address, or be a recognized alias. This is more liberal than the previous iteration. *) the number of bytes transferred is tracked, and the session key is periodically renegotiated. *) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The configuration files have reasonable defaults for each type of use. Bear Giles
2002-06-14 06:23:17 +02:00
if (SSLok == 'S' && secure_open_server(port) == -1)
pgindent run.
2002-09-04 22:31:48 +02:00
return STATUS_ERROR;
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
#endif
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
/* regular startup packet, cancel, etc packet should follow... */
/* but not another SSL negotiation request */
return ProcessStartupPacket(port, true);
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
}
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
/* Could add additional special packet types here */
Another round of protocol changes. Backend-to-frontend messages now all have length words. COPY OUT reimplemented per new protocol: it doesn't need \. anymore, thank goodness. COPY BINARY to/from frontend works, at least as far as the backend is concerned --- libpq's PQgetline API is not up to snuff, and will have to be replaced with something that is null-safe. libpq uses message length words for performance improvement (no cycles wasted rescanning long messages), but not yet for error recovery.
2003-04-22 02:08:07 +02:00
/*
* Set FrontendProtocol now so that elog() knows what format to send
* if we fail during startup.
*/
FrontendProtocol = proto;
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
/* Check we can handle the protocol the frontend is using. */
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
if (PG_PROTOCOL_MAJOR(proto) < PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST) ||
PG_PROTOCOL_MAJOR(proto) > PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST) ||
(PG_PROTOCOL_MAJOR(proto) == PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST) &&
PG_PROTOCOL_MINOR(proto) > PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST)))
elog(FATAL, "unsupported frontend protocol %u.%u: server supports %u.0 to %u.%u",
PG_PROTOCOL_MAJOR(proto), PG_PROTOCOL_MINOR(proto),
PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST),
PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST),
PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST));
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
/*
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
* Now fetch parameters out of startup packet and save them into the
* Port structure. All data structures attached to the Port struct
* must be allocated in TopMemoryContext so that they won't disappear
SECOND ATTEMPT Dump/read non-default GUC values for use by exec'ed backend, for Win32.
2003-05-03 00:02:47 +02:00
* when we pass them to PostgresMain (see BackendFinalize). We need not worry
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
* about leaking this storage on failure, since we aren't in the postmaster
* process anymore.
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
*/
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
oldcontext = MemoryContextSwitchTo(TopMemoryContext);
if (PG_PROTOCOL_MAJOR(proto) >= 3)
{
int32 offset = sizeof(ProtocolVersion);
/*
* Scan packet body for name/option pairs. We can assume any
* string beginning within the packet body is null-terminated,
* thanks to zeroing extra byte above.
*/
port->guc_options = NIL;
while (offset < len)
{
char *nameptr = ((char *) buf) + offset;
int32 valoffset;
char *valptr;
if (*nameptr == '\0')
break; /* found packet terminator */
valoffset = offset + strlen(nameptr) + 1;
if (valoffset >= len)
break; /* missing value, will complain below */
valptr = ((char *) buf) + valoffset;
if (strcmp(nameptr, "database") == 0)
port->database_name = pstrdup(valptr);
else if (strcmp(nameptr, "user") == 0)
port->user_name = pstrdup(valptr);
else if (strcmp(nameptr, "options") == 0)
port->cmdline_options = pstrdup(valptr);
else
{
/* Assume it's a generic GUC option */
port->guc_options = lappend(port->guc_options,
pstrdup(nameptr));
port->guc_options = lappend(port->guc_options,
pstrdup(valptr));
}
offset = valoffset + strlen(valptr) + 1;
}
/*
* If we didn't find a packet terminator exactly at the end of the
* given packet length, complain.
*/
if (offset != len-1)
elog(FATAL, "invalid startup packet layout: expected terminator as last byte");
}
else
{
/*
* Get the parameters from the old-style, fixed-width-fields startup
* packet as C strings. The packet destination was cleared first so a
* short packet has zeros silently added. We have to be prepared to
* truncate the pstrdup result for oversize fields, though.
*/
StartupPacket *packet = (StartupPacket *) buf;
port->database_name = pstrdup(packet->database);
if (strlen(port->database_name) > sizeof(packet->database))
port->database_name[sizeof(packet->database)] = '\0';
port->user_name = pstrdup(packet->user);
if (strlen(port->user_name) > sizeof(packet->user))
port->user_name[sizeof(packet->user)] = '\0';
port->cmdline_options = pstrdup(packet->options);
if (strlen(port->cmdline_options) > sizeof(packet->options))
port->cmdline_options[sizeof(packet->options)] = '\0';
port->guc_options = NIL;
}
Truncate incoming username and database name to NAMEDATALEN-1 characters so that we don't reject overlength names unnecessarily.
2001-02-20 02:34:40 +01:00
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
/* Check a user name was given. */
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
if (port->user_name == NULL || port->user_name[0] == '\0')
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
elog(FATAL, "no PostgreSQL user name specified in startup packet");
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
/* The database defaults to the user name. */
if (port->database_name == NULL || port->database_name[0] == '\0')
port->database_name = pstrdup(port->user_name);
Add db-local user names, per discussion on hackers.
2002-08-18 05:03:26 +02:00
if (Db_user_namespace)
pgindent run.
2002-09-04 22:31:48 +02:00
{
Add db-local user names, per discussion on hackers.
2002-08-18 05:03:26 +02:00
/*
pgindent run.
2002-09-04 22:31:48 +02:00
* If user@, it is a global user, remove '@'. We only want to do
* this if there is an '@' at the end and no earlier in the user
* string or they may fake as a local user of another database
* attaching to this database.
Add db-local user names, per discussion on hackers.
2002-08-18 05:03:26 +02:00
*/
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
if (strchr(port->user_name, '@') ==
port->user_name + strlen(port->user_name) - 1)
*strchr(port->user_name, '@') = '\0';
Add db-local user names, per discussion on hackers.
2002-08-18 05:03:26 +02:00
else
{
/* Append '@' and dbname */
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
char *db_user;
pgindent run.
2002-09-04 22:31:48 +02:00
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
db_user = palloc(strlen(port->user_name) +
strlen(port->database_name) + 2);
sprintf(db_user, "%s@%s", port->user_name, port->database_name);
port->user_name = db_user;
Add db-local user names, per discussion on hackers.
2002-08-18 05:03:26 +02:00
}
}
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
/*
* Truncate given database and user names to length of a Postgres
* name. This avoids lookup failures when overlength names are given.
*/
if (strlen(port->database_name) >= NAMEDATALEN)
port->database_name[NAMEDATALEN - 1] = '\0';
if (strlen(port->user_name) >= NAMEDATALEN)
port->user_name[NAMEDATALEN - 1] = '\0';
/*
* Done putting stuff in TopMemoryContext.
*/
MemoryContextSwitchTo(oldcontext);
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
/*
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
* If we're going to reject the connection due to database state, say
* so now instead of wasting cycles on an authentication exchange.
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
* (This also allows a pg_ping utility to be written.)
*/
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
cac = canAcceptConnections();
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
switch (cac)
{
case CAC_STARTUP:
elog(FATAL, "The database system is starting up");
break;
case CAC_SHUTDOWN:
elog(FATAL, "The database system is shutting down");
break;
case CAC_RECOVERY:
elog(FATAL, "The database system is in recovery mode");
break;
case CAC_TOOMANY:
elog(FATAL, "Sorry, too many clients already");
break;
case CAC_OK:
default:
Rearrange LOG_CONNECTIONS code so that two log messages are made: one immediately upon forking to handle a new connection, and one after the authentication cycle is finished. Per today's pggeneral discussion.
2002-05-29 01:56:51 +02:00
break;
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
}
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
return STATUS_OK;
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
}
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
/*
* The client has sent a cancel request packet, not a normal
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
* start-a-new-connection packet. Perform the necessary processing.
* Nothing is sent back to the client.
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
*/
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
static void
processCancelRequest(Port *port, void *pkt)
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
{
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
CancelRequestPacket *canc = (CancelRequestPacket *) pkt;
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
int backendPID;
long cancelAuthCode;
Dlelem *curr;
Backend *bp;
backendPID = (int) ntohl(canc->backendPID);
cancelAuthCode = (long) ntohl(canc->cancelAuthCode);
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
if (backendPID == CheckPointPID)
{
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(DEBUG1, "processCancelRequest: CheckPointPID in cancel request for process %d", backendPID);
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
return;
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
}
Handle clog structure in shared memory in exec() case, for Win32.
2003-05-03 05:52:07 +02:00
else if (ExecBackend)
{
AttachSharedMemoryAndSemaphores();
}
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
/* See if we have a matching backend */
for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
{
bp = (Backend *) DLE_VAL(curr);
if (bp->pid == backendPID)
{
if (bp->cancel_key == cancelAuthCode)
{
/* Found a match; signal that backend to cancel current op */
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(DEBUG1, "processing cancel request: sending SIGINT to process %d",
backendPID);
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
kill(bp->pid, SIGINT);
}
else
/* Right PID, wrong key: no way, Jose */
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(DEBUG1, "bad key in cancel request for process %d",
pgindent run.
2002-09-04 22:31:48 +02:00
backendPID);
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
return;
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
}
}
/* No matching backend */
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(DEBUG1, "bad pid in cancel request for process %d", backendPID);
New host-based authentication -- send error message when authentication fails
1996-10-12 09:48:49 +02:00
}
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
/*
* canAcceptConnections --- check to see if database state allows connections.
*/
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
static enum CAC_state
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
canAcceptConnections(void)
{
/* Can't start backends when in startup/shutdown/recovery state. */
if (Shutdown > NoShutdown)
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
return CAC_SHUTDOWN;
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
if (StartupPID)
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
return CAC_STARTUP;
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
if (FatalError)
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
return CAC_RECOVERY;
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
Tweak startup sequence so that running out of PROC array slots is detected sooner in backend startup, and is treated as an expected error (it gives 'Sorry, too many clients already' now). This allows us not to have to enforce the MaxBackends limit exactly in the postmaster. Also, remove ProcRemove() and fold its functionality into ProcKill(). There's no good reason for a backend not to be responsible for removing its PROC entry, and there are lots of good reasons for the postmaster not to be touching shared-memory data structures.
2001-06-17 00:58:17 +02:00
/*
* Don't start too many children.
*
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
* We allow more connections than we can have backends here because some
* might still be authenticating; they might fail auth, or some
* existing backend might exit before the auth cycle is completed. The
* exact MaxBackends limit is enforced when a new backend tries to
* join the shared-inval backend array.
Tweak startup sequence so that running out of PROC array slots is detected sooner in backend startup, and is treated as an expected error (it gives 'Sorry, too many clients already' now). This allows us not to have to enforce the MaxBackends limit exactly in the postmaster. Also, remove ProcRemove() and fold its functionality into ProcKill(). There's no good reason for a backend not to be responsible for removing its PROC entry, and there are lots of good reasons for the postmaster not to be touching shared-memory data structures.
2001-06-17 00:58:17 +02:00
*/
if (CountChildren() >= 2 * MaxBackends)
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
return CAC_TOOMANY;
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
return CAC_OK;
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
}
New host-based authentication -- send error message when authentication fails
1996-10-12 09:48:49 +02:00
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
/*
* ConnCreate -- create a local connection data structure
*/
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
static Port *
ConnCreate(int serverFd)
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
{
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
Port *port;
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
if (!(port = (Port *) calloc(1, sizeof(Port))))
{
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(LOG, "ConnCreate: malloc failed");
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
SignalChildren(SIGQUIT);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
ExitPostmaster(1);
}
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
if (StreamConnection(serverFd, port) != STATUS_OK)
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
{
StreamClose(port->sock);
More paranoia about global variables containing references to long- since-closed file descriptors...
2000-05-26 03:38:08 +02:00
ConnFree(port);
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
port = NULL;
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
}
else
{
Code review for MD5 authorization patch. Clean up some breakage (salts were always zero!?), add much missing documentation.
2001-09-21 22:31:49 +02:00
/*
* Precompute password salt values to use for this connection.
* It's slightly annoying to do this long in advance of knowing
* whether we'll need 'em or not, but we must do the random()
* calls before we fork, not after. Else the postmaster's random
* sequence won't get advanced, and all backends would end up
* using the same salt...
*/
Add 4-byte MD5 salt.
2001-08-17 04:59:20 +02:00
RandomSalt(port->cryptSalt, port->md5Salt);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
}
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
return port;
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
}
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
/*
More paranoia about global variables containing references to long- since-closed file descriptors...
2000-05-26 03:38:08 +02:00
* ConnFree -- free a local connection data structure
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
*/
Fix a bunch of minor portability problems and maybe-bugs revealed by running gcc and HP's cc with warnings cranked way up. Signed vs unsigned comparisons, routines declared static and then defined not-static, that kind of thing. Tedious, but perhaps useful...
2000-03-17 03:36:41 +01:00
static void
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
ConnFree(Port *conn)
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
{
#ifdef USE_SSL
UPDATED PATCH: Attached are a revised set of SSL patches. Many of these patches are motivated by security concerns, it's not just bug fixes. The key differences (from stock 7.2.1) are: *) almost all code that directly uses the OpenSSL library is in two new files, src/interfaces/libpq/fe-ssl.c src/backend/postmaster/be-ssl.c in the long run, it would be nice to merge these two files. *) the legacy code to read and write network data have been encapsulated into read_SSL() and write_SSL(). These functions should probably be renamed - they handle both SSL and non-SSL cases. the remaining code should eliminate the problems identified earlier, albeit not very cleanly. *) both front- and back-ends will send a SSL shutdown via the new close_SSL() function. This is necessary for sessions to work properly. (Sessions are not yet fully supported, but by cleanly closing the SSL connection instead of just sending a TCP FIN packet other SSL tools will be much happier.) *) The client certificate and key are now expected in a subdirectory of the user's home directory. Specifically, - the directory .postgresql must be owned by the user, and allow no access by 'group' or 'other.' - the file .postgresql/postgresql.crt must be a regular file owned by the user. - the file .postgresql/postgresql.key must be a regular file owned by the user, and allow no access by 'group' or 'other'. At the current time encrypted private keys are not supported. There should also be a way to support multiple client certs/keys. *) the front-end performs minimal validation of the back-end cert. Self-signed certs are permitted, but the common name *must* match the hostname used by the front-end. (The cert itself should always use a fully qualified domain name (FDQN) in its common name field.) This means that psql -h eris db will fail, but psql -h eris.example.com db will succeed. At the current time this must be an exact match; future patches may support any FQDN that resolves to the address returned by getpeername(2). Another common "problem" is expiring certs. For now, it may be a good idea to use a very-long-lived self-signed cert. As a compile-time option, the front-end can specify a file containing valid root certificates, but it is not yet required. *) the back-end performs minimal validation of the client cert. It allows self-signed certs. It checks for expiration. It supports a compile-time option specifying a file containing valid root certificates. *) both front- and back-ends default to TLSv1, not SSLv3/SSLv2. *) both front- and back-ends support DSA keys. DSA keys are moderately more expensive on startup, but many people consider them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.) *) if /dev/urandom exists, both client and server will read 16k of randomization data from it. *) the server can read empheral DH parameters from the files $DataDir/dh512.pem $DataDir/dh1024.pem $DataDir/dh2048.pem $DataDir/dh4096.pem if none are provided, the server will default to hardcoded parameter files provided by the OpenSSL project. Remaining tasks: *) the select() clauses need to be revisited - the SSL abstraction layer may need to absorb more of the current code to avoid rare deadlock conditions. This also touches on a true solution to the pg_eof() problem. *) the SIGPIPE signal handler may need to be revisited. *) support encrypted private keys. *) sessions are not yet fully supported. (SSL sessions can span multiple "connections," and allow the client and server to avoid costly renegotiations.) *) makecert - a script that creates back-end certs. *) pgkeygen - a tool that creates front-end certs. *) the whole protocol issue, SASL, etc. *) certs are fully validated - valid root certs must be available. This is a hassle, but it means that you *can* trust the identity of the server. *) the client library can handle hardcoded root certificates, to avoid the need to copy these files. *) host name of server cert must resolve to IP address, or be a recognized alias. This is more liberal than the previous iteration. *) the number of bytes transferred is tracked, and the session key is periodically renegotiated. *) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The configuration files have reasonable defaults for each type of use. Bear Giles
2002-06-14 06:23:17 +02:00
secure_close(conn);
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
#endif
free(conn);
}
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
When launching a child backend, take care to close file descriptors for any other client connections that may exist (which would only happen if another client is currently in the authentication cycle). This avoids wastage of open descriptors in a child. It might also explain peculiar behaviors like not closing connections when expected, since the kernel will probably not signal EOF as long as some other backend is randomly holding open a reference to the connection, even if the client went away long since ...
2001-02-08 01:35:10 +01:00
/*
* ClosePostmasterPorts -- close all the postmaster's open sockets
*
* This is called during child process startup to release file descriptors
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
* that are not needed by that child process. The postmaster still has
* them open, of course.
When launching a child backend, take care to close file descriptors for any other client connections that may exist (which would only happen if another client is currently in the authentication cycle). This avoids wastage of open descriptors in a child. It might also explain peculiar behaviors like not closing connections when expected, since the kernel will probably not signal EOF as long as some other backend is randomly holding open a reference to the connection, even if the client went away long since ...
2001-02-08 01:35:10 +01:00
*/
Endeavor to make pgstats buffer process (a) safe and (b) useful. Make sure it exits immediately when collector process dies --- in old code, buffer process would hang around and compete with the new buffer process for packets. Make sure it doesn't block on writing the pipe when the collector falls more than a pipeload behind. Avoid leaking pgstats FDs into every backend.
2001-08-05 04:06:50 +02:00
void
ClosePostmasterPorts(bool pgstat_too)
When launching a child backend, take care to close file descriptors for any other client connections that may exist (which would only happen if another client is currently in the authentication cycle). This avoids wastage of open descriptors in a child. It might also explain peculiar behaviors like not closing connections when expected, since the kernel will probably not signal EOF as long as some other backend is randomly holding open a reference to the connection, even if the client went away long since ...
