1996-07-09 08:22:35 +02:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
|
*
|
1999-02-14 00:22:53 +01:00
|
|
|
* postmaster.c
|
1997-09-07 07:04:48 +02:00
|
|
|
* This program acts as a clearing house for requests to the
|
|
|
|
|
* POSTGRES system. Frontend programs send a startup message
|
|
|
|
|
* to the Postmaster and the postmaster uses the info in the
|
|
|
|
|
* message to setup a backend process.
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
* The postmaster also manages system-wide operations such as
|
2004-05-28 07:13:32 +02:00
|
|
|
* startup and shutdown. The postmaster itself doesn't do those
|
|
|
|
|
* operations, mind you --- it just forks off a subprocess to do them
|
|
|
|
|
* at the right times. It also takes care of resetting the system
|
|
|
|
|
* if a backend crashes.
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
*
|
|
|
|
|
* The postmaster process creates the shared memory and semaphore
|
|
|
|
|
* pools during startup, but as a rule does not touch them itself.
|
2002-06-11 15:40:53 +02:00
|
|
|
* In particular, it is not a member of the PGPROC array of backends
|
2001-03-22 05:01:46 +01:00
|
|
|
* and so it cannot participate in lock-manager operations. Keeping
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
* the postmaster away from shared memory operations makes it simpler
|
|
|
|
|
* and more reliable. The postmaster is almost always able to recover
|
|
|
|
|
* from crashes of individual backends by resetting shared memory;
|
|
|
|
|
* if it did much with shared memory then it would be prone to crashing
|
|
|
|
|
* along with the backends.
|
|
|
|
|
*
|
2001-06-21 18:43:24 +02:00
|
|
|
* When a request message is received, we now fork() immediately.
|
|
|
|
|
* The child process performs authentication of the request, and
|
|
|
|
|
* then becomes a backend if successful. This allows the auth code
|
|
|
|
|
* to be written in a simple single-threaded style (as opposed to the
|
|
|
|
|
* crufty "poor man's multitasking" code that used to be needed).
|
|
|
|
|
* More importantly, it ensures that blockages in non-multithreaded
|
|
|
|
|
* libraries like SSL or PAM cannot cause denial of service to other
|
|
|
|
|
* clients.
|
|
|
|
|
*
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
*
|
2003-08-04 04:40:20 +02:00
|
|
|
* Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
|
2000-01-26 06:58:53 +01:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* IDENTIFICATION
|
2004-08-04 22:09:47 +02:00
|
|
|
* $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.419 2004/08/04 20:09:47 tgl Exp $
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
* NOTES
|
|
|
|
|
*
|
|
|
|
|
* Initialization:
|
2004-05-30 00:48:23 +02:00
|
|
|
* The Postmaster sets up shared memory data structures
|
|
|
|
|
* for the backends.
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
* Synchronization:
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
* The Postmaster shares memory with the backends but should avoid
|
|
|
|
|
* touching shared memory, so as not to become stuck if a crashing
|
|
|
|
|
* backend screws up locks or shared memory. Likewise, the Postmaster
|
|
|
|
|
* should never block on messages from frontend clients.
|
1997-09-07 07:04:48 +02:00
|
|
|
*
|
1996-07-09 08:22:35 +02:00
|
|
|
* Garbage Collection:
|
1997-09-07 07:04:48 +02:00
|
|
|
* The Postmaster cleans up after backends if they have an emergency
|
|
|
|
|
* exit and/or core dump.
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
2004-07-21 22:34:50 +02:00
|
|
|
* Error Reporting:
|
|
|
|
|
* Use write_stderr() only for reporting "interactive" errors
|
|
|
|
|
* (essentially, bogus arguments on the command line). Once the
|
|
|
|
|
* postmaster is launched, use ereport(). In particular, don't use
|
|
|
|
|
* write_stderr() for anything that occurs after pmdaemonize.
|
|
|
|
|
*
|
1996-07-09 08:22:35 +02:00
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
|
*/
|
2000-07-17 05:05:41 +02:00
|
|
|
|
2000-06-04 03:44:38 +02:00
|
|
|
#include "postgres.h"
|
|
|
|
|
|
1999-07-19 04:27:16 +02:00
|
|
|
#include <unistd.h>
|
|
|
|
|
#include <signal.h>
|
2004-06-03 04:08:07 +02:00
|
|
|
#include <time.h>
|
1999-07-19 04:27:16 +02:00
|
|
|
#include <sys/wait.h>
|
|
|
|
|
#include <ctype.h>
|
|
|
|
|
#include <sys/stat.h>
|
|
|
|
|
#include <sys/socket.h>
|
|
|
|
|
#include <fcntl.h>
|
1999-07-16 05:14:30 +02:00
|
|
|
#include <sys/param.h>
|
2003-01-07 19:48:13 +01:00
|
|
|
#include <netinet/in.h>
|
2001-10-19 02:44:08 +02:00
|
|
|
#include <arpa/inet.h>
|
1999-07-16 05:14:30 +02:00
|
|
|
#include <netdb.h>
|
1997-09-07 07:04:48 +02:00
|
|
|
#include <limits.h>
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1997-01-24 19:27:32 +01:00
|
|
|
#ifdef HAVE_SYS_SELECT_H
|
1997-09-07 07:04:48 +02:00
|
|
|
#include <sys/select.h>
|
|
|
|
|
#endif
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1999-07-19 04:27:16 +02:00
|
|
|
#ifdef HAVE_GETOPT_H
|
2000-11-06 23:18:10 +01:00
|
|
|
#include <getopt.h>
|
1999-01-17 07:20:06 +01:00
|
|
|
#endif
|
|
|
|
|
|
2003-06-11 08:56:07 +02:00
|
|
|
#ifdef USE_RENDEZVOUS
|
|
|
|
|
#include <DNSServiceDiscovery/DNSServiceDiscovery.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2000-10-16 16:52:28 +02:00
|
|
|
#include "catalog/pg_database.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "commands/async.h"
|
|
|
|
|
#include "lib/dllist.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
#include "libpq/auth.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "libpq/crypt.h"
|
|
|
|
|
#include "libpq/libpq.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
#include "libpq/pqcomm.h"
|
1996-12-26 23:08:34 +01:00
|
|
|
#include "libpq/pqsignal.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
#include "miscadmin.h"
|
1996-11-03 05:48:27 +01:00
|
|
|
#include "nodes/nodes.h"
|
2004-05-30 00:48:23 +02:00
|
|
|
#include "postmaster/postmaster.h"
|
2004-07-19 04:47:16 +02:00
|
|
|
#include "postmaster/pgarch.h"
|
1997-12-09 04:11:25 +01:00
|
|
|
#include "storage/fd.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "storage/ipc.h"
|
2003-05-07 01:34:56 +02:00
|
|
|
#include "storage/pg_shmem.h"
|
2001-11-04 20:55:31 +01:00
|
|
|
#include "storage/pmsignal.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "storage/proc.h"
|
2003-11-19 16:55:08 +01:00
|
|
|
#include "storage/bufmgr.h"
|
1999-10-06 23:58:18 +02:00
|
|
|
#include "access/xlog.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "tcop/tcopprot.h"
|
2000-05-31 02:28:42 +02:00
|
|
|
#include "utils/guc.h"
|
2000-07-17 05:05:41 +02:00
|
|
|
#include "utils/memutils.h"
|
2001-10-19 02:44:08 +02:00
|
|
|
#include "utils/ps_status.h"
|
2000-11-09 12:26:00 +01:00
|
|
|
#include "bootstrap/bootstrap.h"
|
2001-06-22 21:16:24 +02:00
|
|
|
#include "pgstat.h"
|
|
|
|
|
|
2003-04-18 00:26:02 +02:00
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
/*
|
2001-06-21 18:43:24 +02:00
|
|
|
* List of active backends (or child processes anyway; we don't actually
|
|
|
|
|
* know whether a given child has become a backend or is still in the
|
|
|
|
|
* authorization phase). This is used mainly to keep track of how many
|
|
|
|
|
* children we have and send them appropriate signals when necessary.
|
2004-05-30 00:48:23 +02:00
|
|
|
*
|
|
|
|
|
* "Special" children such as the startup and bgwriter tasks are not in
|
|
|
|
|
* this list.
|
1996-07-09 08:22:35 +02:00
|
|
|
*/
|
1997-09-07 07:04:48 +02:00
|
|
|
typedef struct bkend
|
|
|
|
|
{
|
2001-06-20 20:07:56 +02:00
|
|
|
pid_t pid; /* process id of backend */
|
1998-06-09 06:06:12 +02:00
|
|
|
long cancel_key; /* cancel key for cancels for this backend */
|
1997-09-08 22:59:27 +02:00
|
|
|
} Backend;
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1997-09-08 04:41:22 +02:00
|
|
|
static Dllist *BackendList;
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2004-01-26 23:59:54 +01:00
|
|
|
#ifdef EXEC_BACKEND
|
|
|
|
|
#define NUM_BACKENDARRAY_ELEMS (2*MaxBackends)
|
|
|
|
|
static Backend *ShmemBackendArray;
|
|
|
|
|
#endif
|
|
|
|
|
|
2000-11-12 21:51:52 +01:00
|
|
|
/* The socket number we are listening for connections on */
|
2001-03-22 05:01:46 +01:00
|
|
|
int PostPortNumber;
|
|
|
|
|
char *UnixSocketDir;
|
2004-03-23 02:23:48 +01:00
|
|
|
char *ListenAddresses;
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2002-08-29 23:02:12 +02:00
|
|
|
/*
|
|
|
|
|
* ReservedBackends is the number of backends reserved for superuser use.
|
|
|
|
|
* This number is taken out of the pool size given by MaxBackends so
|
2002-11-21 07:36:08 +01:00
|
|
|
* number of backend slots available to non-superusers is
|
|
|
|
|
* (MaxBackends - ReservedBackends). Note what this really means is
|
|
|
|
|
* "if there are <= ReservedBackends connections available, only superusers
|
|
|
|
|
* can make new connections" --- pre-existing superuser connections don't
|
|
|
|
|
* count against the limit.
|
2002-08-29 23:02:12 +02:00
|
|
|
*/
|
2003-04-07 00:45:23 +02:00
|
|
|
int ReservedBackends;
|
2002-08-29 23:02:12 +02:00
|
|
|
|
1999-02-19 07:06:39 +01:00
|
|
|
|
2004-05-12 15:38:49 +02:00
|
|
|
static const char *progname = NULL;
|
1999-10-08 04:16:22 +02:00
|
|
|
|
2003-07-24 01:30:41 +02:00
|
|
|
/* The socket(s) we're listening to. */
|
2003-08-04 02:43:34 +02:00
|
|
|
#define MAXLISTEN 10
|
2003-07-24 01:30:41 +02:00
|
|
|
static int ListenSocket[MAXLISTEN];
|
1996-07-09 08:22:35 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Set by the -o option
|
|
|
|
|
*/
|
1999-10-25 05:08:03 +02:00
|
|
|
static char ExtraOptions[MAXPGPATH];
|
1996-07-09 08:22:35 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* These globals control the behavior of the postmaster in case some
|
1997-09-07 07:04:48 +02:00
|
|
|
* backend dumps core. Normally, it kills all peers of the dead backend
|
1996-07-09 08:22:35 +02:00
|
|
|
* and reinitializes shared memory. By specifying -s or -n, we can have
|
|
|
|
|
* the postmaster stop (rather than kill) peers and not reinitialize
|
|
|
|
|
* shared data structures.
|
|
|
|
|
*/
|
1998-09-01 06:40:42 +02:00
|
|
|
static bool Reinit = true;
|
1998-05-27 20:32:05 +02:00
|
|
|
static int SendStop = false;
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2001-06-21 18:43:24 +02:00
|
|
|
/* still more option variables */
|
2001-03-22 05:01:46 +01:00
|
|
|
bool EnableSSL = false;
|
|
|
|
|
bool SilentMode = false; /* silent mode (-S) */
|
1998-05-29 19:00:34 +02:00
|
|
|
|
2001-09-21 19:06:12 +02:00
|
|
|
int PreAuthDelay = 0;
|
|
|
|
|
int AuthenticationTimeout = 60;
|
2000-11-09 12:26:00 +01:00
|
|
|
|
2004-03-15 16:56:28 +01:00
|
|
|
bool log_hostname; /* for ps display and logging */
|
2001-10-19 02:44:08 +02:00
|
|
|
bool Log_connections = false;
|
2002-08-18 05:03:26 +02:00
|
|
|
bool Db_user_namespace = false;
|
|
|
|
|
|
2003-08-04 02:43:34 +02:00
|
|
|
char *rendezvous_name;
|
2003-07-22 22:29:13 +02:00
|
|
|
|
> I can see a couple possible downsides: (a) the library might have some
> weird behavior across fork boundaries; (b) the additional memory space
> that has to be duplicated into child processes will cost something per
> child launch, even if the child never uses it. But these are only
> arguments that it might not *always* be a prudent thing to do, not that
> we shouldn't give the DBA the tool to do it if he wants. So fire away.
Here is a patch for the above, including a documentation update. It
creates a new GUC variable "preload_libraries", that accepts a list in
the form:
preload_libraries = '$libdir/mylib1:initfunc,$libdir/mylib2'
If ":initfunc" is omitted or not found, no initialization function is
executed, but the library is still preloaded. If "$libdir/mylib" isn't
found, the postmaster refuses to start.
In my testing with PL/R, it reduces the first call to a PL/R function
(after connecting) from almost 2 seconds, down to about 8 ms.
Joe Conway
2003-03-20 05:51:44 +01:00
|
|
|
/* list of library:init-function to be preloaded */
|
2003-08-04 02:43:34 +02:00
|
|
|
char *preload_libraries_string = NULL;
|
2001-10-19 02:44:08 +02:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
/* PIDs of special child processes; 0 when not running */
|
2001-03-22 05:01:46 +01:00
|
|
|
static pid_t StartupPID = 0,
|
2004-06-14 20:08:19 +02:00
|
|
|
BgWriterPID = 0,
|
2004-07-19 04:47:16 +02:00
|
|
|
PgArchPID = 0,
|
2004-06-14 20:08:19 +02:00
|
|
|
PgStatPID = 0;
|
1998-09-01 06:40:42 +02:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
/* Startup/shutdown state */
|
1999-10-06 23:58:18 +02:00
|
|
|
#define NoShutdown 0
|
|
|
|
|
#define SmartShutdown 1
|
|
|
|
|
#define FastShutdown 2
|
1998-09-01 06:40:42 +02:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
static int Shutdown = NoShutdown;
|
1999-10-06 23:58:18 +02:00
|
|
|
|
2001-03-22 05:01:46 +01:00
|
|
|
static bool FatalError = false; /* T if recovering from backend crash */
|
1998-05-29 19:00:34 +02:00
|
|
|
|
2002-09-04 22:31:48 +02:00
|
|
|
bool ClientAuthInProgress = false; /* T during new-client
|
|
|
|
|
* authentication */
|
2002-03-04 02:46:04 +01:00
|
|
|
|
1998-06-09 06:06:12 +02:00
|
|
|
/*
|
|
|
|
|
* State for assigning random salts and cancel keys.
|
|
|
|
|
* Also, the global MyCancelKey passes the cancel key assigned to a given
|
|
|
|
|
* backend from the postmaster to that backend (via fork).
|
|
|
|
|
*/
|
1998-06-08 06:27:59 +02:00
|
|
|
static unsigned int random_seed = 0;
|
|
|
|
|
|
2002-09-26 07:17:00 +02:00
|
|
|
static int debug_flag = 0;
|
|
|
|
|
|
1998-06-08 06:27:59 +02:00
|
|
|
extern char *optarg;
|
|
|
|
|
extern int optind,
|
|
|
|
|
opterr;
|
2001-10-25 07:50:21 +02:00
|
|
|
|
2001-04-19 21:09:23 +02:00
|
|
|
#ifdef HAVE_INT_OPTRESET
|
|
|
|
|
extern int optreset;
|
|
|
|
|
#endif
|
1998-06-08 06:27:59 +02:00
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
/*
|
1996-07-09 08:22:35 +02:00
|
|
|
* postmaster.c - function prototypes
|
|
|
|
|
*/
|
2004-05-28 07:13:32 +02:00
|
|
|
static void checkDataDir(const char *checkdir);
|
2004-07-11 02:18:45 +02:00
|
|
|
static bool onlyConfigSpecified(const char *checkdir);
|
2004-05-28 07:13:32 +02:00
|
|
|
#ifdef USE_RENDEZVOUS
|
|
|
|
|
static void reg_reply(DNSServiceRegistrationReplyErrorType errorCode,
|
|
|
|
|
void *context);
|
|
|
|
|
#endif
|
|
|
|
|
static void pmdaemonize(void);
|
2000-04-12 19:17:23 +02:00
|
|
|
static Port *ConnCreate(int serverFd);
|
|
|
|
|
static void ConnFree(Port *port);
|
UUNET is looking into offering PostgreSQL as a part of a managed web
hosting product, on both shared and dedicated machines. We currently
offer Oracle and MySQL, and it would be a nice middle-ground.
However, as shipped, PostgreSQL lacks the following features we need
that MySQL has:
1. The ability to listen only on a particular IP address. Each
hosting customer has their own IP address, on which all of their
servers (http, ftp, real media, etc.) run.
2. The ability to place the Unix-domain socket in a mode 700 directory.
This allows us to automatically create an empty database, with an
empty DBA password, for new or upgrading customers without having
to interactively set a DBA password and communicate it to (or from)
the customer. This in turn cuts down our install and upgrade times.
3. The ability to connect to the Unix-domain socket from within a
change-rooted environment. We run CGI programs chrooted to the
user's home directory, which is another reason why we need to be
able to specify where the Unix-domain socket is, instead of /tmp.
4. The ability to, if run as root, open a pid file in /var/run as
root, and then setuid to the desired user. (mysqld -u can almost
do this; I had to patch it, too).
The patch below fixes problem 1-3. I plan to address #4, also, but
haven't done so yet. These diffs are big enough that they should give
the PG development team something to think about in the meantime :-)
Also, I'm about to leave for 2 weeks' vacation, so I thought I'd get
out what I have, which works (for the problems it tackles), now.
With these changes, we can set up and run PostgreSQL with scripts the
same way we can with apache or proftpd or mysql.
In summary, this patch makes the following enhancements:
1. Adds an environment variable PGUNIXSOCKET, analogous to MYSQL_UNIX_PORT,
and command line options -k --unix-socket to the relevant programs.
2. Adds a -h option to postmaster to set the hostname or IP address to
listen on instead of the default INADDR_ANY.
3. Extends some library interfaces to support the above.
4. Fixes a few memory leaks in PQconnectdb().
The default behavior is unchanged from stock 7.0.2; if you don't use
any of these new features, they don't change the operation.