2001-02-08 01:35:10 +01:00
{
/* Close the listen sockets */
if (NetServer)
StreamClose(ServerSock_INET);
ServerSock_INET = INVALID_SOCK;
#ifdef HAVE_UNIX_SOCKETS
StreamClose(ServerSock_UNIX);
ServerSock_UNIX = INVALID_SOCK;
#endif
Endeavor to make pgstats buffer process (a) safe and (b) useful. Make sure it exits immediately when collector process dies --- in old code, buffer process would hang around and compete with the new buffer process for packets. Make sure it doesn't block on writing the pipe when the collector falls more than a pipeload behind. Avoid leaking pgstats FDs into every backend.
2001-08-05 04:06:50 +02:00
/* Close pgstat control sockets, unless we're starting pgstat itself */
if (pgstat_too)
pgstat_close_sockets();
When launching a child backend, take care to close file descriptors for any other client connections that may exist (which would only happen if another client is currently in the authentication cycle). This avoids wastage of open descriptors in a child. It might also explain peculiar behaviors like not closing connections when expected, since the kernel will probably not signal EOF as long as some other backend is randomly holding open a reference to the connection, even if the client went away long since ...
2001-02-08 01:35:10 +01:00
}
UUNET is looking into offering PostgreSQL as a part of a managed web hosting product, on both shared and dedicated machines. We currently offer Oracle and MySQL, and it would be a nice middle-ground. However, as shipped, PostgreSQL lacks the following features we need that MySQL has: 1. The ability to listen only on a particular IP address. Each hosting customer has their own IP address, on which all of their servers (http, ftp, real media, etc.) run. 2. The ability to place the Unix-domain socket in a mode 700 directory. This allows us to automatically create an empty database, with an empty DBA password, for new or upgrading customers without having to interactively set a DBA password and communicate it to (or from) the customer. This in turn cuts down our install and upgrade times. 3. The ability to connect to the Unix-domain socket from within a change-rooted environment. We run CGI programs chrooted to the user's home directory, which is another reason why we need to be able to specify where the Unix-domain socket is, instead of /tmp. 4. The ability to, if run as root, open a pid file in /var/run as root, and then setuid to the desired user. (mysqld -u can almost do this; I had to patch it, too). The patch below fixes problem 1-3. I plan to address #4, also, but haven't done so yet. These diffs are big enough that they should give the PG development team something to think about in the meantime :-) Also, I'm about to leave for 2 weeks' vacation, so I thought I'd get out what I have, which works (for the problems it tackles), now. With these changes, we can set up and run PostgreSQL with scripts the same way we can with apache or proftpd or mysql. In summary, this patch makes the following enhancements: 1. Adds an environment variable PGUNIXSOCKET, analogous to MYSQL_UNIX_PORT, and command line options -k --unix-socket to the relevant programs. 2. Adds a -h option to postmaster to set the hostname or IP address to listen on instead of the default INADDR_ANY. 3. Extends some library interfaces to support the above. 4. Fixes a few memory leaks in PQconnectdb(). The default behavior is unchanged from stock 7.0.2; if you don't use any of these new features, they don't change the operation. David J. MacKenzie
2000-11-13 16:18:15 +01:00
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
/*
* reset_shared -- reset shared memory and semaphores
*/
static void
UUNET is looking into offering PostgreSQL as a part of a managed web hosting product, on both shared and dedicated machines. We currently offer Oracle and MySQL, and it would be a nice middle-ground. However, as shipped, PostgreSQL lacks the following features we need that MySQL has: 1. The ability to listen only on a particular IP address. Each hosting customer has their own IP address, on which all of their servers (http, ftp, real media, etc.) run. 2. The ability to place the Unix-domain socket in a mode 700 directory. This allows us to automatically create an empty database, with an empty DBA password, for new or upgrading customers without having to interactively set a DBA password and communicate it to (or from) the customer. This in turn cuts down our install and upgrade times. 3. The ability to connect to the Unix-domain socket from within a change-rooted environment. We run CGI programs chrooted to the user's home directory, which is another reason why we need to be able to specify where the Unix-domain socket is, instead of /tmp. 4. The ability to, if run as root, open a pid file in /var/run as root, and then setuid to the desired user. (mysqld -u can almost do this; I had to patch it, too). The patch below fixes problem 1-3. I plan to address #4, also, but haven't done so yet. These diffs are big enough that they should give the PG development team something to think about in the meantime :-) Also, I'm about to leave for 2 weeks' vacation, so I thought I'd get out what I have, which works (for the problems it tackles), now. With these changes, we can set up and run PostgreSQL with scripts the same way we can with apache or proftpd or mysql. In summary, this patch makes the following enhancements: 1. Adds an environment variable PGUNIXSOCKET, analogous to MYSQL_UNIX_PORT, and command line options -k --unix-socket to the relevant programs. 2. Adds a -h option to postmaster to set the hostname or IP address to listen on instead of the default INADDR_ANY. 3. Extends some library interfaces to support the above. 4. Fixes a few memory leaks in PQconnectdb(). The default behavior is unchanged from stock 7.0.2; if you don't use any of these new features, they don't change the operation. David J. MacKenzie
2000-11-13 16:18:15 +01:00
reset_shared(unsigned short port)
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
{
Significant cleanups in SysV IPC handling (shared mem and semaphores). IPC key assignment will now work correctly even when multiple postmasters are using same logical port number (which is possible given -k switch). There is only one shared-mem segment per postmaster now, not 3. Rip out broken code for non-TAS case in bufmgr and xlog, substitute a complete S_LOCK emulation using semaphores in spin.c. TAS and non-TAS logic is now exactly the same. When deadlock is detected, "Deadlock detected" is now the elog(ERROR) message, rather than a NOTICE that comes out before an unhelpful ERROR.
2000-11-29 00:27:57 +01:00
/*
* Create or re-create shared memory and semaphores.
Create an internal semaphore API that is not tied to SysV semaphores. As proof of concept, provide an alternate implementation based on POSIX semaphores. Also push the SysV shared-memory implementation into a separate file so that it can be replaced conveniently.
2002-05-05 02:03:29 +02:00
*
* Note: in each "cycle of life" we will normally assign the same IPC
* keys (if using SysV shmem and/or semas), since the port number is
pgindent run.
2002-09-04 22:31:48 +02:00
* used to determine IPC keys. This helps ensure that we will clean
* up dead IPC objects if the postmaster crashes and is restarted.
Significant cleanups in SysV IPC handling (shared mem and semaphores). IPC key assignment will now work correctly even when multiple postmasters are using same logical port number (which is possible given -k switch). There is only one shared-mem segment per postmaster now, not 3. Rip out broken code for non-TAS case in bufmgr and xlog, substitute a complete S_LOCK emulation using semaphores in spin.c. TAS and non-TAS logic is now exactly the same. When deadlock is detected, "Deadlock detected" is now the elog(ERROR) message, rather than a NOTICE that comes out before an unhelpful ERROR.
2000-11-29 00:27:57 +01:00
*/
Create an internal semaphore API that is not tied to SysV semaphores. As proof of concept, provide an alternate implementation based on POSIX semaphores. Also push the SysV shared-memory implementation into a separate file so that it can be replaced conveniently.
2002-05-05 02:03:29 +02:00
CreateSharedMemoryAndSemaphores(false, MaxBackends, port);
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
}
The heralded `Grand Unified Configuration scheme' (GUC) That means you can now set your options in either or all of $PGDATA/configuration, some postmaster option (--enable-fsync=off), or set a SET command. The list of options is in backend/utils/misc/guc.c, documentation will be written post haste. pg_options is gone, so is that pq_geqo config file. Also removed were backend -K, -Q, and -T options (no longer applicable, although -d0 does the same as -Q). Added to configure an --enable-syslog option. changed all callers from TPRINTF to elog(DEBUG)
2000-05-31 02:28:42 +02:00
/*
Fix now-obsolete comment.
2001-11-04 21:12:57 +01:00
* SIGHUP -- reread config files, and tell children to do same
The heralded `Grand Unified Configuration scheme' (GUC) That means you can now set your options in either or all of $PGDATA/configuration, some postmaster option (--enable-fsync=off), or set a SET command. The list of options is in backend/utils/misc/guc.c, documentation will be written post haste. pg_options is gone, so is that pq_geqo config file. Also removed were backend -K, -Q, and -T options (no longer applicable, although -d0 does the same as -Q). Added to configure an --enable-syslog option. changed all callers from TPRINTF to elog(DEBUG)
2000-05-31 02:28:42 +02:00
*/
static void
Revert removal of signed, volatile, and signal handler arg type tests.
2000-08-29 11:36:51 +02:00
SIGHUP_handler(SIGNAL_ARGS)
The heralded `Grand Unified Configuration scheme' (GUC) That means you can now set your options in either or all of $PGDATA/configuration, some postmaster option (--enable-fsync=off), or set a SET command. The list of options is in backend/utils/misc/guc.c, documentation will be written post haste. pg_options is gone, so is that pq_geqo config file. Also removed were backend -K, -Q, and -T options (no longer applicable, although -d0 does the same as -Q). Added to configure an --enable-syslog option. changed all callers from TPRINTF to elog(DEBUG)
2000-05-31 02:28:42 +02:00
{
Ensure that 'errno' is saved and restored by all signal handlers that might change it. Experimentation shows that the signal handler call mechanism does not save/restore errno for you, at least not on Linux or HPUX, so this is definitely a real risk.
2000-12-18 18:33:42 +01:00
int save_errno = errno;
Add missing PG_SETMASK(&BlockSig) to SIGHUP_handler().
2001-06-14 21:59:24 +02:00
PG_SETMASK(&BlockSig);
if (Shutdown <= SmartShutdown)
{
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
elog(LOG, "Received SIGHUP, reloading configuration files");
Add missing PG_SETMASK(&BlockSig) to SIGHUP_handler().
2001-06-14 21:59:24 +02:00
SignalChildren(SIGHUP);
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
ProcessConfigFile(PGC_SIGHUP);
SECOND ATTEMPT Dump/read non-default GUC values for use by exec'ed backend, for Win32.
2003-05-03 00:02:47 +02:00
#ifdef EXEC_BACKEND
write_nondefault_variables(PGC_SIGHUP);
#endif
Authentication improvements: A new pg_hba.conf column, USER Allow specifiction of lists of users separated by commas Allow group names specified by + Allow include files containing lists of users specified by @ Allow lists of databases, and database files Allow samegroup in database column to match group name matching dbname Removal of secondary password files Remove pg_passwd utility Lots of code cleanup in user.c and hba.c New data/global/pg_pwd format New data/global/pg_group file
2002-04-04 06:25:54 +02:00
load_hba();
load_ident();
Add missing PG_SETMASK(&BlockSig) to SIGHUP_handler().
2001-06-14 21:59:24 +02:00
}
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
PG_SETMASK(&UnBlockSig);
Ensure that 'errno' is saved and restored by all signal handlers that might change it. Experimentation shows that the signal handler call mechanism does not save/restore errno for you, at least not on Linux or HPUX, so this is definitely a real risk.
2000-12-18 18:33:42 +01:00
errno = save_errno;
The heralded `Grand Unified Configuration scheme' (GUC) That means you can now set your options in either or all of $PGDATA/configuration, some postmaster option (--enable-fsync=off), or set a SET command. The list of options is in backend/utils/misc/guc.c, documentation will be written post haste. pg_options is gone, so is that pq_geqo config file. Also removed were backend -K, -Q, and -T options (no longer applicable, although -d0 does the same as -Q). Added to configure an --enable-syslog option. changed all callers from TPRINTF to elog(DEBUG)
2000-05-31 02:28:42 +02:00
}
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
/*
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
* pmdie -- signal handler for processing various postmaster signals.
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
*/
static void
Revert removal of signed, volatile, and signal handler arg type tests.
2000-08-29 11:36:51 +02:00
pmdie(SIGNAL_ARGS)
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
{
Ensure that 'errno' is saved and restored by all signal handlers that might change it. Experimentation shows that the signal handler call mechanism does not save/restore errno for you, at least not on Linux or HPUX, so this is definitely a real risk.
2000-12-18 18:33:42 +01:00
int save_errno = errno;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
PG_SETMASK(&BlockSig);
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(DEBUG1, "pmdie %d", postgres_signal_arg);
From: Massimo Dal Zotto <dz@cs.unitn.it> > tprintf.patch > > tprintf.patch > > adds functions and macros which implement a conditional trace package > with the ability to change flags and numeric options of running > backends at runtime. > Options/flags can be specified in the command line and/or read from > the file pg_options in the data directory.
1998-08-25 23:34:10 +02:00
Revert removal of signed, volatile, and signal handler arg type tests.
2000-08-29 11:36:51 +02:00
switch (postgres_signal_arg)
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
{
From: Massimo Dal Zotto <dz@cs.unitn.it> > tprintf.patch > > tprintf.patch > > adds functions and macros which implement a conditional trace package > with the ability to change flags and numeric options of running > backends at runtime. > Options/flags can be specified in the command line and/or read from > the file pg_options in the data directory.
1998-08-25 23:34:10 +02:00
case SIGTERM:
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
/*
* Smart Shutdown:
*
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
* Wait for children to end their work and ShutdownDataBase.
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
*/
if (Shutdown >= SmartShutdown)
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
break;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
Shutdown = SmartShutdown;
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(LOG, "smart shutdown request");
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
if (DLGetHead(BackendList)) /* let reaper() handle this */
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
break;
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
/*
* No children left. Shutdown data base system.
*/
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
if (StartupPID > 0 || FatalError) /* let reaper() handle
* this */
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
break;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
if (ShutdownPID > 0)
Under new theory of operation wherein postmaster forks children immediately, we will fork a child even if the database state does not permit connections to be accepted (eg, we are in recovery mode). The child process will correctly reject the connection and exit as soon as it's finished collecting the connection request message. However, this means that reaper() must be prepared to see child process exit signals even while it's waiting for startup or shutdown process to finish. As was, a connection request arriving during a database recovery or shutdown would cause postmaster abort.
2001-07-01 02:06:23 +02:00
{
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(PANIC, "shutdown process %d already running",
Add casts to suppress gcc warnings on Solaris (where apparently pid_t is different from int).
2002-02-19 21:45:04 +01:00
(int) ShutdownPID);
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
abort();
Under new theory of operation wherein postmaster forks children immediately, we will fork a child even if the database state does not permit connections to be accepted (eg, we are in recovery mode). The child process will correctly reject the connection and exit as soon as it's finished collecting the connection request message. However, this means that reaper() must be prepared to see child process exit signals even while it's waiting for startup or shutdown process to finish. As was, a connection request arriving during a database recovery or shutdown would cause postmaster abort.
2001-07-01 02:06:23 +02:00
}
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
ShutdownPID = ShutdownDataBase();
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
break;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
case SIGINT:
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
/*
* Fast Shutdown:
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
*
* abort all children with SIGTERM (rollback active transactions
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
* and exit) and ShutdownDataBase when they are gone.
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
*/
if (Shutdown >= FastShutdown)
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
break;
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(LOG, "fast shutdown request");
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
if (DLGetHead(BackendList)) /* let reaper() handle this */
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
{
Small cleanup.
1999-10-07 00:44:25 +02:00
Shutdown = FastShutdown;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
if (!FatalError)
More startup/shutdown log messages.
1999-10-08 04:16:22 +02:00
{
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(LOG, "aborting any active transactions");
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
SignalChildren(SIGTERM);
More startup/shutdown log messages.
1999-10-08 04:16:22 +02:00
}
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
break;
From: Massimo Dal Zotto <dz@cs.unitn.it> > tprintf.patch > > tprintf.patch > > adds functions and macros which implement a conditional trace package > with the ability to change flags and numeric options of running > backends at runtime. > Options/flags can be specified in the command line and/or read from > the file pg_options in the data directory.
1998-08-25 23:34:10 +02:00
}
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
if (Shutdown > NoShutdown)
Small cleanup.
1999-10-07 00:44:25 +02:00
{
Shutdown = FastShutdown;
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
break;
Small cleanup.
1999-10-07 00:44:25 +02:00
}
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
Shutdown = FastShutdown;
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
/*
* No children left. Shutdown data base system.
*/
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
if (StartupPID > 0 || FatalError) /* let reaper() handle
* this */
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
break;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
if (ShutdownPID > 0)
Under new theory of operation wherein postmaster forks children immediately, we will fork a child even if the database state does not permit connections to be accepted (eg, we are in recovery mode). The child process will correctly reject the connection and exit as soon as it's finished collecting the connection request message. However, this means that reaper() must be prepared to see child process exit signals even while it's waiting for startup or shutdown process to finish. As was, a connection request arriving during a database recovery or shutdown would cause postmaster abort.
2001-07-01 02:06:23 +02:00
{
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(PANIC, "shutdown process %d already running",
Add casts to suppress gcc warnings on Solaris (where apparently pid_t is different from int).
2002-02-19 21:45:04 +01:00
(int) ShutdownPID);
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
abort();
Under new theory of operation wherein postmaster forks children immediately, we will fork a child even if the database state does not permit connections to be accepted (eg, we are in recovery mode). The child process will correctly reject the connection and exit as soon as it's finished collecting the connection request message. However, this means that reaper() must be prepared to see child process exit signals even while it's waiting for startup or shutdown process to finish. As was, a connection request arriving during a database recovery or shutdown would cause postmaster abort.
2001-07-01 02:06:23 +02:00
}
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
Small cleanup.
1999-10-07 00:44:25 +02:00
ShutdownPID = ShutdownDataBase();
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
break;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
case SIGQUIT:
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
/*
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
* Immediate Shutdown:
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
*
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
* abort all children with SIGQUIT and exit without attempt to
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
* properly shutdown data base system.
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
*/
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(LOG, "immediate shutdown request");
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
if (ShutdownPID > 0)
kill(ShutdownPID, SIGQUIT);
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
if (StartupPID > 0)
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
kill(StartupPID, SIGQUIT);
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
if (DLGetHead(BackendList))
SignalChildren(SIGQUIT);
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
ExitPostmaster(0);
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
break;
From: Massimo Dal Zotto <dz@cs.unitn.it> > tprintf.patch > > tprintf.patch > > adds functions and macros which implement a conditional trace package > with the ability to change flags and numeric options of running > backends at runtime. > Options/flags can be specified in the command line and/or read from > the file pg_options in the data directory.