David J. MacKenzie
2000-11-13 16:18:15 +01:00
|
|
|
static void reset_shared(unsigned short port);
|
2000-08-29 11:36:51 +02:00
|
|
|
static void SIGHUP_handler(SIGNAL_ARGS);
|
|
|
|
|
static void pmdie(SIGNAL_ARGS);
|
|
|
|
|
static void reaper(SIGNAL_ARGS);
|
2001-11-04 20:55:31 +01:00
|
|
|
static void sigusr1_handler(SIGNAL_ARGS);
|
|
|
|
|
static void dummy_handler(SIGNAL_ARGS);
|
2004-08-04 22:09:47 +02:00
|
|
|
static void CleanupBackend(int pid, int exitstatus);
|
|
|
|
|
static void HandleChildCrash(int pid, int exitstatus, const char *procname);
|
2002-03-04 02:46:04 +01:00
|
|
|
static void LogChildExit(int lev, const char *procname,
|
2002-09-04 22:31:48 +02:00
|
|
|
int pid, int exitstatus);
|
2004-05-27 17:07:41 +02:00
|
|
|
static int BackendRun(Port *port);
|
2003-07-27 23:49:55 +02:00
|
|
|
static void ExitPostmaster(int status);
|
2000-04-12 19:17:23 +02:00
|
|
|
static void usage(const char *);
|
|
|
|
|
static int ServerLoop(void);
|
|
|
|
|
static int BackendStartup(Port *port);
|
2001-06-21 18:43:24 +02:00
|
|
|
static int ProcessStartupPacket(Port *port, bool SSLdone);
|
2001-10-25 07:50:21 +02:00
|
|
|
static void processCancelRequest(Port *port, void *pkt);
|
2003-07-24 01:30:41 +02:00
|
|
|
static int initMasks(fd_set *rmask);
|
2002-01-06 22:40:02 +01:00
|
|
|
static void report_fork_failure_to_client(Port *port, int errnum);
|
2001-08-30 21:02:42 +02:00
|
|
|
static enum CAC_state canAcceptConnections(void);
|
2000-04-12 19:17:23 +02:00
|
|
|
static long PostmasterRandom(void);
|
2001-08-17 04:59:20 +02:00
|
|
|
static void RandomSalt(char *cryptSalt, char *md5Salt);
|
2000-12-18 18:33:42 +01:00
|
|
|
static void SignalChildren(int signal);
|
2000-04-12 19:17:23 +02:00
|
|
|
static int CountChildren(void);
|
2004-05-14 00:45:04 +02:00
|
|
|
static bool CreateOptsFile(int argc, char *argv[], char *fullprogname);
|
2004-05-30 00:48:23 +02:00
|
|
|
static pid_t StartChildProcess(int xlop);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2003-12-20 18:31:21 +01:00
|
|
|
#ifdef EXEC_BACKEND
|
2004-05-14 00:45:04 +02:00
|
|
|
|
2004-01-11 04:49:31 +01:00
|
|
|
#ifdef WIN32
|
2004-05-28 07:13:32 +02:00
|
|
|
static pid_t win32_forkexec(const char *path, char *argv[]);
|
2004-05-27 17:07:41 +02:00
|
|
|
static void win32_AddChild(pid_t pid, HANDLE handle);
|
|
|
|
|
static void win32_RemoveChild(pid_t pid);
|
2004-01-26 23:59:54 +01:00
|
|
|
static pid_t win32_waitpid(int *exitstatus);
|
2004-02-08 23:28:57 +01:00
|
|
|
static DWORD WINAPI win32_sigchld_waiter(LPVOID param);
|
2004-01-26 23:59:54 +01:00
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
static pid_t *win32_childPIDArray;
|
2004-01-26 23:59:54 +01:00
|
|
|
static HANDLE *win32_childHNDArray;
|
|
|
|
|
static unsigned long win32_numChildren = 0;
|
2004-05-30 05:50:15 +02:00
|
|
|
|
|
|
|
|
HANDLE PostmasterHandle;
|
2004-01-11 04:49:31 +01:00
|
|
|
#endif
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
static pid_t backend_forkexec(Port *port);
|
|
|
|
|
static pid_t internal_forkexec(int argc, char *argv[], Port *port);
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
static void read_backend_variables(char *filename, Port *port);
|
|
|
|
|
static bool write_backend_variables(char *filename, Port *port);
|
2004-01-26 23:59:54 +01:00
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
static void ShmemBackendArrayAdd(Backend *bn);
|
2004-01-26 23:59:54 +01:00
|
|
|
static void ShmemBackendArrayRemove(pid_t pid);
|
2004-05-28 07:13:32 +02:00
|
|
|
|
|
|
|
|
#endif /* EXEC_BACKEND */
|
2003-12-20 18:31:21 +01:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
#define StartupDataBase() StartChildProcess(BS_XLOG_STARTUP)
|
|
|
|
|
#define StartBackgroundWriter() StartChildProcess(BS_XLOG_BGWRITER)
|
1999-10-06 23:58:18 +02:00
|
|
|
|
2003-06-11 08:56:07 +02:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/*
|
|
|
|
|
* Postmaster main entry point
|
|
|
|
|
*/
|
1996-07-09 08:22:35 +02:00
|
|
|
int
|
|
|
|
|
PostmasterMain(int argc, char *argv[])
|
|
|
|
|
{
|
2003-08-04 02:43:34 +02:00
|
|
|
int opt;
|
|
|
|
|
int status;
|
2004-07-11 02:18:45 +02:00
|
|
|
char *userPGDATA = NULL;
|
2003-08-04 02:43:34 +02:00
|
|
|
int i;
|
1999-12-03 07:26:34 +01:00
|
|
|
|
2004-05-12 15:38:49 +02:00
|
|
|
progname = get_progname(argv[0]);
|
1998-06-04 19:26:49 +02:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
MyProcPid = PostmasterPid = getpid();
|
|
|
|
|
|
2003-05-28 19:25:02 +02:00
|
|
|
IsPostmasterEnvironment = true;
|
|
|
|
|
|
2000-11-25 20:05:44 +01:00
|
|
|
/*
|
2001-03-22 05:01:46 +01:00
|
|
|
* Catch standard options before doing much else. This even works on
|
|
|
|
|
* systems without getopt_long.
|
2000-11-25 20:05:44 +01:00
|
|
|
*/
|
|
|
|
|
if (argc > 1)
|
|
|
|
|
{
|
2001-03-22 05:01:46 +01:00
|
|
|
if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
|
2000-11-25 20:05:44 +01:00
|
|
|
{
|
|
|
|
|
usage(progname);
|
2000-11-29 21:59:54 +01:00
|
|
|
ExitPostmaster(0);
|
2000-11-25 20:05:44 +01:00
|
|
|
}
|
2001-03-22 05:01:46 +01:00
|
|
|
if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
|
2000-11-25 20:05:44 +01:00
|
|
|
{
|
|
|
|
|
puts("postmaster (PostgreSQL) " PG_VERSION);
|
2000-11-29 21:59:54 +01:00
|
|
|
ExitPostmaster(0);
|
2000-11-25 20:05:44 +01:00
|
|
|
}
|
2001-03-22 05:01:46 +01:00
|
|
|
}
|
2000-11-25 20:05:44 +01:00
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
/*
|
|
|
|
|
* for security, no dir or file created can be group or other
|
|
|
|
|
* accessible
|
|
|
|
|
*/
|
|
|
|
|
umask((mode_t) 0077);
|
|
|
|
|
|
2000-06-28 05:33:33 +02:00
|
|
|
/*
|
2002-08-10 22:29:18 +02:00
|
|
|
* Fire up essential subsystems: memory management
|
2000-06-28 05:33:33 +02:00
|
|
|
*/
|
|
|
|
|
MemoryContextInit();
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* By default, palloc() requests in the postmaster will be allocated
|
|
|
|
|
* in the PostmasterContext, which is space that can be recycled by
|
|
|
|
|
* backends. Allocated data that needs to be available to backends
|
|
|
|
|
* should be allocated in TopMemoryContext.
|
|
|
|
|
*/
|
|
|
|
|
PostmasterContext = AllocSetContextCreate(TopMemoryContext,
|
|
|
|
|
"Postmaster",
|
|
|
|
|
ALLOCSET_DEFAULT_MINSIZE,
|
|
|
|
|
ALLOCSET_DEFAULT_INITSIZE,
|
|
|
|
|
ALLOCSET_DEFAULT_MAXSIZE);
|
|
|
|
|
MemoryContextSwitchTo(PostmasterContext);
|
|
|
|
|
|
2002-02-23 02:31:37 +01:00
|
|
|
IgnoreSystemIndexes(false);
|
|
|
|
|
|
2004-05-19 20:58:44 +02:00
|
|
|
if (find_my_exec(argv[0], my_exec_path) < 0)
|
2004-05-28 07:13:32 +02:00
|
|
|
elog(FATAL, "%s: could not locate my own executable path",
|
2004-05-27 17:07:41 +02:00
|
|
|
argv[0]);
|
|
|
|
|
|
2004-05-19 21:11:25 +02:00
|
|
|
get_pkglib_path(my_exec_path, pkglib_path);
|
|
|
|
|
|
2000-06-28 05:33:33 +02:00
|
|
|
/*
|
|
|
|
|
* Options setup
|
|
|
|
|
*/
|
2002-05-17 03:19:19 +02:00
|
|
|
InitializeGUCOptions();
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2004-07-11 02:18:45 +02:00
|
|
|
userPGDATA = getenv("PGDATA"); /* default value */
|
2004-07-11 23:34:04 +02:00
|
|
|
|
2000-05-31 02:28:42 +02:00
|
|
|
opterr = 1;
|
2001-10-19 22:47:09 +02:00
|
|
|
|
2002-08-17 17:12:07 +02:00
|
|
|
while ((opt = getopt(argc, argv, "A:a:B:b:c:D:d:Fh:ik:lm:MN:no:p:Ss-:")) != -1)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
|
|
|
|
switch (opt)
|
|
|
|
|
{
|
1998-08-25 23:04:41 +02:00
|
|
|
case 'A':
|
2001-06-29 18:05:57 +02:00
|
|
|
#ifdef USE_ASSERT_CHECKING
|
2002-02-23 02:31:37 +01:00
|
|
|
SetConfigOption("debug_assertions", optarg, PGC_POSTMASTER, PGC_S_ARGV);
|
2001-06-29 18:05:57 +02:00
|
|
|
#else
|
2004-07-21 22:34:50 +02:00
|
|
|
write_stderr("%s: assert checking is not compiled in\n", progname);
|
1998-08-25 23:04:41 +02:00
|
|
|
#endif
|
|
|
|
|
break;
|
1997-09-08 04:41:22 +02:00
|
|
|
case 'a':
|
1998-01-26 02:42:53 +01:00
|
|
|
/* Can no longer set authentication method. */
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
|
|
|
|
case 'B':
|
2002-02-23 02:31:37 +01:00
|
|
|
SetConfigOption("shared_buffers", optarg, PGC_POSTMASTER, PGC_S_ARGV);
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
|
|
|
|
case 'b':
|
2000-06-04 03:44:38 +02:00
|
|
|
/* Can no longer set the backend executable file to use. */
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
|
|
|
|
case 'D':
|
2004-07-11 02:18:45 +02:00
|
|
|
userPGDATA = optarg;
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
|
|
|
|
case 'd':
|
2002-09-04 22:31:48 +02:00
|
|
|
{
|
|
|
|
|
/* Turn on debugging for the postmaster. */
|
|
|
|
|
char *debugstr = palloc(strlen("debug") + strlen(optarg) + 1);
|
|
|
|
|
|
|
|
|
|
sprintf(debugstr, "debug%s", optarg);
|
2002-11-15 00:53:27 +01:00
|
|
|
SetConfigOption("log_min_messages", debugstr,
|
2002-09-04 22:31:48 +02:00
|
|
|
PGC_POSTMASTER, PGC_S_ARGV);
|
|
|
|
|
pfree(debugstr);
|
2002-09-26 07:17:00 +02:00
|
|
|
debug_flag = atoi(optarg);
|
2002-09-04 22:31:48 +02:00
|
|
|
break;
|
|
|
|
|
}
|
2000-06-02 17:57:44 +02:00
|
|
|
case 'F':
|
2002-02-23 02:31:37 +01:00
|
|
|
SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV);
|
2000-06-02 17:57:44 +02:00
|
|
|
break;
|
UUNET is looking into offering PostgreSQL as a part of a managed web
hosting product, on both shared and dedicated machines. We currently
offer Oracle and MySQL, and it would be a nice middle-ground.
However, as shipped, PostgreSQL lacks the following features we need
that MySQL has:
1. The ability to listen only on a particular IP address. Each
hosting customer has their own IP address, on which all of their
servers (http, ftp, real media, etc.) run.
2. The ability to place the Unix-domain socket in a mode 700 directory.
This allows us to automatically create an empty database, with an
empty DBA password, for new or upgrading customers without having
to interactively set a DBA password and communicate it to (or from)
the customer. This in turn cuts down our install and upgrade times.
3. The ability to connect to the Unix-domain socket from within a
change-rooted environment. We run CGI programs chrooted to the
user's home directory, which is another reason why we need to be
able to specify where the Unix-domain socket is, instead of /tmp.
4. The ability to, if run as root, open a pid file in /var/run as
root, and then setuid to the desired user. (mysqld -u can almost
do this; I had to patch it, too).
The patch below fixes problem 1-3. I plan to address #4, also, but
haven't done so yet. These diffs are big enough that they should give
the PG development team something to think about in the meantime :-)
Also, I'm about to leave for 2 weeks' vacation, so I thought I'd get
out what I have, which works (for the problems it tackles), now.
With these changes, we can set up and run PostgreSQL with scripts the
same way we can with apache or proftpd or mysql.
In summary, this patch makes the following enhancements:
1. Adds an environment variable PGUNIXSOCKET, analogous to MYSQL_UNIX_PORT,
and command line options -k --unix-socket to the relevant programs.
2. Adds a -h option to postmaster to set the hostname or IP address to
listen on instead of the default INADDR_ANY.
3. Extends some library interfaces to support the above.
4. Fixes a few memory leaks in PQconnectdb().
The default behavior is unchanged from stock 7.0.2; if you don't use
any of these new features, they don't change the operation.
David J. MacKenzie
2000-11-13 16:18:15 +01:00
|
|
|
case 'h':
|
2004-03-23 02:23:48 +01:00
|
|
|
SetConfigOption("listen_addresses", optarg, PGC_POSTMASTER, PGC_S_ARGV);
|
UUNET is looking into offering PostgreSQL as a part of a managed web
hosting product, on both shared and dedicated machines. We currently
offer Oracle and MySQL, and it would be a nice middle-ground.
However, as shipped, PostgreSQL lacks the following features we need
that MySQL has:
1. The ability to listen only on a particular IP address. Each
hosting customer has their own IP address, on which all of their
servers (http, ftp, real media, etc.) run.
2. The ability to place the Unix-domain socket in a mode 700 directory.
This allows us to automatically create an empty database, with an
empty DBA password, for new or upgrading customers without having
to interactively set a DBA password and communicate it to (or from)
the customer. This in turn cuts down our install and upgrade times.
3. The ability to connect to the Unix-domain socket from within a
change-rooted environment. We run CGI programs chrooted to the
user's home directory, which is another reason why we need to be
able to specify where the Unix-domain socket is, instead of /tmp.
4. The ability to, if run as root, open a pid file in /var/run as
root, and then setuid to the desired user. (mysqld -u can almost
do this; I had to patch it, too).
The patch below fixes problem 1-3. I plan to address #4, also, but
haven't done so yet. These diffs are big enough that they should give
the PG development team something to think about in the meantime :-)
Also, I'm about to leave for 2 weeks' vacation, so I thought I'd get
out what I have, which works (for the problems it tackles), now.
With these changes, we can set up and run PostgreSQL with scripts the
same way we can with apache or proftpd or mysql.
In summary, this patch makes the following enhancements:
1. Adds an environment variable PGUNIXSOCKET, analogous to MYSQL_UNIX_PORT,
and command line options -k --unix-socket to the relevant programs.
2. Adds a -h option to postmaster to set the hostname or IP address to
listen on instead of the default INADDR_ANY.
3. Extends some library interfaces to support the above.
4. Fixes a few memory leaks in PQconnectdb().
The default behavior is unchanged from stock 7.0.2; if you don't use
any of these new features, they don't change the operation.
David J. MacKenzie
2000-11-13 16:18:15 +01:00
|
|
|
break;
|
1997-11-10 06:10:50 +01:00
|
|
|
case 'i':
|
2004-03-23 02:23:48 +01:00
|
|
|
SetConfigOption("listen_addresses", "*", PGC_POSTMASTER, PGC_S_ARGV);
|
1999-10-08 06:28:57 +02:00
|
|
|
break;
|
UUNET is looking into offering PostgreSQL as a part of a managed web
hosting product, on both shared and dedicated machines. We currently
offer Oracle and MySQL, and it would be a nice middle-ground.
However, as shipped, PostgreSQL lacks the following features we need
that MySQL has:
1. The ability to listen only on a particular IP address. Each
hosting customer has their own IP address, on which all of their
servers (http, ftp, real media, etc.) run.
2. The ability to place the Unix-domain socket in a mode 700 directory.
This allows us to automatically create an empty database, with an
empty DBA password, for new or upgrading customers without having
to interactively set a DBA password and communicate it to (or from)
the customer. This in turn cuts down our install and upgrade times.
3. The ability to connect to the Unix-domain socket from within a
change-rooted environment. We run CGI programs chrooted to the
user's home directory, which is another reason why we need to be
able to specify where the Unix-domain socket is, instead of /tmp.
4. The ability to, if run as root, open a pid file in /var/run as
root, and then setuid to the desired user. (mysqld -u can almost
do this; I had to patch it, too).
The patch below fixes problem 1-3. I plan to address #4, also, but
haven't done so yet. These diffs are big enough that they should give
the PG development team something to think about in the meantime :-)
Also, I'm about to leave for 2 weeks' vacation, so I thought I'd get
out what I have, which works (for the problems it tackles), now.
With these changes, we can set up and run PostgreSQL with scripts the
same way we can with apache or proftpd or mysql.
In summary, this patch makes the following enhancements:
1. Adds an environment variable PGUNIXSOCKET, analogous to MYSQL_UNIX_PORT,
and command line options -k --unix-socket to the relevant programs.
2. Adds a -h option to postmaster to set the hostname or IP address to
listen on instead of the default INADDR_ANY.
3. Extends some library interfaces to support the above.
4. Fixes a few memory leaks in PQconnectdb().
The default behavior is unchanged from stock 7.0.2; if you don't use
any of these new features, they don't change the operation.
David J. MacKenzie
2000-11-13 16:18:15 +01:00
|
|
|
case 'k':
|
2002-02-23 02:31:37 +01:00
|
|
|
SetConfigOption("unix_socket_directory", optarg, PGC_POSTMASTER, PGC_S_ARGV);
|
UUNET is looking into offering PostgreSQL as a part of a managed web
hosting product, on both shared and dedicated machines. We currently
offer Oracle and MySQL, and it would be a nice middle-ground.
However, as shipped, PostgreSQL lacks the following features we need
that MySQL has:
1. The ability to listen only on a particular IP address. Each
hosting customer has their own IP address, on which all of their
servers (http, ftp, real media, etc.) run.
2. The ability to place the Unix-domain socket in a mode 700 directory.
This allows us to automatically create an empty database, with an
empty DBA password, for new or upgrading customers without having
to interactively set a DBA password and communicate it to (or from)
the customer. This in turn cuts down our install and upgrade times.
3. The ability to connect to the Unix-domain socket from within a
change-rooted environment. We run CGI programs chrooted to the
user's home directory, which is another reason why we need to be
able to specify where the Unix-domain socket is, instead of /tmp.
4. The ability to, if run as root, open a pid file in /var/run as
root, and then setuid to the desired user. (mysqld -u can almost
do this; I had to patch it, too).
The patch below fixes problem 1-3. I plan to address #4, also, but
haven't done so yet. These diffs are big enough that they should give
the PG development team something to think about in the meantime :-)
Also, I'm about to leave for 2 weeks' vacation, so I thought I'd get
out what I have, which works (for the problems it tackles), now.
With these changes, we can set up and run PostgreSQL with scripts the
same way we can with apache or proftpd or mysql.
In summary, this patch makes the following enhancements:
1. Adds an environment variable PGUNIXSOCKET, analogous to MYSQL_UNIX_PORT,
and command line options -k --unix-socket to the relevant programs.
2. Adds a -h option to postmaster to set the hostname or IP address to
listen on instead of the default INADDR_ANY.