1998-08-25 23:34:10 +02:00
}
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
PG_SETMASK(&UnBlockSig);
errno = save_errno;
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
}
/*
* Reaper -- signal handler to cleanup after a backend (child) dies.
*/
static void
Revert removal of signed, volatile, and signal handler arg type tests.
2000-08-29 11:36:51 +02:00
reaper(SIGNAL_ARGS)
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
{
Ensure that 'errno' is saved and restored by all signal handlers that might change it. Experimentation shows that the signal handler call mechanism does not save/restore errno for you, at least not on Linux or HPUX, so this is definitely a real risk.
2000-12-18 18:33:42 +01:00
int save_errno = errno;
New pgindent run with fixes suggested by Tom. Patch manually reviewed, initdb/regression tests pass.
2001-11-05 18:46:40 +01:00
Various patches for nextstep by GregorHoffleit Replaced NEED_STRDUP by !HAVE_STRDUP
1997-02-13 09:32:20 +01:00
#ifdef HAVE_WAITPID
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
int status; /* backend exit status */
New pgindent run with fixes suggested by Tom. Patch manually reviewed, initdb/regression tests pass.
2001-11-05 18:46:40 +01:00
Various patches for nextstep by GregorHoffleit Replaced NEED_STRDUP by !HAVE_STRDUP
1997-02-13 09:32:20 +01:00
#else
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
union wait status; /* backend exit status */
Various patches for nextstep by GregorHoffleit Replaced NEED_STRDUP by !HAVE_STRDUP
1997-02-13 09:32:20 +01:00
#endif
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
int exitstatus;
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
int pid; /* process id of dead backend */
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
PG_SETMASK(&BlockSig);
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
elog(DEBUG3, "reaping dead processes");
Various patches for nextstep by GregorHoffleit Replaced NEED_STRDUP by !HAVE_STRDUP
1997-02-13 09:32:20 +01:00
#ifdef HAVE_WAITPID
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
{
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
exitstatus = status;
Various patches for nextstep by GregorHoffleit Replaced NEED_STRDUP by !HAVE_STRDUP
1997-02-13 09:32:20 +01:00
#else
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
while ((pid = wait3(&status, WNOHANG, NULL)) > 0)
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
{
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
exitstatus = status.w_status;
Various patches for nextstep by GregorHoffleit Replaced NEED_STRDUP by !HAVE_STRDUP
1997-02-13 09:32:20 +01:00
#endif
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
Statistical system views (yet without the config stuff, but it's hard to keep such massive changes in sync with the tree so I need to get it in and work from there now). Jan
2001-06-22 21:16:24 +02:00
/*
Tweak stats collector start logic so that we will not try to spawn a new stats collector oftener than once a minute. Per gripe from Erik Walthinsen 4/25/03.
2003-04-26 04:57:14 +02:00
* Check if this child was the statistics collector. If so,
* try to start a new one. (If fail, we'll try again in
* future cycles of the main loop.)
Statistical system views (yet without the config stuff, but it's hard to keep such massive changes in sync with the tree so I need to get it in and work from there now). Jan
2001-06-22 21:16:24 +02:00
*/
if (pgstat_ispgstat(pid))
{
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
LogChildExit(LOG, gettext("statistics collector process"),
Restructure child-exit logging messages for easier translation, per suggestion from Peter.
2001-11-11 00:06:12 +01:00
pid, exitstatus);
Fix getopt-vs-init_ps_display problem by copying original argv[] info, per suggestion from Peter. Simplify several APIs by transmitting the original argv location directly from main.c to ps_status.c, instead of passing it down through several levels of subroutines.
2001-10-21 05:25:36 +02:00
pgstat_start();
Statistical system views (yet without the config stuff, but it's hard to keep such massive changes in sync with the tree so I need to get it in and work from there now). Jan
2001-06-22 21:16:24 +02:00
continue;
}
Clean up formatting of child process exit-status reports so that they are correct, consistent, and complete ... motivated by gripe from Oliver Elphick, but I see someone had already made an incomplete stab at this.
2001-11-06 19:02:48 +01:00
/*
* Check if this child was a shutdown or startup process.
*/
Under new theory of operation wherein postmaster forks children immediately, we will fork a child even if the database state does not permit connections to be accepted (eg, we are in recovery mode). The child process will correctly reject the connection and exit as soon as it's finished collecting the connection request message. However, this means that reaper() must be prepared to see child process exit signals even while it's waiting for startup or shutdown process to finish. As was, a connection request arriving during a database recovery or shutdown would cause postmaster abort.
2001-07-01 02:06:23 +02:00
if (ShutdownPID > 0 && pid == ShutdownPID)
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
{
Clean up formatting of child process exit-status reports so that they are correct, consistent, and complete ... motivated by gripe from Oliver Elphick, but I see someone had already made an incomplete stab at this.
2001-11-06 19:02:48 +01:00
if (exitstatus != 0)
More startup/shutdown log messages.
1999-10-08 04:16:22 +02:00
{
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
LogChildExit(LOG, gettext("shutdown process"),
Restructure child-exit logging messages for easier translation, per suggestion from Peter.
2001-11-11 00:06:12 +01:00
pid, exitstatus);
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
ExitPostmaster(1);
More startup/shutdown log messages.
1999-10-08 04:16:22 +02:00
}
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
ExitPostmaster(0);
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
}
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
Under new theory of operation wherein postmaster forks children immediately, we will fork a child even if the database state does not permit connections to be accepted (eg, we are in recovery mode). The child process will correctly reject the connection and exit as soon as it's finished collecting the connection request message. However, this means that reaper() must be prepared to see child process exit signals even while it's waiting for startup or shutdown process to finish. As was, a connection request arriving during a database recovery or shutdown would cause postmaster abort.
2001-07-01 02:06:23 +02:00
if (StartupPID > 0 && pid == StartupPID)
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
{
Clean up formatting of child process exit-status reports so that they are correct, consistent, and complete ... motivated by gripe from Oliver Elphick, but I see someone had already made an incomplete stab at this.
2001-11-06 19:02:48 +01:00
if (exitstatus != 0)
More startup/shutdown log messages.
1999-10-08 04:16:22 +02:00
{
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
LogChildExit(LOG, gettext("startup process"),
Restructure child-exit logging messages for easier translation, per suggestion from Peter.
2001-11-11 00:06:12 +01:00
pid, exitstatus);
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(LOG, "aborting startup due to startup process failure");
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
ExitPostmaster(1);
More startup/shutdown log messages.
1999-10-08 04:16:22 +02:00
}
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
StartupPID = 0;
If a shutdown request comes in while we're still starting up, don't service it until after we execute SetThisStartUpID(). Else shutdown process will write the wrong SUI into the shutdown checkpoint, which seems likely to be trouble --- although I've not quite figured out how significant it really is.
2003-02-23 05:48:19 +01:00
/*
* Startup succeeded - remember its ID and RedoRecPtr.
*
* NB: this MUST happen before we fork a checkpoint or shutdown
* subprocess, else they will have wrong local ThisStartUpId.
*/
SetThisStartUpID();
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
FatalError = false; /* done with recovery */
If a shutdown request comes in while we're still starting up, don't service it until after we execute SetThisStartUpID(). Else shutdown process will write the wrong SUI into the shutdown checkpoint, which seems likely to be trouble --- although I've not quite figured out how significant it really is.
2003-02-23 05:48:19 +01:00
/*
* Arrange for first checkpoint to occur after standard delay.
*/
CheckPointPID = 0;
checkpointed = time(NULL);
/*
* Go to shutdown mode if a shutdown request was pending.
*/
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
if (Shutdown > NoShutdown)
{
if (ShutdownPID > 0)
Under new theory of operation wherein postmaster forks children immediately, we will fork a child even if the database state does not permit connections to be accepted (eg, we are in recovery mode). The child process will correctly reject the connection and exit as soon as it's finished collecting the connection request message. However, this means that reaper() must be prepared to see child process exit signals even while it's waiting for startup or shutdown process to finish. As was, a connection request arriving during a database recovery or shutdown would cause postmaster abort.
2001-07-01 02:06:23 +02:00
{
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(PANIC, "startup process %d died while shutdown process %d already running",
Add casts to suppress gcc warnings on Solaris (where apparently pid_t is different from int).
2002-02-19 21:45:04 +01:00
pid, (int) ShutdownPID);
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
abort();
Under new theory of operation wherein postmaster forks children immediately, we will fork a child even if the database state does not permit connections to be accepted (eg, we are in recovery mode). The child process will correctly reject the connection and exit as soon as it's finished collecting the connection request message. However, this means that reaper() must be prepared to see child process exit signals even while it's waiting for startup or shutdown process to finish. As was, a connection request arriving during a database recovery or shutdown would cause postmaster abort.
2001-07-01 02:06:23 +02:00
}
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
ShutdownPID = ShutdownDataBase();
}
WAL
2000-10-21 17:43:36 +02:00
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
goto reaper_done;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
}
Statistical system views (yet without the config stuff, but it's hard to keep such massive changes in sync with the tree so I need to get it in and work from there now). Jan
2001-06-22 21:16:24 +02:00
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
CleanupProc(pid, exitstatus);
}
if (FatalError)
{
/*
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
* Wait for all children exit, then reset shmem and
* StartupDataBase.
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
*/
Prevent freshly-started backend from ignoring SIGUSR1, per race condition observed by Inoue. Also, don't call ProcRemove() from postmaster if we have detected a backend crash --- too risky if shared memory is corrupted. It's not needed anyway, considering we are going to reinitialize shared memory and semaphores as soon as the last child is dead.
2000-12-20 22:51:52 +01:00
if (DLGetHead(BackendList) || StartupPID > 0 || ShutdownPID > 0)
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
goto reaper_done;
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(LOG, "all server processes terminated; reinitializing shared memory and semaphores");
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
shmem_exit(0);
Rename PortName to PortNumber.
2000-11-14 02:15:06 +01:00
reset_shared(PostPortNumber);
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
StartupPID = StartupDataBase();
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
goto reaper_done;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
}
if (Shutdown > NoShutdown)
{
if (DLGetHead(BackendList))
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
goto reaper_done;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
if (StartupPID > 0 || ShutdownPID > 0)
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
goto reaper_done;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
ShutdownPID = ShutdownDataBase();
}
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
reaper_done:
PG_SETMASK(&UnBlockSig);
Ensure that 'errno' is saved and restored by all signal handlers that might change it. Experimentation shows that the signal handler call mechanism does not save/restore errno for you, at least not on Linux or HPUX, so this is definitely a real risk.
2000-12-18 18:33:42 +01:00
errno = save_errno;
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
}
/*
* CleanupProc -- cleanup after terminated backend.
*
* Remove all local state associated with backend.
*/
static void
CleanupProc(int pid,
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
int exitstatus) /* child's exit status. */
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
{
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
Dlelem *curr,
*next;
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
Backend *bp;
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
LogChildExit(DEBUG1, gettext("child process"), pid, exitstatus);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
/*
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
* If a backend dies in an ugly way (i.e. exit status not 0) then we
* must signal all other backends to quickdie. If exit status is zero
* we assume everything is hunky dory and simply remove the backend
* from the active backend list.
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
*/
Prevent freshly-started backend from ignoring SIGUSR1, per race condition observed by Inoue. Also, don't call ProcRemove() from postmaster if we have detected a backend crash --- too risky if shared memory is corrupted. It's not needed anyway, considering we are going to reinitialize shared memory and semaphores as soon as the last child is dead.
2000-12-20 22:51:52 +01:00
if (exitstatus == 0)
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
{
curr = DLGetHead(BackendList);
while (curr)
{
bp = (Backend *) DLE_VAL(curr);
if (bp->pid == pid)
{
DLRemove(curr);
free(bp);
DLFreeElem(curr);
break;
}
curr = DLGetSucc(curr);
}
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
if (pid == CheckPointPID)
{
CheckPointPID = 0;
Prevent freshly-started backend from ignoring SIGUSR1, per race condition observed by Inoue. Also, don't call ProcRemove() from postmaster if we have detected a backend crash --- too risky if shared memory is corrupted. It's not needed anyway, considering we are going to reinitialize shared memory and semaphores as soon as the last child is dead.
2000-12-20 22:51:52 +01:00
if (!FatalError)
New WAL version - CRC and data blocks backup.
2000-12-28 14:00:29 +01:00
{
Prevent freshly-started backend from ignoring SIGUSR1, per race condition observed by Inoue. Also, don't call ProcRemove() from postmaster if we have detected a backend crash --- too risky if shared memory is corrupted. It's not needed anyway, considering we are going to reinitialize shared memory and semaphores as soon as the last child is dead.
2000-12-20 22:51:52 +01:00
checkpointed = time(NULL);
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
/* Update RedoRecPtr for future child backends */
Repair two problems with WAL logging of sequence nextvalI() ops, as per recent pghackers discussion: force a new WAL record at first nextval after a checkpoint, and ensure that xlog is flushed to disk if a nextval record is the only thing emitted by a transaction.
2002-03-15 20:20:36 +01:00
GetSavedRedoRecPtr();
New WAL version - CRC and data blocks backup.
2000-12-28 14:00:29 +01:00
}
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
}
Statistical system views (yet without the config stuff, but it's hard to keep such massive changes in sync with the tree so I need to get it in and work from there now). Jan
2001-06-22 21:16:24 +02:00
else
pgstat_beterm(pid);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
return;
}
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
/* below here we're dealing with a non-normal exit */
/* Make log entry unless we did so already */
More startup/shutdown log messages.
1999-10-08 04:16:22 +02:00
if (!FatalError)
{
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
LogChildExit(LOG, gettext("server process"), pid, exitstatus);
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(LOG, "terminating any other active server processes");
More startup/shutdown log messages.
1999-10-08 04:16:22 +02:00
}
Prevent freshly-started backend from ignoring SIGUSR1, per race condition observed by Inoue. Also, don't call ProcRemove() from postmaster if we have detected a backend crash --- too risky if shared memory is corrupted. It's not needed anyway, considering we are going to reinitialize shared memory and semaphores as soon as the last child is dead.
2000-12-20 22:51:52 +01:00
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
curr = DLGetHead(BackendList);
while (curr)
{
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
next = DLGetSucc(curr);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
bp = (Backend *) DLE_VAL(curr);
if (bp->pid != pid)
{
Prevent freshly-started backend from ignoring SIGUSR1, per race condition observed by Inoue. Also, don't call ProcRemove() from postmaster if we have detected a backend crash --- too risky if shared memory is corrupted. It's not needed anyway, considering we are going to reinitialize shared memory and semaphores as soon as the last child is dead.
2000-12-20 22:51:52 +01:00
/*
* This backend is still alive. Unless we did so already,
* tell it to commit hara-kiri.
*
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
* SIGQUIT is the special signal that says exit without proc_exit
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
* and let the user know what's going on. But if SendStop is
* set (-s on command line), then we send SIGSTOP instead, so
* that we can get core dumps from all backends by hand.
Prevent freshly-started backend from ignoring SIGUSR1, per race condition observed by Inoue. Also, don't call ProcRemove() from postmaster if we have detected a backend crash --- too risky if shared memory is corrupted. It's not needed anyway, considering we are going to reinitialize shared memory and semaphores as soon as the last child is dead.
2000-12-20 22:51:52 +01:00
*/
if (!FatalError)
{
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(DEBUG1, "CleanupProc: sending %s to process %d",
(SendStop ? "SIGSTOP" : "SIGQUIT"), (int) bp->pid);
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
kill(bp->pid, (SendStop ? SIGSTOP : SIGQUIT));
Prevent freshly-started backend from ignoring SIGUSR1, per race condition observed by Inoue. Also, don't call ProcRemove() from postmaster if we have detected a backend crash --- too risky if shared memory is corrupted. It's not needed anyway, considering we are going to reinitialize shared memory and semaphores as soon as the last child is dead.
2000-12-20 22:51:52 +01:00
}
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
}
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
else
{
/*
Prevent freshly-started backend from ignoring SIGUSR1, per race condition observed by Inoue. Also, don't call ProcRemove() from postmaster if we have detected a backend crash --- too risky if shared memory is corrupted. It's not needed anyway, considering we are going to reinitialize shared memory and semaphores as soon as the last child is dead.
2000-12-20 22:51:52 +01:00
* Found entry for freshly-dead backend, so remove it.
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
*/
DLRemove(curr);
free(bp);
DLFreeElem(curr);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
}
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
curr = next;
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
}
Prevent freshly-started backend from ignoring SIGUSR1, per race condition observed by Inoue. Also, don't call ProcRemove() from postmaster if we have detected a backend crash --- too risky if shared memory is corrupted. It's not needed anyway, considering we are going to reinitialize shared memory and semaphores as soon as the last child is dead.
2000-12-20 22:51:52 +01:00
if (pid == CheckPointPID)
{
CheckPointPID = 0;
checkpointed = 0;
}
Statistical system views (yet without the config stuff, but it's hard to keep such massive changes in sync with the tree so I need to get it in and work from there now). Jan
2001-06-22 21:16:24 +02:00
else
{
/*
* Tell the collector about backend termination
*/
pgstat_beterm(pid);
}
Prevent freshly-started backend from ignoring SIGUSR1, per race condition observed by Inoue. Also, don't call ProcRemove() from postmaster if we have detected a backend crash --- too risky if shared memory is corrupted. It's not needed anyway, considering we are going to reinitialize shared memory and semaphores as soon as the last child is dead.
2000-12-20 22:51:52 +01:00
FatalError = true;
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
}
Clean up formatting of child process exit-status reports so that they are correct, consistent, and complete ... motivated by gripe from Oliver Elphick, but I see someone had already made an incomplete stab at this.
2001-11-06 19:02:48 +01:00
/*
Restructure child-exit logging messages for easier translation, per suggestion from Peter.
2001-11-11 00:06:12 +01:00
* Log the death of a child process.
Clean up formatting of child process exit-status reports so that they are correct, consistent, and complete ... motivated by gripe from Oliver Elphick, but I see someone had already made an incomplete stab at this.
2001-11-06 19:02:48 +01:00
*/
Restructure child-exit logging messages for easier translation, per suggestion from Peter.
2001-11-11 00:06:12 +01:00
static void
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
LogChildExit(int lev, const char *procname, int pid, int exitstatus)
Clean up formatting of child process exit-status reports so that they are correct, consistent, and complete ... motivated by gripe from Oliver Elphick, but I see someone had already made an incomplete stab at this.