3. Extends some library interfaces to support the above.
4. Fixes a few memory leaks in PQconnectdb().
The default behavior is unchanged from stock 7.0.2; if you don't use
any of these new features, they don't change the operation.
David J. MacKenzie
2000-11-13 16:18:15 +01:00
|
|
|
break;
|
1999-09-27 05:13:16 +02:00
|
|
|
#ifdef USE_SSL
|
1999-10-08 06:28:57 +02:00
|
|
|
case 'l':
|
2002-02-23 02:31:37 +01:00
|
|
|
SetConfigOption("ssl", "true", PGC_POSTMASTER, PGC_S_ARGV);
|
1997-11-07 21:52:15 +01:00
|
|
|
break;
|
1999-10-08 06:28:57 +02:00
|
|
|
#endif
|
1997-09-08 04:41:22 +02:00
|
|
|
case 'm':
|
1998-01-26 02:42:53 +01:00
|
|
|
/* Multiplexed backends no longer supported. */
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
|
|
|
|
case 'M':
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1997-09-08 04:41:22 +02:00
|
|
|
/*
|
|
|
|
|
* ignore this flag. This may be passed in because the
|
|
|
|
|
* program was run as 'postgres -M' instead of
|
|
|
|
|
* 'postmaster'
|
|
|
|
|
*/
|
|
|
|
|
break;
|
1999-02-19 07:06:39 +01:00
|
|
|
case 'N':
|
2001-09-07 02:46:42 +02:00
|
|
|
/* The max number of backends to start. */
|
2002-02-23 02:31:37 +01:00
|
|
|
SetConfigOption("max_connections", optarg, PGC_POSTMASTER, PGC_S_ARGV);
|
1999-02-19 07:06:39 +01:00
|
|
|
break;
|
1997-09-08 04:41:22 +02:00
|
|
|
case 'n':
|
|
|
|
|
/* Don't reinit shared mem after abnormal exit */
|
1998-05-27 20:32:05 +02:00
|
|
|
Reinit = false;
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
|
|
|
|
case 'o':
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1997-09-08 04:41:22 +02:00
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* Other options to pass to the backend on the command line
|
1997-09-08 04:41:22 +02:00
|
|
|
*/
|
2004-07-11 01:29:16 +02:00
|
|
|
snprintf(ExtraOptions + strlen(ExtraOptions),
|
|
|
|
|
sizeof(ExtraOptions) - strlen(ExtraOptions),
|
|
|
|
|
" %s", optarg);
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
|
|
|
|
case 'p':
|
2002-02-23 02:31:37 +01:00
|
|
|
SetConfigOption("port", optarg, PGC_POSTMASTER, PGC_S_ARGV);
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
|
|
|
|
case 'S':
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1997-09-08 04:41:22 +02:00
|
|
|
/*
|
|
|
|
|
* Start in 'S'ilent mode (disassociate from controlling
|
|
|
|
|
* tty). You may also think of this as 'S'ysV mode since
|
|
|
|
|
* it's most badly needed on SysV-derived systems like
|
|
|
|
|
* SVR4 and HP-UX.
|
|
|
|
|
*/
|
2002-02-23 02:31:37 +01:00
|
|
|
SetConfigOption("silent_mode", "true", PGC_POSTMASTER, PGC_S_ARGV);
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
|
|
|
|
case 's':
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1997-09-08 04:41:22 +02:00
|
|
|
/*
|
|
|
|
|
* In the event that some backend dumps core, send
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
* SIGSTOP, rather than SIGQUIT, to all its peers. This
|
1997-09-08 04:41:22 +02:00
|
|
|
* lets the wily post_hacker collect core dumps from
|
|
|
|
|
* everyone.
|
|
|
|
|
*/
|
1998-05-27 20:32:05 +02:00
|
|
|
SendStop = true;
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
2000-11-08 18:57:46 +01:00
|
|
|
case 'c':
|
2000-06-02 17:57:44 +02:00
|
|
|
case '-':
|
2000-11-08 18:57:46 +01:00
|
|
|
{
|
2001-03-22 05:01:46 +01:00
|
|
|
char *name,
|
|
|
|
|
*value;
|
|
|
|
|
|
|
|
|
|
ParseLongOption(optarg, &name, &value);
|
|
|
|
|
if (!value)
|
|
|
|
|
{
|
|
|
|
|
if (opt == '-')
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("--%s requires a value",
|
|
|
|
|
optarg)));
|
2001-03-22 05:01:46 +01:00
|
|
|
else
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("-c %s requires a value",
|
|
|
|
|
optarg)));
|
2001-03-22 05:01:46 +01:00
|
|
|
}
|
|
|
|
|
|
2002-02-23 02:31:37 +01:00
|
|
|
SetConfigOption(name, value, PGC_POSTMASTER, PGC_S_ARGV);
|
2001-03-22 05:01:46 +01:00
|
|
|
free(name);
|
|
|
|
|
if (value)
|
|
|
|
|
free(value);
|
|
|
|
|
break;
|
2000-11-08 18:57:46 +01:00
|
|
|
}
|
2000-07-03 22:46:10 +02:00
|
|
|
|
1997-09-08 04:41:22 +02:00
|
|
|
default:
|
2004-07-21 22:34:50 +02:00
|
|
|
write_stderr("Try \"%s --help\" for more information.\n",
|
|
|
|
|
progname);
|
2000-11-29 21:59:54 +01:00
|
|
|
ExitPostmaster(1);
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
|
|
|
|
}
|
1999-06-04 23:14:46 +02:00
|
|
|
|
2002-02-23 02:31:37 +01:00
|
|
|
/*
|
|
|
|
|
* Postmaster accepts no non-option switch arguments.
|
|
|
|
|
*/
|
|
|
|
|
if (optind < argc)
|
|
|
|
|
{
|
2004-07-21 22:34:50 +02:00
|
|
|
write_stderr("%s: invalid argument: \"%s\"\n",
|
|
|
|
|
progname, argv[optind]);
|
|
|
|
|
write_stderr("Try \"%s --help\" for more information.\n",
|
|
|
|
|
progname);
|
2002-02-23 02:31:37 +01:00
|
|
|
ExitPostmaster(1);
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-12 01:49:51 +02:00
|
|
|
if (userPGDATA)
|
2004-07-12 21:15:14 +02:00
|
|
|
{
|
|
|
|
|
userPGDATA = strdup(userPGDATA);
|
|
|
|
|
canonicalize_path(userPGDATA);
|
|
|
|
|
}
|
2004-07-12 01:49:51 +02:00
|
|
|
|
2004-07-11 02:18:45 +02:00
|
|
|
if (onlyConfigSpecified(userPGDATA))
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* It is either a file name or a directory with no
|
|
|
|
|
* global/pg_control file, and hence not a data directory.
|
|
|
|
|
*/
|
|
|
|
|
user_pgconfig = userPGDATA;
|
|
|
|
|
ProcessConfigFile(PGC_POSTMASTER);
|
|
|
|
|
|
|
|
|
|
if (!guc_pgdata) /* Got a pgdata from the config file? */
|
|
|
|
|
{
|
|
|
|
|
write_stderr("%s does not know where to find the database system data.\n"
|
2004-08-01 19:45:43 +02:00
|
|
|
"This should be specified as \"pgdata\" in %s%s.\n",
|
2004-07-11 02:18:45 +02:00
|
|
|
progname, userPGDATA,
|
|
|
|
|
user_pgconfig_is_dir ? "/postgresql.conf" : "");
|
|
|
|
|
ExitPostmaster(2);
|
|
|
|
|
}
|
|
|
|
|
checkDataDir(guc_pgdata);
|
|
|
|
|
SetDataDir(guc_pgdata);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Now we can set the data directory, and then read postgresql.conf. */
|
|
|
|
|
checkDataDir(userPGDATA);
|
|
|
|
|
SetDataDir(userPGDATA);
|
|
|
|
|
ProcessConfigFile(PGC_POSTMASTER);
|
|
|
|
|
}
|
2002-11-21 07:36:08 +01:00
|
|
|
|
2004-07-11 02:18:45 +02:00
|
|
|
if (external_pidfile)
|
|
|
|
|
{
|
|
|
|
|
FILE *fpidfile = fopen(external_pidfile, "w");
|
|
|
|
|
|
|
|
|
|
if (fpidfile)
|
|
|
|
|
{
|
|
|
|
|
fprintf(fpidfile, "%d\n", MyProcPid);
|
|
|
|
|
fclose(fpidfile);
|
|
|
|
|
/* Should we remove the pid file on postmaster exit? */
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
gettext("%s could not write to external pid file %s\n"),
|
|
|
|
|
progname, external_pidfile);
|
|
|
|
|
}
|
2004-05-27 17:07:41 +02:00
|
|
|
|
2004-05-21 07:08:06 +02:00
|
|
|
/* If timezone is not set, determine what the OS uses */
|
|
|
|
|
pg_timezone_initialize();
|
|
|
|
|
|
2003-05-03 00:02:47 +02:00
|
|
|
#ifdef EXEC_BACKEND
|
|
|
|
|
write_nondefault_variables(PGC_POSTMASTER);
|
|
|
|
|
#endif
|
2002-11-21 07:36:08 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check for invalid combinations of GUC settings.
|
1999-06-04 23:14:46 +02:00
|
|
|
*/
|
|
|
|
|
if (NBuffers < 2 * MaxBackends || NBuffers < 16)
|
|
|
|
|
{
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
|
|
|
|
* Do not accept -B so small that backends are likely to starve
|
|
|
|
|
* for lack of buffers. The specific choices here are somewhat
|
|
|
|
|
* arbitrary.