2001-11-06 19:02:48 +01:00
{
/*
Restructure child-exit logging messages for easier translation, per suggestion from Peter.
2001-11-11 00:06:12 +01:00
* translator: the first %s in these messages is a noun phrase
* describing a child process, such as "server process"
Clean up formatting of child process exit-status reports so that they are correct, consistent, and complete ... motivated by gripe from Oliver Elphick, but I see someone had already made an incomplete stab at this.
2001-11-06 19:02:48 +01:00
*/
if (WIFEXITED(exitstatus))
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
elog(lev, "%s (pid %d) exited with exit code %d",
Restructure child-exit logging messages for easier translation, per suggestion from Peter.
2001-11-11 00:06:12 +01:00
procname, pid, WEXITSTATUS(exitstatus));
Clean up formatting of child process exit-status reports so that they are correct, consistent, and complete ... motivated by gripe from Oliver Elphick, but I see someone had already made an incomplete stab at this.
2001-11-06 19:02:48 +01:00
else if (WIFSIGNALED(exitstatus))
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
elog(lev, "%s (pid %d) was terminated by signal %d",
Restructure child-exit logging messages for easier translation, per suggestion from Peter.
2001-11-11 00:06:12 +01:00
procname, pid, WTERMSIG(exitstatus));
Clean up formatting of child process exit-status reports so that they are correct, consistent, and complete ... motivated by gripe from Oliver Elphick, but I see someone had already made an incomplete stab at this.
2001-11-06 19:02:48 +01:00
else
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
elog(lev, "%s (pid %d) exited with unexpected status %d",
Restructure child-exit logging messages for easier translation, per suggestion from Peter.
2001-11-11 00:06:12 +01:00
procname, pid, exitstatus);
Clean up formatting of child process exit-status reports so that they are correct, consistent, and complete ... motivated by gripe from Oliver Elphick, but I see someone had already made an incomplete stab at this.
2001-11-06 19:02:48 +01:00
}
From: Massimo Dal Zotto <dz@cs.unitn.it> > tprintf.patch > > tprintf.patch > > adds functions and macros which implement a conditional trace package > with the ability to change flags and numeric options of running > backends at runtime. > Options/flags can be specified in the command line and/or read from > the file pg_options in the data directory.
1998-08-25 23:34:10 +02:00
/*
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
* Send a signal to all backend children.
From: Massimo Dal Zotto <dz@cs.unitn.it> > tprintf.patch > > tprintf.patch > > adds functions and macros which implement a conditional trace package > with the ability to change flags and numeric options of running > backends at runtime. > Options/flags can be specified in the command line and/or read from > the file pg_options in the data directory.
1998-08-25 23:34:10 +02:00
*/
static void
SignalChildren(int signal)
{
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
Dlelem *curr,
*next;
Backend *bp;
From: Massimo Dal Zotto <dz@cs.unitn.it> > tprintf.patch > > tprintf.patch > > adds functions and macros which implement a conditional trace package > with the ability to change flags and numeric options of running > backends at runtime. > Options/flags can be specified in the command line and/or read from > the file pg_options in the data directory.
1998-08-25 23:34:10 +02:00
curr = DLGetHead(BackendList);
while (curr)
{
next = DLGetSucc(curr);
bp = (Backend *) DLE_VAL(curr);
Arrange to call localtime() during postmaster startup. On most Unixen, the first call of localtime() in a process will read /usr/lib/tztab or local equivalent. Better to do this once in the postmaster and inherit the data by fork() than to have to do it during every backend start.
2002-02-19 20:53:35 +01:00
if (bp->pid != MyProcPid)
From: Massimo Dal Zotto <dz@cs.unitn.it> > tprintf.patch > > tprintf.patch > > adds functions and macros which implement a conditional trace package > with the ability to change flags and numeric options of running > backends at runtime. > Options/flags can be specified in the command line and/or read from > the file pg_options in the data directory.
1998-08-25 23:34:10 +02:00
{
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(DEBUG1, "SignalChildren: sending signal %d to process %d",
signal, (int) bp->pid);
From: Massimo Dal Zotto <dz@cs.unitn.it> > tprintf.patch > > tprintf.patch > > adds functions and macros which implement a conditional trace package > with the ability to change flags and numeric options of running > backends at runtime. > Options/flags can be specified in the command line and/or read from > the file pg_options in the data directory.
1998-08-25 23:34:10 +02:00
kill(bp->pid, signal);
}
curr = next;
}
}
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
/*
* BackendStartup -- start backend process
*
Add code to allow profiling of backends on Linux: save and restore the profiling timer setting across fork(). The correct way to build a profilable backend on Linux is now gmake PROFILE="-pg -DLINUX_PROFILE"
2002-03-02 21:46:12 +01:00
* returns: STATUS_ERROR if the fork failed, STATUS_OK otherwise.
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
*/
Make functions static where possible, enclose unused functions in #ifdef NOT_USED.
1997-08-19 23:40:56 +02:00
static int
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
BackendStartup(Port *port)
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
{
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
Backend *bn; /* for backend cleanup */
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
pid_t pid;
pgindent run.
2002-09-04 22:31:48 +02:00
Add code to allow profiling of backends on Linux: save and restore the profiling timer setting across fork(). The correct way to build a profilable backend on Linux is now gmake PROFILE="-pg -DLINUX_PROFILE"
2002-03-02 21:46:12 +01:00
#ifdef LINUX_PROFILE
struct itimerval prof_itimer;
#endif
From: "Denis V. Dmitrienko" <denis@null.net> What it does: It solves stupid problem with cyrillic charsets IP-based on-fly recoding. take a look at /data/charset.conf for details. You can use any tables for any charset. Tables are from Russian Apache project. Tables in this patch contains also Ukrainian characters. Then run ./configure --enable-recode
1998-02-24 16:27:04 +01:00
Attached is a patch that fixes these leaks, and does a couple other things as well: * Computes and saves a cancel key for each backend. * fflush before forking, to eliminate double-buffering problems between postmaster and backends. Other cleanups. Tom Lane
1998-06-09 06:06:12 +02:00
/*
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
* Compute the cancel key that will be assigned to this backend. The
* backend will have its own copy in the forked-off process' value of
* MyCancelKey, so that it can transmit the key to the frontend.
Attached is a patch that fixes these leaks, and does a couple other things as well: * Computes and saves a cancel key for each backend. * fflush before forking, to eliminate double-buffering problems between postmaster and backends. Other cleanups. Tom Lane
1998-06-09 06:06:12 +02:00
*/
MyCancelKey = PostmasterRandom();
Fix getopt-vs-init_ps_display problem by copying original argv[] info, per suggestion from Peter. Simplify several APIs by transmitting the original argv location directly from main.c to ps_status.c, instead of passing it down through several levels of subroutines.
2001-10-21 05:25:36 +02:00
/*
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
* Make room for backend data structure. Better before the fork() so
* we can handle failure cleanly.
Fix getopt-vs-init_ps_display problem by copying original argv[] info, per suggestion from Peter. Simplify several APIs by transmitting the original argv location directly from main.c to ps_status.c, instead of passing it down through several levels of subroutines.
2001-10-21 05:25:36 +02:00
*/
bn = (Backend *) malloc(sizeof(Backend));
if (!bn)
{
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(LOG, "out of memory; connection startup aborted");
Fix getopt-vs-init_ps_display problem by copying original argv[] info, per suggestion from Peter. Simplify several APIs by transmitting the original argv location directly from main.c to ps_status.c, instead of passing it down through several levels of subroutines.
2001-10-21 05:25:36 +02:00
return STATUS_ERROR;
}
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
/*
pgindent run over code.
1999-05-25 18:15:34 +02:00
* Flush stdio channels just before fork, to avoid double-output
* problems. Ideally we'd use fflush(NULL) here, but there are still a
* few non-ANSI stdio libraries out there (like SunOS 4.1.x) that
* coredump if we do. Presently stdout and stderr are the only stdio
* output channels used by the postmaster, so fflush'ing them should
* be sufficient.
Attached is a patch that fixes these leaks, and does a couple other things as well: * Computes and saves a cancel key for each backend. * fflush before forking, to eliminate double-buffering problems between postmaster and backends. Other cleanups. Tom Lane
1998-06-09 06:06:12 +02:00
*/
Portability fix for old SunOS releases: fflush(NULL) doesn't work there. Fortunately the postmaster only has stdout and stderr to flush.
1998-11-29 02:51:56 +01:00
fflush(stdout);
fflush(stderr);
Attached is a patch that fixes these leaks, and does a couple other things as well: * Computes and saves a cancel key for each backend. * fflush before forking, to eliminate double-buffering problems between postmaster and backends. Other cleanups. Tom Lane
1998-06-09 06:06:12 +02:00
Add code to allow profiling of backends on Linux: save and restore the profiling timer setting across fork(). The correct way to build a profilable backend on Linux is now gmake PROFILE="-pg -DLINUX_PROFILE"
2002-03-02 21:46:12 +01:00
#ifdef LINUX_PROFILE
pgindent run.
2002-09-04 22:31:48 +02:00
Add code to allow profiling of backends on Linux: save and restore the profiling timer setting across fork(). The correct way to build a profilable backend on Linux is now gmake PROFILE="-pg -DLINUX_PROFILE"
2002-03-02 21:46:12 +01:00
/*
pgindent run.
2002-09-04 22:31:48 +02:00
* Linux's fork() resets the profiling timer in the child process. If
* we want to profile child processes then we need to save and restore
* the timer setting. This is a waste of time if not profiling,
* however, so only do it if commanded by specific -DLINUX_PROFILE
* switch.
Add code to allow profiling of backends on Linux: save and restore the profiling timer setting across fork(). The correct way to build a profilable backend on Linux is now gmake PROFILE="-pg -DLINUX_PROFILE"
2002-03-02 21:46:12 +01:00
*/
getitimer(ITIMER_PROF, &prof_itimer);
#endif
beos fixes from Cyril VELTER
2000-10-28 20:27:57 +02:00
#ifdef __BEOS__
/* Specific beos actions before backend startup */
beos_before_backend_startup();
#endif
Keep track of the last active slot in the shared ProcState array, so that search loops only have to scan that far and not through all maxBackends entries. This eliminates a performance penalty for setting maxBackends much higher than the average number of active backends. Also, eliminate no-longer-used 'backend tag' concept. Remove setting of environment variables at backend start (except for CYR_RECODE), since none of them are being examined by the backend any longer.
2000-11-12 21:51:52 +01:00
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
pid = fork();
if (pid == 0) /* child */
SECOND ATTEMPT Dump/read non-default GUC values for use by exec'ed backend, for Win32.
2003-05-03 00:02:47 +02:00
BackendFork(port, bn); /* never returns */
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
/* in parent, error */
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
if (pid < 0)
{
If we fail to fork a new backend process, (try to) report the failure to the client before closing the connection. Before 7.2 this was done correctly, but new code would simply close the connection with no report to the client.
2002-01-06 22:40:02 +01:00
int save_errno = errno;
beos fixes from Cyril VELTER
2000-10-28 20:27:57 +02:00
#ifdef __BEOS__
Keep track of the last active slot in the shared ProcState array, so that search loops only have to scan that far and not through all maxBackends entries. This eliminates a performance penalty for setting maxBackends much higher than the average number of active backends. Also, eliminate no-longer-used 'backend tag' concept. Remove setting of environment variables at backend start (except for CYR_RECODE), since none of them are being examined by the backend any longer.
2000-11-12 21:51:52 +01:00
/* Specific beos backend startup actions */
beos fixes from Cyril VELTER
2000-10-28 20:27:57 +02:00
beos_backend_startup_failed();
#endif
If we fail to fork a new backend process, (try to) report the failure to the client before closing the connection. Before 7.2 this was done correctly, but new code would simply close the connection with no report to the client.
2002-01-06 22:40:02 +01:00
free(bn);
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(LOG, "connection startup failed (fork failure): %s",
If we fail to fork a new backend process, (try to) report the failure to the client before closing the connection. Before 7.2 this was done correctly, but new code would simply close the connection with no report to the client.
2002-01-06 22:40:02 +01:00
strerror(save_errno));
report_fork_failure_to_client(port, save_errno);
Renaming cleanup, no pgindent yet.
1998-09-01 05:29:17 +02:00
return STATUS_ERROR;
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
}
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
/* in parent, normal */
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(DEBUG1, "BackendStartup: forked pid=%d socket=%d", (int) pid,
pgindent run.
2002-09-04 22:31:48 +02:00
port->sock);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
/*
* Everything's been successful, it's safe to add this backend to our
* list of backends.
*/
bn->pid = pid;
Attached is a patch that fixes these leaks, and does a couple other things as well: * Computes and saves a cancel key for each backend. * fflush before forking, to eliminate double-buffering problems between postmaster and backends. Other cleanups. Tom Lane
1998-06-09 06:06:12 +02:00
bn->cancel_key = MyCancelKey;
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
DLAddHead(BackendList, DLNewElem(bn));
Renaming cleanup, no pgindent yet.
1998-09-01 05:29:17 +02:00
return STATUS_OK;
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
}
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
SECOND ATTEMPT Dump/read non-default GUC values for use by exec'ed backend, for Win32.
2003-05-03 00:02:47 +02:00
static void
BackendFork(Port *port, Backend *bn)
{
int status;
#ifdef LINUX_PROFILE
setitimer(ITIMER_PROF, &prof_itimer, NULL);
#endif
#ifdef __BEOS__
/* Specific beos backend startup actions */
beos_backend_startup();
#endif
free(bn);
status = BackendFinalize(port);
if (status != 0)
{
elog(LOG, "connection startup failed");
proc_exit(status);
}
else
proc_exit(0);
}
If we fail to fork a new backend process, (try to) report the failure to the client before closing the connection. Before 7.2 this was done correctly, but new code would simply close the connection with no report to the client.
2002-01-06 22:40:02 +01:00
/*
* Try to report backend fork() failure to client before we close the
pgindent run.
2002-09-04 22:31:48 +02:00
* connection. Since we do not care to risk blocking the postmaster on
If we fail to fork a new backend process, (try to) report the failure to the client before closing the connection. Before 7.2 this was done correctly, but new code would simply close the connection with no report to the client.
2002-01-06 22:40:02 +01:00
* this connection, we set the connection to non-blocking and try only once.
*
* This is grungy special-purpose code; we cannot use backend libpq since
* it's not up and running.
*/
static void
report_fork_failure_to_client(Port *port, int errnum)
{
char buffer[1000];
pgindent run.
2002-09-04 22:31:48 +02:00
If we fail to fork a new backend process, (try to) report the failure to the client before closing the connection. Before 7.2 this was done correctly, but new code would simply close the connection with no report to the client.
2002-01-06 22:40:02 +01:00
#ifdef __BEOS__
int on = 1;
#endif
/* Format the error message packet */
snprintf(buffer, sizeof(buffer), "E%s%s\n",
gettext("Server process fork() failed: "),
strerror(errnum));
/* Set port to non-blocking. Don't do send() if this fails */
#ifdef __BEOS__
if (ioctl(port->sock, FIONBIO, &on) != 0)
return;
#else
if (fcntl(port->sock, F_SETFL, O_NONBLOCK) < 0)
return;
#endif
pgindent run.
2002-09-04 22:31:48 +02:00
send(port->sock, buffer, strlen(buffer) + 1, 0);
If we fail to fork a new backend process, (try to) report the failure to the client before closing the connection. Before 7.2 this was done correctly, but new code would simply close the connection with no report to the client.
2002-01-06 22:40:02 +01:00
}
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
/*
Modify backend switch parsing to prevent 'insecure' switches from being accepted when they are passed from client connection request. Get rid of a couple that no longer do anything (like -P).
1999-05-22 19:47:54 +02:00
* split_opts -- split a string of options and append it to an argv array
*
* NB: the string is destructively modified!
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
*
* Since no current POSTGRES arguments require any quoting characters,
* we can use the simple-minded tactic of assuming each set of space-
* delimited characters is a separate argv element.
*
* If you don't like that, well, we *used* to pass the whole option string
* as ONE argument to execl(), which was even less intelligent...
*/
All external function definitions now have prototypes that are checked.
1996-11-10 04:06:38 +01:00
static void
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
split_opts(char **argv, int *argcp, char *s)
{
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
while (s && *s)
{
Ensure that all uses of <ctype.h> functions are applied to unsigned-char values, whether the local char type is signed or not. This is necessary for portability. Per discussion on pghackers around 9/16/00.
2000-12-03 21:45:40 +01:00
while (isspace((unsigned char) *s))
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
++s;
Modify backend switch parsing to prevent 'insecure' switches from being accepted when they are passed from client connection request. Get rid of a couple that no longer do anything (like -P).
1999-05-22 19:47:54 +02:00
if (*s == '\0')
break;
Cleanup -is flag to -l for SSL. Another PERL variable name fix. Clean up debugging options for postmaster and postgres programs. postmaster -d is no longer optional. Documentation updates.
1999-10-08 06:28:57 +02:00
argv[(*argcp)++] = s;
Ensure that all uses of <ctype.h> functions are applied to unsigned-char values, whether the local char type is signed or not. This is necessary for portability. Per discussion on pghackers around 9/16/00.
2000-12-03 21:45:40 +01:00
while (*s && !isspace((unsigned char) *s))
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
++s;
Modify backend switch parsing to prevent 'insecure' switches from being accepted when they are passed from client connection request. Get rid of a couple that no longer do anything (like -P).
1999-05-22 19:47:54 +02:00
if (*s)
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
*s++ = '\0';
}
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
}
/*
SECOND ATTEMPT Dump/read non-default GUC values for use by exec'ed backend, for Win32.
2003-05-03 00:02:47 +02:00
* BackendFinalize -- perform authentication, and if successful, set up the
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
* backend's argument list and invoke backend main().
Modify backend switch parsing to prevent 'insecure' switches from being accepted when they are passed from client connection request. Get rid of a couple that no longer do anything (like -P).
1999-05-22 19:47:54 +02:00
*
* This used to perform an execv() but we no longer exec the backend;
* it's the same executable as the postmaster.
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
*
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
* returns:
* Shouldn't return at all.
Modify backend switch parsing to prevent 'insecure' switches from being accepted when they are passed from client connection request. Get rid of a couple that no longer do anything (like -P).
1999-05-22 19:47:54 +02:00
* If PostgresMain() fails, return status.
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
*/
static int
SECOND ATTEMPT Dump/read non-default GUC values for use by exec'ed backend, for Win32.
2003-05-03 00:02:47 +02:00
BackendFinalize(Port *port)
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
{
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
char *remote_host;
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
char **av;
int maxac;
int ac;
char debugbuf[32];
char protobuf[32];
Pass shared memory id and socket descriptor number on command line for fork/exec.
2003-05-07 01:34:56 +02:00
#ifdef EXEC_BACKEND
char pbuf[NAMEDATALEN + 256];
#endif
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting.
1997-09-08 04:41:22 +02:00
int i;
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
int status;
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
struct timeval now;
struct timezone tz;
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
Remove fork()/exec() and only do fork(). Small cleanups.
1998-05-29 19:00:34 +02:00
/*
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
* Let's clean up ourselves as the postmaster child
Remove fork()/exec() and only do fork(). Small cleanups.
1998-05-29 19:00:34 +02:00
*/
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
ISTM that IsUnderPostmaster should mean we are a child process of the postmaster ... it should not be set in the postmaster itself.
2001-09-30 22:08:18 +02:00
IsUnderPostmaster = true; /* we are a postmaster subprocess now */
pgindent run.
2002-09-04 22:31:48 +02:00
ClientAuthInProgress = true; /* limit visibility of log messages */
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
Fix for removal of temp tables if last transaction was aborted.
1999-07-02 20:09:28 +02:00
/* We don't want the postmaster's proc_exit() handlers */
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
on_exit_reset();
Remove fork()/exec() and only do fork(). Small cleanups.
1998-05-29 19:00:34 +02:00
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
/*
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
* Signal handlers setting is moved to tcop/postgres...
Remove fork()/exec() and only do fork(). Small cleanups.
1998-05-29 19:00:34 +02:00
*/
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
/* Close the postmaster's other sockets */
Endeavor to make pgstats buffer process (a) safe and (b) useful. Make sure it exits immediately when collector process dies --- in old code, buffer process would hang around and compete with the new buffer process for packets. Make sure it doesn't block on writing the pipe when the collector falls more than a pipeload behind. Avoid leaking pgstats FDs into every backend.
2001-08-05 04:06:50 +02:00
ClosePostmasterPorts(true);
A bit of code beautification/cleanup of obsolete comments. Rethink ordering of startup operations in one or two places.
2001-06-21 18:43:24 +02:00
Modify backend switch parsing to prevent 'insecure' switches from being accepted when they are passed from client connection request. Get rid of a couple that no longer do anything (like -P).
1999-05-22 19:47:54 +02:00
/* Save port etc. for ps status */
From: Massimo Dal Zotto <dz@cs.unitn.it> > tprintf.patch > > tprintf.patch > > adds functions and macros which implement a conditional trace package > with the ability to change flags and numeric options of running > backends at runtime. > Options/flags can be specified in the command line and/or read from > the file pg_options in the data directory.
1998-08-25 23:34:10 +02:00
MyProcPort = port;
First phase of memory management rewrite (see backend/utils/mmgr/README for details). It doesn't really do that much yet, since there are no short-term memory contexts in the executor, but the infrastructure is in place and long-term contexts are handled reasonably. A few long- standing bugs have been fixed, such as 'VACUUM; anything' in a single query string crashing. Also, out-of-memory is now considered a recoverable ERROR, not FATAL. Eliminate a large amount of crufty, now-dead code in and around memory management. Fix problem with holding off SIGTRAP, SIGSEGV, etc in postmaster and backend startup.
2000-06-28 05:33:33 +02:00
/* Reset MyProcPid to new backend's pid */
Modify backend switch parsing to prevent 'insecure' switches from being accepted when they are passed from client connection request. Get rid of a couple that no longer do anything (like -P).
1999-05-22 19:47:54 +02:00
MyProcPid = getpid();
Add an overall timeout on the client authentication cycle, so that a hung client or lost connection can't indefinitely block a postmaster child (not to mention the possibility of deliberate DoS attacks). Timeout is controlled by new authentication_timeout GUC variable, which I set to 60 seconds by default ... does that seem reasonable?
2001-09-21 19:06:12 +02:00
/*
* Initialize libpq and enable reporting of elog errors to the client.
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
* Must do this now because authentication uses libpq to send
* messages.
Add an overall timeout on the client authentication cycle, so that a hung client or lost connection can't indefinitely block a postmaster child (not to mention the possibility of deliberate DoS attacks). Timeout is controlled by new authentication_timeout GUC variable, which I set to 60 seconds by default ... does that seem reasonable?
2001-09-21 19:06:12 +02:00
*/
pq_init(); /* initialize libpq to talk to client */
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
whereToSendOutput = Remote; /* now safe to elog to client */
Add an overall timeout on the client authentication cycle, so that a hung client or lost connection can't indefinitely block a postmaster child (not to mention the possibility of deliberate DoS attacks). Timeout is controlled by new authentication_timeout GUC variable, which I set to 60 seconds by default ... does that seem reasonable?
2001-09-21 19:06:12 +02:00
Enable SIGTERM and SIGQUIT during client authentication so the postmaster can kill the forked off processes when shutdown is requested. Jan
2001-09-07 18:12:49 +02:00
/*
* We arrange for a simple exit(0) if we receive SIGTERM or SIGQUIT
* during any client authentication related communication. Otherwise
* the postmaster cannot shutdown the database FAST or IMMED cleanly
Rearrange LOG_CONNECTIONS code so that two log messages are made: one immediately upon forking to handle a new connection, and one after the authentication cycle is finished. Per today's pggeneral discussion.
2002-05-29 01:56:51 +02:00
* if a buggy client blocks a backend during authentication.
Enable SIGTERM and SIGQUIT during client authentication so the postmaster can kill the forked off processes when shutdown is requested. Jan
2001-09-07 18:12:49 +02:00
*/
pqsignal(SIGTERM, authdie);
pqsignal(SIGQUIT, authdie);
Add an overall timeout on the client authentication cycle, so that a hung client or lost connection can't indefinitely block a postmaster child (not to mention the possibility of deliberate DoS attacks). Timeout is controlled by new authentication_timeout GUC variable, which I set to 60 seconds by default ... does that seem reasonable?
2001-09-21 19:06:12 +02:00
pqsignal(SIGALRM, authdie);
Enable SIGTERM and SIGQUIT during client authentication so the postmaster can kill the forked off processes when shutdown is requested. Jan
2001-09-07 18:12:49 +02:00
PG_SETMASK(&AuthBlockSig);
Cleanup code for preparsing pg_hba.conf and pg_ident.conf. Store line number in the data structure so that we can give at least a minimally useful idea of where the mistake is when we issue syntax error messages. Move the ClientAuthentication() call to where it should have been in the first place, so that postmaster memory releasing can happen in a reasonable place also. Update obsolete comments, correct one real bug (auth_argument was not picked up correctly).
2001-08-01 00:55:45 +02:00
/*
Rearrange LOG_CONNECTIONS code so that two log messages are made: one immediately upon forking to handle a new connection, and one after the authentication cycle is finished. Per today's pggeneral discussion.
2002-05-29 01:56:51 +02:00
* Get the remote host name and port for logging and status display.
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
*/
Enable IPv6 connections to the server, and add pg_hba.conf IPv6 entries if the OS supports it. Code will still compile on non-IPv6-aware machines (feature added by Bruce). Nigel Kukard
2003-01-06 04:18:27 +01:00
if (isAF_INETx(port->raddr.sa.sa_family))
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
{
unsigned short remote_port;
char *host_addr;
Enable IPv6 connections to the server, and add pg_hba.conf IPv6 entries if the OS supports it. Code will still compile on non-IPv6-aware machines (feature added by Bruce). Nigel Kukard
2003-01-06 04:18:27 +01:00
#ifdef HAVE_IPV6
SECOND ATTEMPT Dump/read non-default GUC values for use by exec'ed backend, for Win32.
2003-05-03 00:02:47 +02:00
char ip_hostinfo[INET6_ADDRSTRLEN];
Enable IPv6 connections to the server, and add pg_hba.conf IPv6 entries if the OS supports it. Code will still compile on non-IPv6-aware machines (feature added by Bruce). Nigel Kukard
2003-01-06 04:18:27 +01:00
#else
char ip_hostinfo[INET_ADDRSTRLEN];
#endif
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
remote_port = ntohs(port->raddr.in.sin_port);
Enable IPv6 connections to the server, and add pg_hba.conf IPv6 entries if the OS supports it. Code will still compile on non-IPv6-aware machines (feature added by Bruce). Nigel Kukard
2003-01-06 04:18:27 +01:00
host_addr = SockAddr_ntop(&port->raddr, ip_hostinfo,
sizeof(ip_hostinfo), 1);
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
remote_host = NULL;
Rename hostname_lookup to log_hostname.
2002-11-15 02:57:28 +01:00
if (log_hostname)
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
{
struct hostent *host_ent;
host_ent = gethostbyaddr((char *) &port->raddr.in.sin_addr,
sizeof(port->raddr.in.sin_addr),
AF_INET);
if (host_ent)
{
remote_host = palloc(strlen(host_addr) + strlen(host_ent->h_name) + 3);
sprintf(remote_host, "%s[%s]", host_ent->h_name, host_addr);
}
}
if (remote_host == NULL)
remote_host = pstrdup(host_addr);
Rearrange LOG_CONNECTIONS code so that two log messages are made: one immediately upon forking to handle a new connection, and one after the authentication cycle is finished. Per today's pggeneral discussion.
2002-05-29 01:56:51 +02:00
if (Log_connections)
elog(LOG, "connection received: host=%s port=%hu",
remote_host, remote_port);
Rename show_source_port to log_source_port.
2002-11-15 02:40:20 +01:00
if (LogSourcePort)
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
{
Rearrange LOG_CONNECTIONS code so that two log messages are made: one immediately upon forking to handle a new connection, and one after the authentication cycle is finished. Per today's pggeneral discussion.
2002-05-29 01:56:51 +02:00
/* modify remote_host for use in ps status */
int slen = strlen(remote_host) + 10;
char *str = palloc(slen);
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
Rearrange LOG_CONNECTIONS code so that two log messages are made: one immediately upon forking to handle a new connection, and one after the authentication cycle is finished. Per today's pggeneral discussion.
2002-05-29 01:56:51 +02:00
snprintf(str, slen, "%s:%hu", remote_host, remote_port);
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
pfree(remote_host);
remote_host = str;
}
}
else
{
SECOND ATTEMPT Dump/read non-default GUC values for use by exec'ed backend, for Win32.
2003-05-03 00:02:47 +02:00
/* not AF_INET */
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
remote_host = "[local]";
Rearrange LOG_CONNECTIONS code so that two log messages are made: one immediately upon forking to handle a new connection, and one after the authentication cycle is finished. Per today's pggeneral discussion.
2002-05-29 01:56:51 +02:00
if (Log_connections)
elog(LOG, "connection received: host=%s",
remote_host);
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
}
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
/*
Rearrange LOG_CONNECTIONS code so that two log messages are made: one immediately upon forking to handle a new connection, and one after the authentication cycle is finished. Per today's pggeneral discussion.
2002-05-29 01:56:51 +02:00
* PreAuthDelay is a debugging aid for investigating problems in the
* authentication cycle: it can be set in postgresql.conf to allow
* time to attach to the newly-forked backend with a debugger. (See
* also the -W backend switch, which we allow clients to pass through
* PGOPTIONS, but it is not honored until after authentication.)
*/
if (PreAuthDelay > 0)
sleep(PreAuthDelay);
/*
* Ready to begin client interaction. We will give up and exit(0)
* after a time delay, so that a broken client can't hog a connection
* indefinitely. PreAuthDelay doesn't count against the time limit.
*/
Add SET statement_timeout capability. Timeout is in ms. A value of zero turns off the timer.
2002-07-13 03:02:14 +02:00
if (!enable_sig_alarm(AuthenticationTimeout * 1000, false))
SECOND ATTEMPT Dump/read non-default GUC values for use by exec'ed backend, for Win32.
2003-05-03 00:02:47 +02:00
elog(FATAL, "BackendFinalize: Unable to set timer for auth timeout");
Rearrange LOG_CONNECTIONS code so that two log messages are made: one immediately upon forking to handle a new connection, and one after the authentication cycle is finished. Per today's pggeneral discussion.
2002-05-29 01:56:51 +02:00
/*
* Receive the startup packet (which might turn out to be a cancel
* request packet).
*/
status = ProcessStartupPacket(port, false);
if (status != STATUS_OK)
return 0; /* cancel request processed, or error */
/*
* Now that we have the user and database name, we can set the process
* title for ps. It's good to do this as early as possible in
* startup.
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
*/
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
init_ps_display(port->user_name, port->database_name, remote_host);
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
set_ps_display("authentication");
/*
* Now perform authentication exchange.
*/
ClientAuthentication(port); /* might not return, if failure */
Cleanup code for preparsing pg_hba.conf and pg_ident.conf. Store line number in the data structure so that we can give at least a minimally useful idea of where the mistake is when we issue syntax error messages. Move the ClientAuthentication() call to where it should have been in the first place, so that postmaster memory releasing can happen in a reasonable place also. Update obsolete comments, correct one real bug (auth_argument was not picked up correctly).
2001-08-01 00:55:45 +02:00
Clean up some confusion about where and how to set whereToSendOutput. We will no longer try to send elog messages to the client before we have initialized backend libpq (oops); however, reporting bogus commandline switches via elog does work now (not irrelevant, because of PGOPTIONS). Fix problem with inappropriate sending of checkpoint-process messages to stderr.
2001-09-08 03:10:21 +02:00
/*
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
* Done with authentication. Disable timeout, and prevent
* SIGTERM/SIGQUIT again until backend startup is complete.
Clean up some confusion about where and how to set whereToSendOutput. We will no longer try to send elog messages to the client before we have initialized backend libpq (oops); however, reporting bogus commandline switches via elog does work now (not irrelevant, because of PGOPTIONS). Fix problem with inappropriate sending of checkpoint-process messages to stderr.
2001-09-08 03:10:21 +02:00
*/
Add SET statement_timeout capability. Timeout is in ms. A value of zero turns off the timer.
2002-07-13 03:02:14 +02:00
if (!disable_sig_alarm(false))
SECOND ATTEMPT Dump/read non-default GUC values for use by exec'ed backend, for Win32.
2003-05-03 00:02:47 +02:00
elog(FATAL, "BackendFinalize: Unable to disable timer for auth timeout");
Enable SIGTERM and SIGQUIT during client authentication so the postmaster can kill the forked off processes when shutdown is requested. Jan
2001-09-07 18:12:49 +02:00
PG_SETMASK(&BlockSig);
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
if (Log_connections)
Rearrange LOG_CONNECTIONS code so that two log messages are made: one immediately upon forking to handle a new connection, and one after the authentication cycle is finished. Per today's pggeneral discussion.
2002-05-29 01:56:51 +02:00
elog(LOG, "connection authorized: user=%s database=%s",
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
port->user_name, port->database_name);
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
/*
* Don't want backend to be able to see the postmaster random number
* generator state. We have to clobber the static random_seed *and*
* start a new random sequence in the random() library function.
*/
random_seed = 0;
gettimeofday(&now, &tz);
Clean up bogosities in use of random(3) and srandom(3) --- do not assume that RAND_MAX applies to them, since it doesn't. Instead add a config.h parameter MAX_RANDOM_VALUE. This is currently set at 2^31-1 but could be auto-configured if that ever proves necessary. Also fix some outright bugs like calling srand() where srandom() is appropriate.
2000-08-07 02:51:42 +02:00
srandom((unsigned int) now.tv_usec);
From: Tom Lane <tgl@sss.pgh.pa.us> Making PQrequestCancel safe to call in a signal handler turned out to be much easier than I feared. So here are the diffs. Some notes: * I modified the postmaster's packet "iodone" callback interface to allow the callback routine to return a continue-or-drop-connection return code; this was necessary to allow the connection to be closed after receiving a Cancel, rather than proceeding to launch a new backend... Being a neatnik, I also made the iodone proc have a typechecked parameter list. * I deleted all code I could find that had to do with OOB. * I made some edits to ensure that all signals mentioned in the code are referred to symbolically not by numbers ("SIGUSR2" not "2"). I think Bruce may have already done at least some of the same edits; I hope that merging these patches is not too painful.
1998-07-09 05:29:11 +02:00
Modify backend switch parsing to prevent 'insecure' switches from being accepted when they are passed from client connection request. Get rid of a couple that no longer do anything (like -P).
1999-05-22 19:47:54 +02:00
/* ----------------
* Now, build the argv vector that will be given to PostgresMain.
*
* The layout of the command line is
* postgres [secure switches] -p databasename [insecure switches]
* where the switches after -p come from the client request.
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
*
* The maximum possible number of commandline arguments that could come
* from ExtraOptions or port->cmdline_options is (strlen + 1) / 2; see
* split_opts().
Modify backend switch parsing to prevent 'insecure' switches from being accepted when they are passed from client connection request. Get rid of a couple that no longer do anything (like -P).
1999-05-22 19:47:54 +02:00
* ----------------
*/
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
maxac = 10; /* for fixed args supplied below */
maxac += (strlen(ExtraOptions) + 1) / 2;
if (port->cmdline_options)
maxac += (strlen(port->cmdline_options) + 1) / 2;
av = (char **) MemoryContextAlloc(TopMemoryContext,
maxac * sizeof(char *));
ac = 0;
Remove fork()/exec() and only do fork(). Small cleanups.
1998-05-29 19:00:34 +02:00
New ps display code, works on more platforms. Install a default configuration file. Clean up some funny business in the config file code.
2000-06-04 03:44:38 +02:00
av[ac++] = "postgres";
Remove fork()/exec() and only do fork(). Small cleanups.
1998-05-29 19:00:34 +02:00
Pass postmaster -d down to the postgres backend to trigger special -d handling in the backend.
2002-09-26 07:17:00 +02:00
/*
* Pass the requested debugging level along to the backend.