|
1999-06-04 23:14:46 +02:00
|
|
|
*/
|
2004-07-21 22:34:50 +02:00
|
|
|
write_stderr("%s: the number of buffers (-B) must be at least twice the number of allowed connections (-N) and at least 16\n", progname);
|
2000-11-29 21:59:54 +01:00
|
|
|
ExitPostmaster(1);
|
1999-06-04 23:14:46 +02:00
|
|
|
}
|
|
|
|
|
|
2002-08-29 23:02:12 +02:00
|
|
|
if (ReservedBackends >= MaxBackends)
|
2002-11-21 07:36:08 +01:00
|
|
|
{
|
2004-07-21 22:34:50 +02:00
|
|
|
write_stderr("%s: superuser_reserved_connections must be less than max_connections\n", progname);
|
2002-11-21 07:36:08 +01:00
|
|
|
ExitPostmaster(1);
|
|
|
|
|
}
|
2002-08-29 23:02:12 +02:00
|
|
|
|
2003-01-16 01:26:49 +01:00
|
|
|
/*
|
|
|
|
|
* Other one-time internal sanity checks can go here.
|
|
|
|
|
*/
|
|
|
|
|
if (!CheckDateTokenTables())
|
|
|
|
|
{
|
2004-07-21 22:34:50 +02:00
|
|
|
write_stderr("%s: invalid datetoken tables, please fix\n", progname);
|
2003-01-16 01:26:49 +01:00
|
|
|
ExitPostmaster(1);
|
|
|
|
|
}
|
|
|
|
|
|
2001-10-19 22:47:09 +02:00
|
|
|
/*
|
2001-10-25 07:50:21 +02:00
|
|
|
* Now that we are done processing the postmaster arguments, reset
|
|
|
|
|
* getopt(3) library so that it will work correctly in subprocesses.
|
2001-10-19 22:47:09 +02:00
|
|
|
*/
|
|
|
|
|
optind = 1;
|
|
|
|
|
#ifdef HAVE_INT_OPTRESET
|
2001-10-21 05:25:36 +02:00
|
|
|
optreset = 1; /* some systems need this too */
|
2001-10-19 22:47:09 +02:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* For debugging: display postmaster environment */
|
2000-11-12 21:51:52 +01:00
|
|
|
{
|
|
|
|
|
extern char **environ;
|
|
|
|
|
char **p;
|
|
|
|
|
|
2003-08-12 20:23:21 +02:00
|
|
|
ereport(DEBUG3,
|
2004-05-27 17:07:41 +02:00
|
|
|
(errmsg_internal("%s: PostmasterMain: initial environ dump:",
|
|
|
|
|
progname)));
|
2003-08-12 20:23:21 +02:00
|
|
|
ereport(DEBUG3,
|
2004-05-27 17:07:41 +02:00
|
|
|
(errmsg_internal("-----------------------------------------")));
|
2000-11-12 21:51:52 +01:00
|
|
|
for (p = environ; *p; ++p)
|
2003-08-12 20:23:21 +02:00
|
|
|
ereport(DEBUG3,
|
|
|
|
|
(errmsg_internal("\t%s", *p)));
|
|
|
|
|
ereport(DEBUG3,
|
2004-05-27 17:07:41 +02:00
|
|
|
(errmsg_internal("-----------------------------------------")));
|
2000-11-12 21:51:52 +01:00
|
|
|
}
|
|
|
|
|
|
2004-05-14 00:45:04 +02:00
|
|
|
#ifdef EXEC_BACKEND
|
2004-05-28 07:13:32 +02:00
|
|
|
if (find_other_exec(argv[0], "postgres", PG_VERSIONSTR,
|
|
|
|
|
postgres_exec_path) < 0)
|
2004-05-14 00:45:04 +02:00
|
|
|
ereport(FATAL,
|
2004-05-28 07:13:32 +02:00
|
|
|
(errmsg("%s: could not locate matching postgres executable",
|
2004-05-14 00:45:04 +02:00
|
|
|
progname)));
|
|
|
|
|
#endif
|
2004-05-27 17:07:41 +02:00
|
|
|
|
2001-06-21 18:43:24 +02:00
|
|
|
/*
|
|
|
|
|
* Initialize SSL library, if specified.
|
|
|
|
|
*/
|
|
|
|
|
#ifdef USE_SSL
|
|
|
|
|
if (EnableSSL)
|
UPDATED PATCH:
Attached are a revised set of SSL patches. Many of these patches
are motivated by security concerns, it's not just bug fixes. The key
differences (from stock 7.2.1) are:
*) almost all code that directly uses the OpenSSL library is in two
new files,
src/interfaces/libpq/fe-ssl.c
src/backend/postmaster/be-ssl.c
in the long run, it would be nice to merge these two files.
*) the legacy code to read and write network data have been
encapsulated into read_SSL() and write_SSL(). These functions
should probably be renamed - they handle both SSL and non-SSL
cases.
the remaining code should eliminate the problems identified
earlier, albeit not very cleanly.
*) both front- and back-ends will send a SSL shutdown via the
new close_SSL() function. This is necessary for sessions to
work properly.
(Sessions are not yet fully supported, but by cleanly closing
the SSL connection instead of just sending a TCP FIN packet
other SSL tools will be much happier.)
*) The client certificate and key are now expected in a subdirectory
of the user's home directory. Specifically,
- the directory .postgresql must be owned by the user, and
allow no access by 'group' or 'other.'
- the file .postgresql/postgresql.crt must be a regular file
owned by the user.
- the file .postgresql/postgresql.key must be a regular file
owned by the user, and allow no access by 'group' or 'other'.
At the current time encrypted private keys are not supported.
There should also be a way to support multiple client certs/keys.
*) the front-end performs minimal validation of the back-end cert.
Self-signed certs are permitted, but the common name *must*
match the hostname used by the front-end. (The cert itself
should always use a fully qualified domain name (FDQN) in its
common name field.)
This means that
psql -h eris db
will fail, but
psql -h eris.example.com db
will succeed. At the current time this must be an exact match;
future patches may support any FQDN that resolves to the address
returned by getpeername(2).
Another common "problem" is expiring certs. For now, it may be
a good idea to use a very-long-lived self-signed cert.
As a compile-time option, the front-end can specify a file
containing valid root certificates, but it is not yet required.
*) the back-end performs minimal validation of the client cert.
It allows self-signed certs. It checks for expiration. It
supports a compile-time option specifying a file containing
valid root certificates.
*) both front- and back-ends default to TLSv1, not SSLv3/SSLv2.
*) both front- and back-ends support DSA keys. DSA keys are
moderately more expensive on startup, but many people consider
them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.)
*) if /dev/urandom exists, both client and server will read 16k
of randomization data from it.
*) the server can read empheral DH parameters from the files
$DataDir/dh512.pem
$DataDir/dh1024.pem
$DataDir/dh2048.pem
$DataDir/dh4096.pem
if none are provided, the server will default to hardcoded
parameter files provided by the OpenSSL project.
Remaining tasks:
*) the select() clauses need to be revisited - the SSL abstraction
layer may need to absorb more of the current code to avoid rare
deadlock conditions. This also touches on a true solution to
the pg_eof() problem.
*) the SIGPIPE signal handler may need to be revisited.
*) support encrypted private keys.
*) sessions are not yet fully supported. (SSL sessions can span
multiple "connections," and allow the client and server to avoid
costly renegotiations.)
*) makecert - a script that creates back-end certs.
*) pgkeygen - a tool that creates front-end certs.
*) the whole protocol issue, SASL, etc.
*) certs are fully validated - valid root certs must be available.
This is a hassle, but it means that you *can* trust the identity
of the server.
*) the client library can handle hardcoded root certificates, to
avoid the need to copy these files.
*) host name of server cert must resolve to IP address, or be a
recognized alias. This is more liberal than the previous
iteration.
*) the number of bytes transferred is tracked, and the session
key is periodically renegotiated.
*) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The
configuration files have reasonable defaults for each type
of use.
Bear Giles
2002-06-14 06:23:17 +02:00
|
|
|
secure_initialize();
|
2001-06-21 18:43:24 +02:00
|
|
|
#endif
|
|
|
|
|
|
> I can see a couple possible downsides: (a) the library might have some
> weird behavior across fork boundaries; (b) the additional memory space
> that has to be duplicated into child processes will cost something per
> child launch, even if the child never uses it. But these are only
> arguments that it might not *always* be a prudent thing to do, not that
> we shouldn't give the DBA the tool to do it if he wants. So fire away.
Here is a patch for the above, including a documentation update. It
creates a new GUC variable "preload_libraries", that accepts a list in
the form:
preload_libraries = '$libdir/mylib1:initfunc,$libdir/mylib2'
If ":initfunc" is omitted or not found, no initialization function is
executed, but the library is still preloaded. If "$libdir/mylib" isn't
found, the postmaster refuses to start.
In my testing with PL/R, it reduces the first call to a PL/R function
(after connecting) from almost 2 seconds, down to about 8 ms.
Joe Conway
2003-03-20 05:51:44 +01:00
|
|
|
/*
|
2003-08-04 02:43:34 +02:00
|
|
|
* process any libraries that should be preloaded and optionally
|
|
|
|
|
* pre-initialized
|
> I can see a couple possible downsides: (a) the library might have some
> weird behavior across fork boundaries; (b) the additional memory space
> that has to be duplicated into child processes will cost something per
> child launch, even if the child never uses it. But these are only
> arguments that it might not *always* be a prudent thing to do, not that
> we shouldn't give the DBA the tool to do it if he wants. So fire away.
Here is a patch for the above, including a documentation update. It
creates a new GUC variable "preload_libraries", that accepts a list in
the form:
preload_libraries = '$libdir/mylib1:initfunc,$libdir/mylib2'
If ":initfunc" is omitted or not found, no initialization function is
executed, but the library is still preloaded. If "$libdir/mylib" isn't
found, the postmaster refuses to start.
In my testing with PL/R, it reduces the first call to a PL/R function
(after connecting) from almost 2 seconds, down to about 8 ms.
Joe Conway
2003-03-20 05:51:44 +01:00
|
|
|
*/
|
|
|
|
|
if (preload_libraries_string)
|
|
|
|
|
process_preload_libraries(preload_libraries_string);
|
|
|
|
|
|
2000-11-29 21:59:54 +01:00
|
|
|
/*
|
|
|
|
|
* Fork away from controlling terminal, if -S specified.
|
|
|
|
|
*
|
|
|
|
|
* Must do this before we grab any interlock files, else the interlocks
|
|
|
|
|
* will show the wrong PID.
|
|
|
|
|
*/
|
|
|
|
|
if (SilentMode)
|
2004-05-28 07:13:32 +02:00
|
|
|
pmdaemonize();
|
2000-11-29 21:59:54 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create lockfile for data directory.
|
|
|
|
|
*
|
|
|
|
|
* We want to do this before we try to grab the input sockets, because
|
|
|
|
|
* the data directory interlock is more reliable than the socket-file
|
2001-03-22 05:01:46 +01:00
|
|
|
* interlock (thanks to whoever decided to put socket files in /tmp
|
2004-05-30 00:48:23 +02:00
|
|
|
* :-(). For the same reason, it's best to grab the TCP socket(s) before
|
2001-03-22 05:01:46 +01:00
|
|
|
* the Unix socket.
|
2000-11-29 21:59:54 +01:00
|
|
|
*/
|
2003-07-27 23:49:55 +02:00
|
|
|
CreateDataDirLockFile(DataDir, true);
|
2000-11-29 21:59:54 +01:00
|
|
|
|
2001-06-11 06:12:29 +02:00
|
|
|
/*
|
2001-10-25 07:50:21 +02:00
|
|
|
* Remove old temporary files. At this point there can be no other
|
|
|
|
|
* Postgres processes running in this directory, so this should be
|
|
|
|
|
* safe.
|
2001-06-11 06:12:29 +02:00
|
|
|
*/
|
|
|
|
|
RemovePgTempFiles();
|
|
|
|
|
|
2000-11-12 21:51:52 +01:00
|
|
|
/*
|
|
|
|
|
* Establish input sockets.
|
|
|
|
|
*/
|
2003-06-12 09:36:51 +02:00
|
|
|
for (i = 0; i < MAXLISTEN; i++)
|
|
|
|
|
ListenSocket[i] = -1;
|
2003-07-24 01:30:41 +02:00
|
|
|
|
2004-03-23 02:23:48 +01:00
|
|
|
if (ListenAddresses)
|
1997-11-10 06:10:50 +01:00
|
|
|
{
|
2004-03-23 02:23:48 +01:00
|
|
|
char *curhost,
|
|
|
|
|
*endptr;
|
|
|
|
|
char c;
|
|
|
|
|
|
|
|
|
|
curhost = ListenAddresses;
|
|
|
|
|
for (;;)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2004-03-23 02:23:48 +01:00
|
|
|
/* ignore whitespace */
|
|
|
|
|
while (isspace((unsigned char) *curhost))
|
|
|
|
|
curhost++;
|
|
|
|
|
if (*curhost == '\0')
|
|
|
|
|
break;
|
|
|
|
|
endptr = curhost;
|
|
|
|
|
while (*endptr != '\0' && !isspace((unsigned char) *endptr))
|
|
|
|
|
endptr++;
|
|
|
|
|
c = *endptr;
|
|
|
|
|
*endptr = '\0';
|
2004-05-27 17:07:41 +02:00
|
|
|
if (strcmp(curhost, "*") == 0)
|
2004-03-23 02:23:48 +01:00
|
|
|
status = StreamServerPort(AF_UNSPEC, NULL,
|
|
|
|
|
(unsigned short) PostPortNumber,
|
|
|
|
|
UnixSocketDir,
|
|
|
|
|
ListenSocket, MAXLISTEN);
|
|
|
|
|
else
|
2003-07-24 01:30:41 +02:00
|
|
|
status = StreamServerPort(AF_UNSPEC, curhost,
|
|
|
|
|
(unsigned short) PostPortNumber,
|
|
|
|
|
UnixSocketDir,
|
|
|
|
|
ListenSocket, MAXLISTEN);
|
2003-01-06 04:18:27 +01:00
|
|
|
if (status != STATUS_OK)
|
2004-03-23 02:23:48 +01:00
|
|
|
ereport(WARNING,
|
2004-05-27 17:07:41 +02:00
|
|
|
(errmsg("could not create listen socket for \"%s\"",
|
|
|
|
|
curhost)));
|
2004-03-23 02:23:48 +01:00
|
|
|
*endptr = c;
|
|
|
|
|
if (c != '\0')
|
2004-05-27 17:07:41 +02:00
|
|
|
curhost = endptr + 1;
|
2004-03-23 02:23:48 +01:00
|
|
|
else
|
|
|
|
|
break;
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
2004-03-23 02:23:48 +01:00
|
|
|
}
|
2003-07-24 01:30:41 +02:00
|
|
|
|
2003-08-04 02:43:34 +02:00
|
|
|
#ifdef USE_RENDEZVOUS
|
2004-03-23 02:23:48 +01:00
|
|
|
/* Register for Rendezvous only if we opened TCP socket(s) */
|
|
|
|
|
if (ListenSocket[0] != -1 && rendezvous_name != NULL)
|
|
|
|
|
{
|
|
|
|
|
DNSServiceRegistrationCreate(rendezvous_name,
|
|
|
|
|
"_postgresql._tcp.",
|
|
|
|
|
"",
|
|
|
|
|
htonl(PostPortNumber),
|
|
|
|
|
"",
|
2004-05-27 17:07:41 +02:00
|
|
|
(DNSServiceRegistrationReply) reg_reply,
|
2004-03-23 02:23:48 +01:00
|
|
|
NULL);
|
1997-11-10 06:10:50 +01:00
|
|
|
}
|
2004-03-23 02:23:48 +01:00
|
|
|
#endif
|
1999-09-27 05:13:16 +02:00
|
|
|
|
2000-08-20 12:55:35 +02:00
|
|
|
#ifdef HAVE_UNIX_SOCKETS
|
2003-06-12 09:36:51 +02:00
|
|
|
status = StreamServerPort(AF_UNIX, NULL,
|
2003-07-24 01:30:41 +02:00
|
|
|
(unsigned short) PostPortNumber,
|
|
|
|
|
UnixSocketDir,
|
|
|
|
|
ListenSocket, MAXLISTEN);
|
1997-09-07 07:04:48 +02:00
|
|
|
if (status != STATUS_OK)
|
2004-03-23 02:23:48 +01:00
|
|
|
ereport(WARNING,
|
2003-09-25 08:58:07 +02:00
|
|
|
(errmsg("could not create Unix-domain socket")));
|
1999-01-17 07:20:06 +01:00
|
|
|
#endif
|
2000-11-12 21:51:52 +01:00
|
|
|
|
2004-03-23 02:23:48 +01:00
|
|
|
/*
|
|
|
|
|
* check that we have some socket to listen on
|
|
|
|
|
*/
|
|
|
|
|
if (ListenSocket[0] == -1)
|
|
|
|
|
ereport(FATAL,
|
2004-03-24 16:20:54 +01:00
|
|
|
(errmsg("no socket created for listening")));
|
2004-03-23 02:23:48 +01:00
|
|
|
|
2000-11-25 21:33:54 +01:00
|
|
|
XLOGPathInit();
|
|
|
|
|
|
2000-11-29 21:59:54 +01:00
|
|
|
/*
|
|
|
|
|
* Set up shared memory and semaphores.
|
|
|
|
|
*/
|
2000-11-14 02:15:06 +01:00
|
|
|
reset_shared(PostPortNumber);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2004-02-23 21:45:59 +01:00
|
|
|
/*
|
2004-05-27 17:07:41 +02:00
|
|
|
* Estimate number of openable files. This must happen after setting
|
|
|
|
|
* up semaphores, because on some platforms semaphores count as open
|
|
|
|
|
* files.
|
2004-02-23 21:45:59 +01:00
|
|
|
*/
|
|
|
|
|
set_max_safe_fds();
|
|
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
/*
|
2001-06-21 18:43:24 +02:00
|
|
|
* Initialize the list of active backends.
|
1997-09-07 07:04:48 +02:00
|
|
|
*/
|
|
|
|
|
BackendList = DLNewList();
|
|
|
|
|
|
2004-01-26 23:59:54 +01:00
|
|
|
#ifdef WIN32
|
|
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* Initialize the child pid/HANDLE arrays for signal handling.
|
2004-01-26 23:59:54 +01:00
|
|
|
*/
|
2004-05-30 00:48:23 +02:00
|
|
|
win32_childPIDArray = (pid_t *)
|
|
|
|
|
malloc(NUM_BACKENDARRAY_ELEMS * sizeof(pid_t));
|
|
|
|
|
win32_childHNDArray = (HANDLE *)
|
|
|
|
|
malloc(NUM_BACKENDARRAY_ELEMS * sizeof(HANDLE));
|
2004-01-26 23:59:54 +01:00
|
|
|
if (!win32_childPIDArray || !win32_childHNDArray)
|
2004-02-23 21:45:59 +01:00
|
|
|
ereport(FATAL,
|
2004-01-26 23:59:54 +01:00
|
|
|
(errcode(ERRCODE_OUT_OF_MEMORY),
|
|
|
|
|
errmsg("out of memory")));
|
2004-05-30 05:50:15 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Set up a handle that child processes can use to check whether the
|
|
|
|
|
* postmaster is still running.
|
|
|
|
|
*/
|
|
|
|
|
if (DuplicateHandle(GetCurrentProcess(),
|
|
|
|
|
GetCurrentProcess(),
|
|
|
|
|
GetCurrentProcess(),
|
|
|
|
|
&PostmasterHandle,
|
|
|
|
|
0,
|
|
|
|
|
TRUE,
|
|
|
|
|
DUPLICATE_SAME_ACCESS) == 0)
|
|
|
|
|
ereport(FATAL,
|
|
|
|
|
(errmsg_internal("could not duplicate postmaster handle: %d",
|
|
|
|
|
(int) GetLastError())));
|
2004-01-26 23:59:54 +01:00
|
|
|
#endif
|
|
|
|
|
|
2000-11-29 21:59:54 +01:00
|
|
|
/*
|
2001-03-22 05:01:46 +01:00
|
|
|
* Record postmaster options. We delay this till now to avoid
|
|
|
|
|
* recording bogus options (eg, NBuffers too high for available
|
|
|
|
|
* memory).