*/
if (debug_flag > 0)
{
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
snprintf(debugbuf, sizeof(debugbuf), "-d%d", debug_flag);
Pass postmaster -d down to the postgres backend to trigger special -d handling in the backend.
2002-09-26 07:17:00 +02:00
av[ac++] = debugbuf;
}
Modify backend switch parsing to prevent 'insecure' switches from being accepted when they are passed from client connection request. Get rid of a couple that no longer do anything (like -P).
1999-05-22 19:47:54 +02:00
/*
pgindent run over code.
1999-05-25 18:15:34 +02:00
* Pass any backend switches specified with -o in the postmaster's own
* command line. We assume these are secure. (It's OK to mangle
* ExtraOptions since we are now in the child process; this won't
* change the postmaster's copy.)
Modify backend switch parsing to prevent 'insecure' switches from being accepted when they are passed from client connection request. Get rid of a couple that no longer do anything (like -P).
1999-05-22 19:47:54 +02:00
*/
split_opts(av, &ac, ExtraOptions);
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
/* Tell the backend what protocol the frontend is using. */
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
snprintf(protobuf, sizeof(protobuf), "-v%u", port->proto);
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
av[ac++] = protobuf;
Modify backend switch parsing to prevent 'insecure' switches from being accepted when they are passed from client connection request. Get rid of a couple that no longer do anything (like -P).
1999-05-22 19:47:54 +02:00
/*
pgindent run over code.
1999-05-25 18:15:34 +02:00
* Tell the backend it is being called from the postmaster, and which
* database to use. -p marks the end of secure switches.
Modify backend switch parsing to prevent 'insecure' switches from being accepted when they are passed from client connection request. Get rid of a couple that no longer do anything (like -P).
1999-05-22 19:47:54 +02:00
*/
av[ac++] = "-p";
Pass shared memory id and socket descriptor number on command line for fork/exec.
2003-05-07 01:34:56 +02:00
#ifdef EXEC_BACKEND
Pass shared memory address on command line to exec'ed backend. Allow backends to attached to specified shared memory address.
2003-05-08 16:49:04 +02:00
Assert(UsedShmemSegID != 0 && UsedShmemSegAddr != NULL);
Pass shared memory id and socket descriptor number on command line for fork/exec.
2003-05-07 01:34:56 +02:00
/* database name at the end because it might contain commas */
Pass shared memory address on command line to exec'ed backend. Allow backends to attached to specified shared memory address.
2003-05-08 16:49:04 +02:00
snprintf(pbuf, NAMEDATALEN + 256, "%d,%d,%p,%s", port->sock,
UsedShmemSegID, UsedShmemSegAddr, port->database_name);
Pass shared memory id and socket descriptor number on command line for fork/exec.
2003-05-07 01:34:56 +02:00
av[ac++] = pbuf;
#else
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
av[ac++] = port->database_name;
Pass shared memory id and socket descriptor number on command line for fork/exec.
2003-05-07 01:34:56 +02:00
#endif
Modify backend switch parsing to prevent 'insecure' switches from being accepted when they are passed from client connection request. Get rid of a couple that no longer do anything (like -P).
1999-05-22 19:47:54 +02:00
/*
* Pass the (insecure) option switches from the connection request.
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
* (It's OK to mangle port->cmdline_options now.)
Modify backend switch parsing to prevent 'insecure' switches from being accepted when they are passed from client connection request. Get rid of a couple that no longer do anything (like -P).
1999-05-22 19:47:54 +02:00
*/
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
if (port->cmdline_options)
split_opts(av, &ac, port->cmdline_options);
Cleanup code for preparsing pg_hba.conf and pg_ident.conf. Store line number in the data structure so that we can give at least a minimally useful idea of where the mistake is when we issue syntax error messages. Move the ClientAuthentication() call to where it should have been in the first place, so that postmaster memory releasing can happen in a reasonable place also. Update obsolete comments, correct one real bug (auth_argument was not picked up correctly).
2001-08-01 00:55:45 +02:00
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
av[ac] = (char *) NULL;
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
Assert(ac < maxac);
Cleanup code for preparsing pg_hba.conf and pg_ident.conf. Store line number in the data structure so that we can give at least a minimally useful idea of where the mistake is when we issue syntax error messages. Move the ClientAuthentication() call to where it should have been in the first place, so that postmaster memory releasing can happen in a reasonable place also. Update obsolete comments, correct one real bug (auth_argument was not picked up correctly).
2001-08-01 00:55:45 +02:00
/*
* Release postmaster's working memory context so that backend can
* recycle the space. Note this does not trash *MyProcPort, because
* ConnCreate() allocated that space with malloc() ... else we'd need
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
* to copy the Port data here. Also, subsidiary data such as the
* username isn't lost either; see ProcessStartupPacket().
Cleanup code for preparsing pg_hba.conf and pg_ident.conf. Store line number in the data structure so that we can give at least a minimally useful idea of where the mistake is when we issue syntax error messages. Move the ClientAuthentication() call to where it should have been in the first place, so that postmaster memory releasing can happen in a reasonable place also. Update obsolete comments, correct one real bug (auth_argument was not picked up correctly).
2001-08-01 00:55:45 +02:00
*/
MemoryContextSwitchTo(TopMemoryContext);
MemoryContextDelete(PostmasterContext);
PostmasterContext = NULL;
First phase of memory management rewrite (see backend/utils/mmgr/README for details). It doesn't really do that much yet, since there are no short-term memory contexts in the executor, but the infrastructure is in place and long-term contexts are handled reasonably. A few long- standing bugs have been fixed, such as 'VACUUM; anything' in a single query string crashing. Also, out-of-memory is now considered a recoverable ERROR, not FATAL. Eliminate a large amount of crufty, now-dead code in and around memory management. Fix problem with holding off SIGTRAP, SIGSEGV, etc in postmaster and backend startup.
2000-06-28 05:33:33 +02:00
/*
* Debug: print arguments being passed to backend
*/
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(DEBUG2, "%s child[%d]: starting with (", progname, MyProcPid);
for (i = 0; i < ac; ++i)
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
elog(DEBUG2, "\t%s", av[i]);
elog(DEBUG2, ")");
pgindent run.
2002-09-04 22:31:48 +02:00
ClientAuthInProgress = false; /* client_min_messages is active
* now */
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
return (PostgresMain(ac, av, port->user_name));
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
}
/*
* ExitPostmaster -- cleanup
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
*
* Do NOT call exit() directly --- always go through here!
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
*/
UPDATED PATCH: Attached are a revised set of SSL patches. Many of these patches are motivated by security concerns, it's not just bug fixes. The key differences (from stock 7.2.1) are: *) almost all code that directly uses the OpenSSL library is in two new files, src/interfaces/libpq/fe-ssl.c src/backend/postmaster/be-ssl.c in the long run, it would be nice to merge these two files. *) the legacy code to read and write network data have been encapsulated into read_SSL() and write_SSL(). These functions should probably be renamed - they handle both SSL and non-SSL cases. the remaining code should eliminate the problems identified earlier, albeit not very cleanly. *) both front- and back-ends will send a SSL shutdown via the new close_SSL() function. This is necessary for sessions to work properly. (Sessions are not yet fully supported, but by cleanly closing the SSL connection instead of just sending a TCP FIN packet other SSL tools will be much happier.) *) The client certificate and key are now expected in a subdirectory of the user's home directory. Specifically, - the directory .postgresql must be owned by the user, and allow no access by 'group' or 'other.' - the file .postgresql/postgresql.crt must be a regular file owned by the user. - the file .postgresql/postgresql.key must be a regular file owned by the user, and allow no access by 'group' or 'other'. At the current time encrypted private keys are not supported. There should also be a way to support multiple client certs/keys. *) the front-end performs minimal validation of the back-end cert. Self-signed certs are permitted, but the common name *must* match the hostname used by the front-end. (The cert itself should always use a fully qualified domain name (FDQN) in its common name field.) This means that psql -h eris db will fail, but psql -h eris.example.com db will succeed. At the current time this must be an exact match; future patches may support any FQDN that resolves to the address returned by getpeername(2). Another common "problem" is expiring certs. For now, it may be a good idea to use a very-long-lived self-signed cert. As a compile-time option, the front-end can specify a file containing valid root certificates, but it is not yet required. *) the back-end performs minimal validation of the client cert. It allows self-signed certs. It checks for expiration. It supports a compile-time option specifying a file containing valid root certificates. *) both front- and back-ends default to TLSv1, not SSLv3/SSLv2. *) both front- and back-ends support DSA keys. DSA keys are moderately more expensive on startup, but many people consider them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.) *) if /dev/urandom exists, both client and server will read 16k of randomization data from it. *) the server can read empheral DH parameters from the files $DataDir/dh512.pem $DataDir/dh1024.pem $DataDir/dh2048.pem $DataDir/dh4096.pem if none are provided, the server will default to hardcoded parameter files provided by the OpenSSL project. Remaining tasks: *) the select() clauses need to be revisited - the SSL abstraction layer may need to absorb more of the current code to avoid rare deadlock conditions. This also touches on a true solution to the pg_eof() problem. *) the SIGPIPE signal handler may need to be revisited. *) support encrypted private keys. *) sessions are not yet fully supported. (SSL sessions can span multiple "connections," and allow the client and server to avoid costly renegotiations.) *) makecert - a script that creates back-end certs. *) pgkeygen - a tool that creates front-end certs. *) the whole protocol issue, SASL, etc. *) certs are fully validated - valid root certs must be available. This is a hassle, but it means that you *can* trust the identity of the server. *) the client library can handle hardcoded root certificates, to avoid the need to copy these files. *) host name of server cert must resolve to IP address, or be a recognized alias. This is more liberal than the previous iteration. *) the number of bytes transferred is tracked, and the session key is periodically renegotiated. *) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The configuration files have reasonable defaults for each type of use. Bear Giles
2002-06-14 06:23:17 +02:00
void
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
ExitPostmaster(int status)
{
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
/* should cleanup shared memory and kill all backends */
/*
* Not sure of the semantics here. When the Postmaster dies, should
* the backends all be killed? probably not.
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
*
* MUST -- vadim 05-10-1999
Massive commit to run PGINDENT on all *.c and *.h files.
1997-09-07 07:04:48 +02:00
*/
Fix case issues with quotes.
1997-11-10 06:10:50 +01:00
if (ServerSock_INET != INVALID_SOCK)
Remove fork()/exec() and only do fork(). Small cleanups.
1998-05-29 19:00:34 +02:00
StreamClose(ServerSock_INET);
More paranoia about global variables containing references to long- since-closed file descriptors...
2000-05-26 03:38:08 +02:00
ServerSock_INET = INVALID_SOCK;
Introduce HAVE_UNIX_SOCKETS symbol to replace repeatedly listing all the unsupported platforms.
2000-08-20 12:55:35 +02:00
#ifdef HAVE_UNIX_SOCKETS
Fix case issues with quotes.
1997-11-10 06:10:50 +01:00
if (ServerSock_UNIX != INVALID_SOCK)
Remove fork()/exec() and only do fork(). Small cleanups.
1998-05-29 19:00:34 +02:00
StreamClose(ServerSock_UNIX);
More paranoia about global variables containing references to long- since-closed file descriptors...
2000-05-26 03:38:08 +02:00
ServerSock_UNIX = INVALID_SOCK;
Apply Win32 patch from Horak Daniel.
1999-01-17 07:20:06 +01:00
#endif
More paranoia about global variables containing references to long- since-closed file descriptors...
2000-05-26 03:38:08 +02:00
Fix for hang after postmaster restart. Add new proc_exit and shmem_exit to replace exitpg().
1998-06-27 06:53:49 +02:00
proc_exit(status);
Postgres95 1.01 Distribution - Virgin Sources
1996-07-09 08:22:35 +02:00
}
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
/*
* sigusr1_handler - handle signal conditions from child processes
*/
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
static void
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
sigusr1_handler(SIGNAL_ARGS)
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
{
int save_errno = errno;
PG_SETMASK(&BlockSig);
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
if (CheckPostmasterSignal(PMSIGNAL_DO_CHECKPOINT))
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
{
Add checkpoint_warning to warn of excessive checkpoints caused by too few WAL files.
2002-11-15 03:44:57 +01:00
if (CheckPointWarning != 0)
{
/*
* This only times checkpoints forced by running out of
* segment files. Other checkpoints could reduce
* the frequency of forced checkpoints.
*/
Suppress compile warning, avoid possible problems with signed vs. unsigned comparisons in recently-added CheckPointWarning code.
2002-11-18 01:40:46 +01:00
time_t now = time(NULL);
Add checkpoint_warning to warn of excessive checkpoints caused by too few WAL files.
2002-11-15 03:44:57 +01:00
Suppress compile warning, avoid possible problems with signed vs. unsigned comparisons in recently-added CheckPointWarning code.
2002-11-18 01:40:46 +01:00
if (LastSignalledCheckpoint != 0)
{
int elapsed_secs = now - LastSignalledCheckpoint;
if (elapsed_secs < CheckPointWarning)
elog(LOG, "Checkpoint segments are being created too frequently (%d secs)"
"\n\tConsider increasing CHECKPOINT_SEGMENTS",
elapsed_secs);
}
Add checkpoint_warning to warn of excessive checkpoints caused by too few WAL files.
2002-11-15 03:44:57 +01:00
LastSignalledCheckpoint = now;
}
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
/*
* Request to schedule a checkpoint
*
New pgindent run with fixes suggested by Tom. Patch manually reviewed, initdb/regression tests pass.
2001-11-05 18:46:40 +01:00
* Ignore request if checkpoint is already running or checkpointing
* is currently disabled
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
*/
if (CheckPointPID == 0 && checkpointed &&
Shutdown == NoShutdown && !FatalError && random_seed != 0)
{
CheckPointPID = CheckPointDataBase();
/* note: if fork fails, CheckPointPID stays 0; nothing happens */
}
}
if (CheckPostmasterSignal(PMSIGNAL_PASSWORD_CHANGE))
{
/*
Authentication improvements: A new pg_hba.conf column, USER Allow specifiction of lists of users separated by commas Allow group names specified by + Allow include files containing lists of users specified by @ Allow lists of databases, and database files Allow samegroup in database column to match group name matching dbname Removal of secondary password files Remove pg_passwd utility Lots of code cleanup in user.c and hba.c New data/global/pg_pwd format New data/global/pg_group file
2002-04-04 06:25:54 +02:00
* Password or group file has changed.
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
*/
Authentication improvements: A new pg_hba.conf column, USER Allow specifiction of lists of users separated by commas Allow group names specified by + Allow include files containing lists of users specified by @ Allow lists of databases, and database files Allow samegroup in database column to match group name matching dbname Removal of secondary password files Remove pg_passwd utility Lots of code cleanup in user.c and hba.c New data/global/pg_pwd format New data/global/pg_group file
2002-04-04 06:25:54 +02:00
load_user();
load_group();
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
}
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
if (CheckPostmasterSignal(PMSIGNAL_WAKEN_CHILDREN))
{
/*
New pgindent run with fixes suggested by Tom. Patch manually reviewed, initdb/regression tests pass.
2001-11-05 18:46:40 +01:00
* Send SIGUSR2 to all children (triggers AsyncNotifyHandler). See
* storage/ipc/sinvaladt.c for the use of this.
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
*/
if (Shutdown == NoShutdown)
SignalChildren(SIGUSR2);
}
PG_SETMASK(&UnBlockSig);
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
errno = save_errno;
}
From: todd brandys <brandys@eng3.hep.uiuc.edu> An extension to the code to allow for a pg_password authentication database that is *seperate* from the system password file
1997-12-04 01:28:15 +01:00
Merge three existing ways of signaling postmaster from child processes, so that only one signal number is used not three. Flags in shared memory tell the reason(s) for the current signal. This method is extensible to handle more signal reasons without chewing up even more signal numbers, but the immediate reason is to keep pg_pwd reloads separate from SIGHUP processing in the postmaster. Also clean up some problems in the postmaster with delayed response to checkpoint status changes --- basically, it wouldn't schedule a checkpoint if it wasn't getting connection requests on a regular basis.
2001-11-04 20:55:31 +01:00
/*
* Dummy signal handler
*
* We use this for signals that we don't actually use in the postmaster,
* but we do use in backends. If we SIG_IGN such signals in the postmaster,
* then a newly started backend might drop a signal that arrives before it's
* able to reconfigure its signal processing. (See notes in postgres.c.)
*/
static void
dummy_handler(SIGNAL_ARGS)
{
}
From: todd brandys <brandys@eng3.hep.uiuc.edu> An extension to the code to allow for a pg_password authentication database that is *seperate* from the system password file
1997-12-04 01:28:15 +01:00
/*
Code review for MD5 authorization patch. Clean up some breakage (salts were always zero!?), add much missing documentation.
2001-09-21 22:31:49 +02:00
* CharRemap: given an int in range 0..61, produce textual encoding of it
* per crypt(3) conventions.
From: todd brandys <brandys@eng3.hep.uiuc.edu> An extension to the code to allow for a pg_password authentication database that is *seperate* from the system password file
1997-12-04 01:28:15 +01:00
*/
static char
Code review for MD5 authorization patch. Clean up some breakage (salts were always zero!?), add much missing documentation.
2001-09-21 22:31:49 +02:00
CharRemap(long ch)
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
{
if (ch < 0)
ch = -ch;
ch = ch % 62;
Code review for MD5 authorization patch. Clean up some breakage (salts were always zero!?), add much missing documentation.
2001-09-21 22:31:49 +02:00
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
if (ch < 26)
Renaming cleanup, no pgindent yet.
1998-09-01 05:29:17 +02:00
return 'A' + ch;
From: todd brandys <brandys@eng3.hep.uiuc.edu> An extension to the code to allow for a pg_password authentication database that is *seperate* from the system password file
1997-12-04 01:28:15 +01:00
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
ch -= 26;
if (ch < 26)
Renaming cleanup, no pgindent yet.
1998-09-01 05:29:17 +02:00
return 'a' + ch;
From: todd brandys <brandys@eng3.hep.uiuc.edu> An extension to the code to allow for a pg_password authentication database that is *seperate* from the system password file
1997-12-04 01:28:15 +01:00
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
ch -= 26;
Renaming cleanup, no pgindent yet.
1998-09-01 05:29:17 +02:00
return '0' + ch;
From: todd brandys <brandys@eng3.hep.uiuc.edu> An extension to the code to allow for a pg_password authentication database that is *seperate* from the system password file
1997-12-04 01:28:15 +01:00
}
/*
* RandomSalt
*/
static void
Add 4-byte MD5 salt.
2001-08-17 04:59:20 +02:00
RandomSalt(char *cryptSalt, char *md5Salt)
Add real random() call to postmaster for use in cancel.
1998-06-08 06:27:59 +02:00
{
OK, folks, here is the pgindent output.
1998-09-01 06:40:42 +02:00
long rand = PostmasterRandom();
Add 4-byte MD5 salt.
2001-08-17 04:59:20 +02:00
cryptSalt[0] = CharRemap(rand % 62);
cryptSalt[1] = CharRemap(rand / 62);
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
Code review for MD5 authorization patch. Clean up some breakage (salts were always zero!?), add much missing documentation.
2001-09-21 22:31:49 +02:00
/*
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
* It's okay to reuse the first random value for one of the MD5 salt
* bytes, since only one of the two salts will be sent to the client.
* After that we need to compute more random bits.
Code review for MD5 authorization patch. Clean up some breakage (salts were always zero!?), add much missing documentation.
2001-09-21 22:31:49 +02:00
*
* We use % 255, sacrificing one possible byte value, so as to ensure
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
* that all bits of the random() value participate in the result.
* While at it, add one to avoid generating any null bytes.
Code review for MD5 authorization patch. Clean up some breakage (salts were always zero!?), add much missing documentation.
2001-09-21 22:31:49 +02:00
*/
md5Salt[0] = (rand % 255) + 1;
rand = PostmasterRandom();
md5Salt[1] = (rand % 255) + 1;
rand = PostmasterRandom();
md5Salt[2] = (rand % 255) + 1;
Add 4-byte MD5 salt.
2001-08-17 04:59:20 +02:00
rand = PostmasterRandom();
Code review for MD5 authorization patch. Clean up some breakage (salts were always zero!?), add much missing documentation.
2001-09-21 22:31:49 +02:00
md5Salt[3] = (rand % 255) + 1;
Add real random() call to postmaster for use in cancel.
1998-06-08 06:27:59 +02:00
}
/*
* PostmasterRandom
*/
static long
PostmasterRandom(void)
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
{
static bool initialized = false;
From: todd brandys <brandys@eng3.hep.uiuc.edu> An extension to the code to allow for a pg_password authentication database that is *seperate* from the system password file
1997-12-04 01:28:15 +01:00
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
if (!initialized)
{
Second pass over run-time configuration system. Adjust priorities on some option settings. Sort out SIGHUP vs BACKEND -- there is no total ordering here, so make explicit checks. Add comments explaining all of this. Removed permissions check on SHOW command. Add examine_subclass to the game, rename to SQL_inheritance to fit the official data model better. Adjust documentation. Standalone backend needs to reset all options before it starts. To facilitate that, have IsUnderPostmaster be set by the postmaster itself, don't wait for the magic -p switch. Also make sure that all environment variables and argv's survive init_ps_display(). Use strdup where necessary. Have initdb make configuration files (postgresql.conf, pg_hba.conf) mode 0600 -- having configuration files is no fun if you can't edit them.
2000-06-23 00:31:24 +02:00
Assert(random_seed != 0);
Add real random() call to postmaster for use in cancel.
1998-06-08 06:27:59 +02:00
srandom(random_seed);
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
initialized = true;
}
From: todd brandys <brandys@eng3.hep.uiuc.edu> An extension to the code to allow for a pg_password authentication database that is *seperate* from the system password file
1997-12-04 01:28:15 +01:00
Code review for MD5 authorization patch. Clean up some breakage (salts were always zero!?), add much missing documentation.
2001-09-21 22:31:49 +02:00
return random();
From: todd brandys <brandys@eng3.hep.uiuc.edu> An extension to the code to allow for a pg_password authentication database that is *seperate* from the system password file
1997-12-04 01:28:15 +01:00
}
Fix postmaster to not try to start more than MaxBackendId children, per patch from Tatsuo Ishii
1999-01-30 21:04:37 +01:00
/*
* Count up number of child processes.
*/
static int
CountChildren(void)
{
Dlelem *curr;
pgindent run over code.
1999-05-25 18:15:34 +02:00
Backend *bp;
Fix postmaster to not try to start more than MaxBackendId children, per patch from Tatsuo Ishii
1999-01-30 21:04:37 +01:00
int cnt = 0;
for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
{
bp = (Backend *) DLE_VAL(curr);
Arrange to call localtime() during postmaster startup. On most Unixen, the first call of localtime() in a process will read /usr/lib/tztab or local equivalent. Better to do this once in the postmaster and inherit the data by fork() than to have to do it during every backend start.
2002-02-19 20:53:35 +01:00
if (bp->pid != MyProcPid)
Fix postmaster to not try to start more than MaxBackendId children, per patch from Tatsuo Ishii
1999-01-30 21:04:37 +01:00
cnt++;
}
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
if (CheckPointPID != 0)
cnt--;
Fix postmaster to not try to start more than MaxBackendId children, per patch from Tatsuo Ishii
1999-01-30 21:04:37 +01:00
return cnt;
}
Lots of patches coming in from me today :-) When drawing up a very simple "text-drawing" of how the negotiation is done, I realised I had done this last part (fallback) in a very stupid way. Patch #4 fixes this, and does it in a much better way. Included is also the simple text-drawing of how the negotiation is done. //Magnus
1999-09-27 05:13:16 +02:00
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
/*
* Fire off a subprocess for startup/shutdown/checkpoint.
Don't go belly-up if fork() fails for a routine checkpoint subprocess. Just try again later.
2001-03-14 18:58:46 +01:00
*
* Return value is subprocess' PID, or 0 if failed to start subprocess
* (0 is returned only for checkpoint case).
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
*/
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
static pid_t
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
SSDataBase(int xlop)
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
{
pid_t pid;
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
Backend *bn;
pgindent run.
2002-09-04 22:31:48 +02:00
Add code to allow profiling of backends on Linux: save and restore the profiling timer setting across fork(). The correct way to build a profilable backend on Linux is now gmake PROFILE="-pg -DLINUX_PROFILE"
2002-03-02 21:46:12 +01:00
#ifdef LINUX_PROFILE
struct itimerval prof_itimer;
#endif
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
fflush(stdout);
fflush(stderr);
Add code to allow profiling of backends on Linux: save and restore the profiling timer setting across fork(). The correct way to build a profilable backend on Linux is now gmake PROFILE="-pg -DLINUX_PROFILE"
2002-03-02 21:46:12 +01:00
#ifdef LINUX_PROFILE
/* see comments in BackendStartup */
getitimer(ITIMER_PROF, &prof_itimer);
#endif
>> Here is a patch for the beos port (All regression tests are OK). >> xlog.c : special case for beos to avoid 'link' which does not work yet >> beos/sem.c : implementation of new sem_ctl call (GETPID) and a new >sem_op >> flag (IPCNOWAIT) >> dynloader/beos.c : add a verification of symbol validity (seem that the >> loader sometime return OK with an invalid symbol) >> postmaster.c : add beos forking support for the new checkpoint process >> postgres.c : remove beos special case for getrusage >> beos.h : Correction of a bas definition of AF_UNIX, misc defnitions >> >> >> thanks >> >> >> cyril Cyril VELTER
2000-12-18 19:45:05 +01:00
#ifdef __BEOS__
/* Specific beos actions before backend startup */
beos_before_backend_startup();
#endif
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
if ((pid = fork()) == 0) /* child */
{
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
const char *statmsg;
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
char *av[10];
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
int ac = 0;
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
char nbbuf[32];
char xlbuf[32];
Pass shared memory id and socket descriptor number on command line for fork/exec.
2003-05-07 01:34:56 +02:00
#ifdef EXEC_BACKEND
char pbuf[NAMEDATALEN + 256];
#endif
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
Add code to allow profiling of backends on Linux: save and restore the profiling timer setting across fork(). The correct way to build a profilable backend on Linux is now gmake PROFILE="-pg -DLINUX_PROFILE"
2002-03-02 21:46:12 +01:00
#ifdef LINUX_PROFILE
setitimer(ITIMER_PROF, &prof_itimer, NULL);
#endif
>> Here is a patch for the beos port (All regression tests are OK). >> xlog.c : special case for beos to avoid 'link' which does not work yet >> beos/sem.c : implementation of new sem_ctl call (GETPID) and a new >sem_op >> flag (IPCNOWAIT) >> dynloader/beos.c : add a verification of symbol validity (seem that the >> loader sometime return OK with an invalid symbol) >> postmaster.c : add beos forking support for the new checkpoint process >> postgres.c : remove beos special case for getrusage >> beos.h : Correction of a bas definition of AF_UNIX, misc defnitions >> >> >> thanks >> >> >> cyril Cyril VELTER
2000-12-18 19:45:05 +01:00
#ifdef __BEOS__
/* Specific beos actions after backend startup */
beos_backend_startup();
#endif
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
IsUnderPostmaster = true; /* we are a postmaster subprocess
* now */
ISTM that IsUnderPostmaster should mean we are a child process of the postmaster ... it should not be set in the postmaster itself.
2001-09-30 22:08:18 +02:00
More paranoia about global variables containing references to long- since-closed file descriptors...
2000-05-26 03:38:08 +02:00
/* Lose the postmaster's on-exit routines and port connections */
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
on_exit_reset();
More paranoia about global variables containing references to long- since-closed file descriptors...
2000-05-26 03:38:08 +02:00
When launching a child backend, take care to close file descriptors for any other client connections that may exist (which would only happen if another client is currently in the authentication cycle). This avoids wastage of open descriptors in a child. It might also explain peculiar behaviors like not closing connections when expected, since the kernel will probably not signal EOF as long as some other backend is randomly holding open a reference to the connection, even if the client went away long since ...
2001-02-08 01:35:10 +01:00
/* Close the postmaster's sockets */
Endeavor to make pgstats buffer process (a) safe and (b) useful. Make sure it exits immediately when collector process dies --- in old code, buffer process would hang around and compete with the new buffer process for packets. Make sure it doesn't block on writing the pipe when the collector falls more than a pipeload behind. Avoid leaking pgstats FDs into every backend.
2001-08-05 04:06:50 +02:00
ClosePostmasterPorts(true);
When launching a child backend, take care to close file descriptors for any other client connections that may exist (which would only happen if another client is currently in the authentication cycle). This avoids wastage of open descriptors in a child. It might also explain peculiar behaviors like not closing connections when expected, since the kernel will probably not signal EOF as long as some other backend is randomly holding open a reference to the connection, even if the client went away long since ...
2001-02-08 01:35:10 +01:00
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
/*
* Identify myself via ps
*/
switch (xlop)
{
case BS_XLOG_STARTUP:
statmsg = "startup subprocess";
break;
case BS_XLOG_CHECKPOINT:
statmsg = "checkpoint subprocess";
break;
case BS_XLOG_SHUTDOWN:
statmsg = "shutdown subprocess";
break;
default:
statmsg = "??? subprocess";
break;
}
Fix getopt-vs-init_ps_display problem by copying original argv[] info, per suggestion from Peter. Simplify several APIs by transmitting the original argv location directly from main.c to ps_status.c, instead of passing it down through several levels of subroutines.
2001-10-21 05:25:36 +02:00
init_ps_display(statmsg, "", "");
Move init_ps_display from postgres.c to postmaster.c, putting it just after receipt of the startup packet. Now, postmaster children that are waiting for client authentication response will show as 'postgres: user database host authentication'. Also, do an init_ps_display for startup/shutdown/checkpoint subprocesses, so that they are readily identifiable as well. Fix an obscure race condition that could lead to Assert failure in the postmaster --- attempting to start a checkpoint process before any connections have been received led to calling PostmasterRandom before setting random_seed.
2001-10-19 02:44:08 +02:00
set_ps_display("");
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
/* Set up command-line arguments for subprocess */
New ps display code, works on more platforms. Install a default configuration file. Clean up some funny business in the config file code.
2000-06-04 03:44:38 +02:00
av[ac++] = "postgres";
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
snprintf(nbbuf, sizeof(nbbuf), "-B%d", NBuffers);
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
av[ac++] = nbbuf;
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
snprintf(xlbuf, sizeof(xlbuf), "-x%d", xlop);
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
av[ac++] = xlbuf;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
av[ac++] = "-p";
Pass shared memory id and socket descriptor number on command line for fork/exec.
2003-05-07 01:34:56 +02:00
#ifdef EXEC_BACKEND
Pass shared memory address on command line to exec'ed backend. Allow backends to attached to specified shared memory address.
2003-05-08 16:49:04 +02:00
Assert(UsedShmemSegID != 0 && UsedShmemSegAddr != NULL);
Pass shared memory id and socket descriptor number on command line for fork/exec.
2003-05-07 01:34:56 +02:00
/* database name at the end because it might contain commas */
Pass shared memory address on command line to exec'ed backend. Allow backends to attached to specified shared memory address.
2003-05-08 16:49:04 +02:00
snprintf(pbuf, NAMEDATALEN + 256, "%d,%p,%s", UsedShmemSegID,
UsedShmemSegAddr, "template1");
Pass shared memory id and socket descriptor number on command line for fork/exec.
2003-05-07 01:34:56 +02:00
av[ac++] = pbuf;
#else
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
av[ac++] = "template1";
Pass shared memory id and socket descriptor number on command line for fork/exec.
2003-05-07 01:34:56 +02:00
#endif
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
av[ac] = (char *) NULL;
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
Assert(ac < lengthof(av));
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
BootstrapMain(ac, av);
Get rid of not-very-portable fcntl(F_SETLK) mechanism for locking the Unix socket file, in favor of having an ordinary lockfile beside the socket file. Clean up a few robustness problems in the lockfile code. If postmaster is going to reject a connection request based on database state, it will now tell you so before authentication exchange not after. (Of course, a failure after is still possible if conditions change meanwhile, but this makes life easier for a yet-to-be-written pg_ping utility.)
2000-11-29 21:59:54 +01:00
ExitPostmaster(0);
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
}
/* in parent */
if (pid < 0)
{
>> Here is a patch for the beos port (All regression tests are OK). >> xlog.c : special case for beos to avoid 'link' which does not work yet >> beos/sem.c : implementation of new sem_ctl call (GETPID) and a new >sem_op >> flag (IPCNOWAIT) >> dynloader/beos.c : add a verification of symbol validity (seem that the >> loader sometime return OK with an invalid symbol) >> postmaster.c : add beos forking support for the new checkpoint process >> postgres.c : remove beos special case for getrusage >> beos.h : Correction of a bas definition of AF_UNIX, misc defnitions >> >> >> thanks >> >> >> cyril Cyril VELTER
2000-12-18 19:45:05 +01:00
#ifdef __BEOS__
/* Specific beos actions before backend startup */
beos_backend_startup_failed();
#endif
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
switch (xlop)
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
{
case BS_XLOG_STARTUP:
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
elog(LOG, "could not launch startup process (fork failure): %m");
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
break;
case BS_XLOG_CHECKPOINT:
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
elog(LOG, "could not launch checkpoint process (fork failure): %m");
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
break;
case BS_XLOG_SHUTDOWN:
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
elog(LOG, "could not launch shutdown process (fork failure): %m");
break;
Convert some fprintf's to elog's.
2001-08-30 21:02:42 +02:00
default:
break;
}
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
Don't go belly-up if fork() fails for a routine checkpoint subprocess. Just try again later.
2001-03-14 18:58:46 +01:00
/*
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
* fork failure is fatal during startup/shutdown, but there's no
* need to choke if a routine checkpoint fails.
Don't go belly-up if fork() fails for a routine checkpoint subprocess. Just try again later.
2001-03-14 18:58:46 +01:00
*/
if (xlop == BS_XLOG_CHECKPOINT)
return 0;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
ExitPostmaster(1);
}
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
/*
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
* The startup and shutdown processes are not considered normal
* backends, but the checkpoint process is. Checkpoint must be added
* to the list of backends.
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
*/
if (xlop == BS_XLOG_CHECKPOINT)
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
{
Add code to allow profiling of backends on Linux: save and restore the profiling timer setting across fork(). The correct way to build a profilable backend on Linux is now gmake PROFILE="-pg -DLINUX_PROFILE"
2002-03-02 21:46:12 +01:00
if (!(bn = (Backend *) malloc(sizeof(Backend))))
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
{
Commit to match discussed elog() changes. Only update is that LOG is now just below FATAL in server_min_messages. Added more text to highlight ordering difference between it and client_min_messages. --------------------------------------------------------------------------- REALLYFATAL => PANIC STOP => PANIC New INFO level the prints to client by default New LOG level the prints to server log by default Cause VACUUM information to print only to the client NOTICE => INFO where purely information messages are sent DEBUG => LOG for purely server status messages DEBUG removed, kept as backward compatible DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added DebugLvl removed in favor of new DEBUG[1-5] symbols New server_min_messages GUC parameter with values: DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC New client_min_messages GUC parameter with values: DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC Server startup now logged with LOG instead of DEBUG Remove debug_level GUC parameter elog() numbers now start at 10 Add test to print error message if older elog() values are passed to elog() Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
elog(LOG, "CheckPointDataBase: malloc failed");
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
ExitPostmaster(1);
}
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
bn->pid = pid;
bn->cancel_key = PostmasterRandom();
DLAddHead(BackendList, DLNewElem(bn));
/*
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
* Since this code is executed periodically, it's a fine place to
* do other actions that should happen every now and then on no
* particular schedule. Such as...
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
*/
Where available, use utime() or utimes() to update the file mod time of the socket file and socket lock file; this should prevent both of them from being removed by even the stupidest varieties of /tmp-cleaning script. Per suggestion from Giles Lean.
2003-01-25 06:19:47 +01:00
TouchSocketFile();
XLOG (and related) changes: * Store two past checkpoint locations, not just one, in pg_control. On startup, we fall back to the older checkpoint if the newer one is unreadable. Also, a physical copy of the newest checkpoint record is kept in pg_control for possible use in disaster recovery (ie, complete loss of pg_xlog). Also add a version number for pg_control itself. Remove archdir from pg_control; it ought to be a GUC parameter, not a special case (not that it's implemented yet anyway). * Suppress successive checkpoint records when nothing has been entered in the WAL log since the last one. This is not so much to avoid I/O as to make it actually useful to keep track of the last two checkpoints. If the things are right next to each other then there's not a lot of redundancy gained... * Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs on alternate bytes. Polynomial borrowed from ECMA DLT1 standard. * Fix XLOG record length handling so that it will work at BLCKSZ = 32k. * Change XID allocation to work more like OID allocation. (This is of dubious necessity, but I think it's a good idea anyway.) * Fix a number of minor bugs, such as off-by-one logic for XLOG file wraparound at the 4 gig mark. * Add documentation and clean up some coding infelicities; move file format declarations out to include files where planned contrib utilities can get at them. * Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also possible to force a checkpoint by sending SIGUSR1 to the postmaster (undocumented feature...) * Defend against kill -9 postmaster by storing shmem block's key and ID in postmaster.pid lockfile, and checking at startup to ensure that no processes are still connected to old shmem block (if it still exists). * Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency stop, for symmetry with postmaster and xlog utilities. Clean up signal handling in bootstrap.c so that xlog utilities launched by postmaster will react to signals better. * Standalone bootstrap now grabs lockfile in target directory, as added insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
TouchSocketLockFile();
}
Auto checkpoint creation.
2000-11-09 12:26:00 +01:00
Don't go belly-up if fork() fails for a routine checkpoint subprocess. Just try again later.
2001-03-14 18:58:46 +01:00
return pid;
XLOG (also known as WAL -:)) Bootstrap/Startup/Shutdown. First step in cleaning up backend initialization code. Fix for FATAL: now FATAL is ERROR + exit.
1999-10-06 23:58:18 +02:00
}
Create postmaster.pid and postmaster.opts under $PGDATA
1999-12-03 07:26:34 +01:00
Another round of those unportable config/build changes :-/ * Add option to build with OpenSSL out of the box. Fix thusly exposed bit rot. Although it compiles now, getting this to do something useful is left as an exercise. * Fix Kerberos options to defer checking for required libraries until all the other libraries are checked for. * Change default odbcinst.ini and krb5.srvtab path to PREFIX/etc. * Install work around for Autoconf's install-sh relative path anomaly. Get rid of old INSTL_*_OPTS variables, now that we don't need them anymore. * Use `gunzip -c' instead of g?zcat. Reportedly broke on AIX. * Look for only one of readline.h or readline/readline.h, not both. * Make check for PS_STRINGS cacheable. Don't test for the header files separately. * Disable fcntl(F_SETLK) test on Linux. * Substitute the standard GCC warnings set into CFLAGS in configure, don't add it on in Makefile.global. * Sweep through contrib tree to teach makefiles standard semantics. ... and in completely unrelated news: * Make postmaster.opts arbitrary options-aware. I still think we need to save the environment as well.
2000-07-09 15:14:19 +02:00
Fix bugs regarding pid file.
1999-12-06 08:21:12 +01:00
/*
Move SetPidFile() and firends to utils/init/miscinit.c so that tcop/postgres.c can use them. Now we have an interlock between postmaster and postgres.
2000-01-09 13:13:24 +01:00
* Create the opts file
Fix bugs regarding pid file.
1999-12-06 08:21:12 +01:00
*/
Another round of those unportable config/build changes :-/ * Add option to build with OpenSSL out of the box. Fix thusly exposed bit rot. Although it compiles now, getting this to do something useful is left as an exercise. * Fix Kerberos options to defer checking for required libraries until all the other libraries are checked for. * Change default odbcinst.ini and krb5.srvtab path to PREFIX/etc. * Install work around for Autoconf's install-sh relative path anomaly. Get rid of old INSTL_*_OPTS variables, now that we don't need them anymore. * Use `gunzip -c' instead of g?zcat. Reportedly broke on AIX. * Look for only one of readline.h or readline/readline.h, not both. * Make check for PS_STRINGS cacheable. Don't test for the header files separately. * Disable fcntl(F_SETLK) test on Linux. * Substitute the standard GCC warnings set into CFLAGS in configure, don't add it on in Makefile.global. * Sweep through contrib tree to teach makefiles standard semantics. ... and in completely unrelated news: * Make postmaster.opts arbitrary options-aware. I still think we need to save the environment as well.
2000-07-09 15:14:19 +02:00
static bool
CreateOptsFile(int argc, char *argv[])
Create postmaster.pid and postmaster.opts under $PGDATA
1999-12-03 07:26:34 +01:00
{
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
char fullprogname[MAXPGPATH];
char *filename;
FILE *fp;
unsigned i;
Create postmaster.pid and postmaster.opts under $PGDATA
1999-12-03 07:26:34 +01:00
Fix getopt-vs-init_ps_display problem by copying original argv[] info, per suggestion from Peter. Simplify several APIs by transmitting the original argv location directly from main.c to ps_status.c, instead of passing it down through several levels of subroutines.
2001-10-21 05:25:36 +02:00
if (FindExec(fullprogname, argv[0], "postmaster") < 0)
Another round of those unportable config/build changes :-/ * Add option to build with OpenSSL out of the box. Fix thusly exposed bit rot. Although it compiles now, getting this to do something useful is left as an exercise. * Fix Kerberos options to defer checking for required libraries until all the other libraries are checked for. * Change default odbcinst.ini and krb5.srvtab path to PREFIX/etc. * Install work around for Autoconf's install-sh relative path anomaly. Get rid of old INSTL_*_OPTS variables, now that we don't need them anymore. * Use `gunzip -c' instead of g?zcat. Reportedly broke on AIX. * Look for only one of readline.h or readline/readline.h, not both. * Make check for PS_STRINGS cacheable. Don't test for the header files separately. * Disable fcntl(F_SETLK) test on Linux. * Substitute the standard GCC warnings set into CFLAGS in configure, don't add it on in Makefile.global. * Sweep through contrib tree to teach makefiles standard semantics. ... and in completely unrelated news: * Make postmaster.opts arbitrary options-aware. I still think we need to save the environment as well.
2000-07-09 15:14:19 +02:00
return false;
Create postmaster.pid and postmaster.opts under $PGDATA
1999-12-03 07:26:34 +01:00
Add db-local user names, per discussion on hackers.
2002-08-18 05:03:26 +02:00
filename = palloc(strlen(DataDir) + 17);
Another round of those unportable config/build changes :-/ * Add option to build with OpenSSL out of the box. Fix thusly exposed bit rot. Although it compiles now, getting this to do something useful is left as an exercise. * Fix Kerberos options to defer checking for required libraries until all the other libraries are checked for. * Change default odbcinst.ini and krb5.srvtab path to PREFIX/etc. * Install work around for Autoconf's install-sh relative path anomaly. Get rid of old INSTL_*_OPTS variables, now that we don't need them anymore. * Use `gunzip -c' instead of g?zcat. Reportedly broke on AIX. * Look for only one of readline.h or readline/readline.h, not both. * Make check for PS_STRINGS cacheable. Don't test for the header files separately. * Disable fcntl(F_SETLK) test on Linux. * Substitute the standard GCC warnings set into CFLAGS in configure, don't add it on in Makefile.global. * Sweep through contrib tree to teach makefiles standard semantics. ... and in completely unrelated news: * Make postmaster.opts arbitrary options-aware. I still think we need to save the environment as well.
2000-07-09 15:14:19 +02:00
sprintf(filename, "%s/postmaster.opts", DataDir);
Create postmaster.pid and postmaster.opts under $PGDATA
1999-12-03 07:26:34 +01:00
Add db-local user names, per discussion on hackers.
2002-08-18 05:03:26 +02:00
if ((fp = fopen(filename, "w")) == NULL)
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
{
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
postmaster_error("cannot create file %s: %s",
filename, strerror(errno));
Another round of those unportable config/build changes :-/ * Add option to build with OpenSSL out of the box. Fix thusly exposed bit rot. Although it compiles now, getting this to do something useful is left as an exercise. * Fix Kerberos options to defer checking for required libraries until all the other libraries are checked for. * Change default odbcinst.ini and krb5.srvtab path to PREFIX/etc. * Install work around for Autoconf's install-sh relative path anomaly. Get rid of old INSTL_*_OPTS variables, now that we don't need them anymore. * Use `gunzip -c' instead of g?zcat. Reportedly broke on AIX. * Look for only one of readline.h or readline/readline.h, not both. * Make check for PS_STRINGS cacheable. Don't test for the header files separately. * Disable fcntl(F_SETLK) test on Linux. * Substitute the standard GCC warnings set into CFLAGS in configure, don't add it on in Makefile.global. * Sweep through contrib tree to teach makefiles standard semantics. ... and in completely unrelated news: * Make postmaster.opts arbitrary options-aware. I still think we need to save the environment as well.
2000-07-09 15:14:19 +02:00
return false;
Create postmaster.pid and postmaster.opts under $PGDATA
1999-12-03 07:26:34 +01:00
}
Another round of those unportable config/build changes :-/ * Add option to build with OpenSSL out of the box. Fix thusly exposed bit rot. Although it compiles now, getting this to do something useful is left as an exercise. * Fix Kerberos options to defer checking for required libraries until all the other libraries are checked for. * Change default odbcinst.ini and krb5.srvtab path to PREFIX/etc. * Install work around for Autoconf's install-sh relative path anomaly. Get rid of old INSTL_*_OPTS variables, now that we don't need them anymore. * Use `gunzip -c' instead of g?zcat. Reportedly broke on AIX. * Look for only one of readline.h or readline/readline.h, not both. * Make check for PS_STRINGS cacheable. Don't test for the header files separately. * Disable fcntl(F_SETLK) test on Linux. * Substitute the standard GCC warnings set into CFLAGS in configure, don't add it on in Makefile.global. * Sweep through contrib tree to teach makefiles standard semantics. ... and in completely unrelated news: * Make postmaster.opts arbitrary options-aware. I still think we need to save the environment as well.
2000-07-09 15:14:19 +02:00
fprintf(fp, "%s", fullprogname);
for (i = 1; i < argc; i++)
fprintf(fp, " '%s'", argv[i]);
fputs("\n", fp);
Create postmaster.pid and postmaster.opts under $PGDATA
1999-12-03 07:26:34 +01:00
Another round of those unportable config/build changes :-/ * Add option to build with OpenSSL out of the box. Fix thusly exposed bit rot. Although it compiles now, getting this to do something useful is left as an exercise. * Fix Kerberos options to defer checking for required libraries until all the other libraries are checked for. * Change default odbcinst.ini and krb5.srvtab path to PREFIX/etc. * Install work around for Autoconf's install-sh relative path anomaly. Get rid of old INSTL_*_OPTS variables, now that we don't need them anymore. * Use `gunzip -c' instead of g?zcat. Reportedly broke on AIX. * Look for only one of readline.h or readline/readline.h, not both. * Make check for PS_STRINGS cacheable. Don't test for the header files separately. * Disable fcntl(F_SETLK) test on Linux. * Substitute the standard GCC warnings set into CFLAGS in configure, don't add it on in Makefile.global. * Sweep through contrib tree to teach makefiles standard semantics. ... and in completely unrelated news: * Make postmaster.opts arbitrary options-aware. I still think we need to save the environment as well.
2000-07-09 15:14:19 +02:00
if (ferror(fp))
Ye-old pgindent run. Same 4-space tabs.
2000-04-12 19:17:23 +02:00
{
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
postmaster_error("writing file %s failed", filename);
Another round of those unportable config/build changes :-/ * Add option to build with OpenSSL out of the box. Fix thusly exposed bit rot. Although it compiles now, getting this to do something useful is left as an exercise. * Fix Kerberos options to defer checking for required libraries until all the other libraries are checked for. * Change default odbcinst.ini and krb5.srvtab path to PREFIX/etc. * Install work around for Autoconf's install-sh relative path anomaly. Get rid of old INSTL_*_OPTS variables, now that we don't need them anymore. * Use `gunzip -c' instead of g?zcat. Reportedly broke on AIX. * Look for only one of readline.h or readline/readline.h, not both. * Make check for PS_STRINGS cacheable. Don't test for the header files separately. * Disable fcntl(F_SETLK) test on Linux. * Substitute the standard GCC warnings set into CFLAGS in configure, don't add it on in Makefile.global. * Sweep through contrib tree to teach makefiles standard semantics. ... and in completely unrelated news: * Make postmaster.opts arbitrary options-aware. I still think we need to save the environment as well.
2000-07-09 15:14:19 +02:00
fclose(fp);
return false;
Create postmaster.pid and postmaster.opts under $PGDATA
1999-12-03 07:26:34 +01:00
}
Another round of those unportable config/build changes :-/ * Add option to build with OpenSSL out of the box. Fix thusly exposed bit rot. Although it compiles now, getting this to do something useful is left as an exercise. * Fix Kerberos options to defer checking for required libraries until all the other libraries are checked for. * Change default odbcinst.ini and krb5.srvtab path to PREFIX/etc. * Install work around for Autoconf's install-sh relative path anomaly. Get rid of old INSTL_*_OPTS variables, now that we don't need them anymore. * Use `gunzip -c' instead of g?zcat. Reportedly broke on AIX. * Look for only one of readline.h or readline/readline.h, not both. * Make check for PS_STRINGS cacheable. Don't test for the header files separately. * Disable fcntl(F_SETLK) test on Linux. * Substitute the standard GCC warnings set into CFLAGS in configure, don't add it on in Makefile.global. * Sweep through contrib tree to teach makefiles standard semantics. ... and in completely unrelated news: * Make postmaster.opts arbitrary options-aware. I still think we need to save the environment as well.
2000-07-09 15:14:19 +02:00
fclose(fp);
return true;
Create postmaster.pid and postmaster.opts under $PGDATA
1999-12-03 07:26:34 +01:00
}
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
/*
* This should be used only for reporting "interactive" errors (ie, errors
pgindent run.
2002-09-04 22:31:48 +02:00
* during startup. Once the postmaster is launched, use elog.
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
2002-03-04 02:46:04 +01:00
*/
UPDATED PATCH: Attached are a revised set of SSL patches. Many of these patches are motivated by security concerns, it's not just bug fixes. The key differences (from stock 7.2.1) are: *) almost all code that directly uses the OpenSSL library is in two new files, src/interfaces/libpq/fe-ssl.c src/backend/postmaster/be-ssl.c in the long run, it would be nice to merge these two files. *) the legacy code to read and write network data have been encapsulated into read_SSL() and write_SSL(). These functions should probably be renamed - they handle both SSL and non-SSL cases. the remaining code should eliminate the problems identified earlier, albeit not very cleanly. *) both front- and back-ends will send a SSL shutdown via the new close_SSL() function. This is necessary for sessions to work properly. (Sessions are not yet fully supported, but by cleanly closing the SSL connection instead of just sending a TCP FIN packet other SSL tools will be much happier.) *) The client certificate and key are now expected in a subdirectory of the user's home directory. Specifically, - the directory .postgresql must be owned by the user, and allow no access by 'group' or 'other.' - the file .postgresql/postgresql.crt must be a regular file owned by the user. - the file .postgresql/postgresql.key must be a regular file owned by the user, and allow no access by 'group' or 'other'. At the current time encrypted private keys are not supported. There should also be a way to support multiple client certs/keys. *) the front-end performs minimal validation of the back-end cert. Self-signed certs are permitted, but the common name *must* match the hostname used by the front-end. (The cert itself should always use a fully qualified domain name (FDQN) in its common name field.) This means that psql -h eris db will fail, but psql -h eris.example.com db will succeed. At the current time this must be an exact match; future patches may support any FQDN that resolves to the address returned by getpeername(2). Another common "problem" is expiring certs. For now, it may be a good idea to use a very-long-lived self-signed cert. As a compile-time option, the front-end can specify a file containing valid root certificates, but it is not yet required. *) the back-end performs minimal validation of the client cert. It allows self-signed certs. It checks for expiration. It supports a compile-time option specifying a file containing valid root certificates. *) both front- and back-ends default to TLSv1, not SSLv3/SSLv2. *) both front- and back-ends support DSA keys. DSA keys are moderately more expensive on startup, but many people consider them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.) *) if /dev/urandom exists, both client and server will read 16k of randomization data from it. *) the server can read empheral DH parameters from the files $DataDir/dh512.pem $DataDir/dh1024.pem $DataDir/dh2048.pem $DataDir/dh4096.pem if none are provided, the server will default to hardcoded parameter files provided by the OpenSSL project. Remaining tasks: *) the select() clauses need to be revisited - the SSL abstraction layer may need to absorb more of the current code to avoid rare deadlock conditions. This also touches on a true solution to the pg_eof() problem. *) the SIGPIPE signal handler may need to be revisited. *) support encrypted private keys. *) sessions are not yet fully supported. (SSL sessions can span multiple "connections," and allow the client and server to avoid costly renegotiations.) *) makecert - a script that creates back-end certs. *) pgkeygen - a tool that creates front-end certs. *) the whole protocol issue, SASL, etc. *) certs are fully validated - valid root certs must be available. This is a hassle, but it means that you *can* trust the identity of the server. *) the client library can handle hardcoded root certificates, to avoid the need to copy these files. *) host name of server cert must resolve to IP address, or be a recognized alias. This is more liberal than the previous iteration. *) the number of bytes transferred is tracked, and the session key is periodically renegotiated. *) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The configuration files have reasonable defaults for each type of use. Bear Giles
2002-06-14 06:23:17 +02:00
void
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
postmaster_error(const char *fmt,...)
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
{
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
va_list ap;
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
fprintf(stderr, "%s: ", progname);
va_start(ap, fmt);
Handle reading of startup packet and authentication exchange after forking a new postmaster child process. This should eliminate problems with authentication blocking (e.g., ident, SSL init) and also reduce problems with the accept queue filling up under heavy load. The option to send elog output to a different file per backend (postgres -o) has been disabled for now because the initialization would have to happen in a different order and it's not clear we want to keep this anyway.
2001-06-20 20:07:56 +02:00
vfprintf(stderr, gettext(fmt), ap);
Mark many strings in backend not covered by elog for translation. Also, make strings in xlog.c look more like English and less like binary noise.
2001-06-03 16:53:56 +02:00
va_end(ap);
fprintf(stderr, "\n");
}