|
2000-11-29 21:59:54 +01:00
|
|
|
*/
|
2004-05-14 00:45:04 +02:00
|
|
|
if (!CreateOptsFile(argc, argv, my_exec_path))
|
2000-11-29 21:59:54 +01:00
|
|
|
ExitPostmaster(1);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
1998-07-09 05:29:11 +02:00
|
|
|
/*
|
|
|
|
|
* Set up signal handlers for the postmaster process.
|
2002-02-19 20:53:35 +01:00
|
|
|
*
|
2002-09-04 22:31:48 +02:00
|
|
|
* CAUTION: when changing this list, check for side-effects on the signal
|
|
|
|
|
* handling setup of child processes. See tcop/postgres.c,
|
2004-07-19 04:47:16 +02:00
|
|
|
* bootstrap/bootstrap.c, postmaster/bgwriter.c, postmaster/pgarch.c,
|
2004-07-21 22:34:50 +02:00
|
|
|
* and postmaster/pgstat.c.
|
1998-07-09 05:29:11 +02:00
|
|
|
*/
|
2000-06-28 05:33:33 +02:00
|
|
|
pqinitmask();
|
1999-10-06 23:58:18 +02:00
|
|
|
PG_SETMASK(&BlockSig);
|
|
|
|
|
|
2001-03-22 05:01:46 +01:00
|
|
|
pqsignal(SIGHUP, SIGHUP_handler); /* reread config file and have
|
|
|
|
|
* children do same */
|
2004-05-30 00:48:23 +02:00
|
|
|
pqsignal(SIGINT, pmdie); /* send SIGTERM and shut down */
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
pqsignal(SIGQUIT, pmdie); /* send SIGQUIT and die */
|
2004-05-30 00:48:23 +02:00
|
|
|
pqsignal(SIGTERM, pmdie); /* wait for children and shut down */
|
2000-04-12 19:17:23 +02:00
|
|
|
pqsignal(SIGALRM, SIG_IGN); /* ignored */
|
|
|
|
|
pqsignal(SIGPIPE, SIG_IGN); /* ignored */
|
2001-11-05 18:46:40 +01:00
|
|
|
pqsignal(SIGUSR1, sigusr1_handler); /* message from child process */
|
2001-11-04 20:55:31 +01:00
|
|
|
pqsignal(SIGUSR2, dummy_handler); /* unused, reserve for children */
|
2000-04-12 19:17:23 +02:00
|
|
|
pqsignal(SIGCHLD, reaper); /* handle child termination */
|
|
|
|
|
pqsignal(SIGTTIN, SIG_IGN); /* ignored */
|
|
|
|
|
pqsignal(SIGTTOU, SIG_IGN); /* ignored */
|
2003-03-24 23:40:14 +01:00
|
|
|
/* ignore SIGXFSZ, so that ulimit violations work like disk full */
|
|
|
|
|
#ifdef SIGXFSZ
|
|
|
|
|
pqsignal(SIGXFSZ, SIG_IGN); /* ignored */
|
|
|
|
|
#endif
|
1999-10-06 23:58:18 +02:00
|
|
|
|
2001-09-08 03:10:21 +02:00
|
|
|
/*
|
|
|
|
|
* Reset whereToSendOutput from Debug (its starting state) to None.
|
2004-07-24 22:01:42 +02:00
|
|
|
* This stops ereport from sending log messages to stderr unless
|
|
|
|
|
* Log_destination permits. We don't do this until the postmaster
|
|
|
|
|
* is fully launched, since startup failures may as well be
|
2001-10-25 07:50:21 +02:00
|
|
|
* reported to stderr.
|
2001-09-08 03:10:21 +02:00
|
|
|
*/
|
|
|
|
|
whereToSendOutput = None;
|
|
|
|
|
|
2001-07-03 18:52:12 +02:00
|
|
|
/*
|
2004-06-14 20:08:19 +02:00
|
|
|
* Initialize the statistics collector stuff
|
2001-07-03 18:52:12 +02:00
|
|
|
*/
|
2003-04-26 04:57:14 +02:00
|
|
|
pgstat_init();
|
2001-07-03 18:52:12 +02:00
|
|
|
|
2001-11-02 19:39:57 +01:00
|
|
|
/*
|
|
|
|
|
* Load cached files for client authentication.
|
|
|
|
|
*/
|
2002-04-04 06:25:54 +02:00
|
|
|
load_hba();
|
|
|
|
|
load_ident();
|
|
|
|
|
load_user();
|
|
|
|
|
load_group();
|
2001-11-02 19:39:57 +01:00
|
|
|
|
2000-11-29 21:59:54 +01:00
|
|
|
/*
|
|
|
|
|
* We're ready to rock and roll...
|
|
|
|
|
*/
|
1999-10-06 23:58:18 +02:00
|
|
|
StartupPID = StartupDataBase();
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2004-06-11 05:54:54 +02:00
|
|
|
#ifdef EXEC_BACKEND
|
|
|
|
|
write_nondefault_variables(PGC_POSTMASTER);
|
|
|
|
|
#endif
|
|
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
status = ServerLoop();
|
|
|
|
|
|
2000-11-29 21:59:54 +01:00
|
|
|
/*
|
2001-03-22 05:01:46 +01:00
|
|
|
* ServerLoop probably shouldn't ever return, but if it does, close
|
|
|
|
|
* down.
|
2000-11-29 21:59:54 +01:00
|
|
|
*/
|
1997-09-07 07:04:48 +02:00
|
|
|
ExitPostmaster(status != STATUS_OK);
|
2000-11-29 21:59:54 +01:00
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
return 0; /* not reached */
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
|
2004-07-11 02:18:45 +02:00
|
|
|
|
|
|
|
|
static bool
|
|
|
|
|
onlyConfigSpecified(const char *checkdir)
|
|
|
|
|
{
|
|
|
|
|
char path[MAXPGPATH];
|
|
|
|
|
struct stat stat_buf;
|
|
|
|
|
|
|
|
|
|
if (checkdir == NULL) /* checkDataDir handles this */
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
if (stat(checkdir, &stat_buf) == -1) /* ditto */
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
if (S_ISREG(stat_buf.st_mode)) /* It's a regular file, so assume it's explict */
|
|
|
|
|
return TRUE;
|
|
|
|
|
else if (S_ISDIR(stat_buf.st_mode)) /* It's a directory, is it a config or system dir? */
|
|
|
|
|
{
|
|
|
|
|
snprintf(path, MAXPGPATH, "%s/global/pg_control", checkdir);
|
|
|
|
|
/* If this is not found, it is a config-only directory */
|
|
|
|
|
if (stat(path, &stat_buf) == -1)
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/*
|
|
|
|
|
* Validate the proposed data directory
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
checkDataDir(const char *checkdir)
|
|
|
|
|
{
|
|
|
|
|
char path[MAXPGPATH];
|
|
|
|
|
FILE *fp;
|
|
|
|
|
struct stat stat_buf;
|
|
|
|
|
|
|
|
|
|
if (checkdir == NULL)
|
|
|
|
|
{
|
2004-06-24 23:03:42 +02:00
|
|
|
write_stderr("%s does not know where to find the database system data.\n"
|
|
|
|
|
"You must specify the directory that contains the database system\n"
|
2004-07-11 02:18:45 +02:00
|
|
|
"or configuration files by either specifying the -D invocation option\n"
|
|
|
|
|
"or by setting the PGDATA environment variable.\n",
|
2004-06-24 23:03:42 +02:00
|
|
|
progname);
|
2004-05-28 07:13:32 +02:00
|
|
|
ExitPostmaster(2);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (stat(checkdir, &stat_buf) == -1)
|
|
|
|
|
{
|
|
|
|
|
if (errno == ENOENT)
|
|
|
|
|
ereport(FATAL,
|
|
|
|
|
(errcode_for_file_access(),
|
2004-07-11 02:18:45 +02:00
|
|
|
errmsg("data or configuration location \"%s\" does not exist",
|
2004-05-28 07:13:32 +02:00
|
|
|
checkdir)));
|
|
|
|
|
else
|
|
|
|
|
ereport(FATAL,
|
|
|
|
|
(errcode_for_file_access(),
|
2004-07-11 02:18:45 +02:00
|
|
|
errmsg("could not read permissions of \"%s\": %m",
|
2004-05-28 07:13:32 +02:00
|
|
|
checkdir)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check if the directory has group or world access. If so, reject.
|
|
|
|
|
*
|
|
|
|
|
* XXX temporarily suppress check when on Windows, because there may not
|
|
|
|
|
* be proper support for Unix-y file permissions. Need to think of a
|
|
|
|
|
* reasonable check to apply on Windows.
|
|
|
|
|
*/
|
|
|
|
|
#if !defined(__CYGWIN__) && !defined(WIN32)
|
|
|
|
|
if (stat_buf.st_mode & (S_IRWXG | S_IRWXO))
|
|
|
|
|
ereport(FATAL,
|
|
|
|
|
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
|
|
|
|
|
errmsg("data directory \"%s\" has group or world access",
|
|
|
|
|
checkdir),
|
|
|
|
|
errdetail("Permissions should be u=rwx (0700).")));
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* Look for PG_VERSION before looking for pg_control */
|
|
|
|
|
ValidatePgVersion(checkdir);
|
|
|
|
|
|
|
|
|
|
snprintf(path, sizeof(path), "%s/global/pg_control", checkdir);
|
|
|
|
|
|
|
|
|
|
fp = AllocateFile(path, PG_BINARY_R);
|
|
|
|
|
if (fp == NULL)
|
|
|
|
|
{
|
2004-07-21 22:34:50 +02:00
|
|
|
write_stderr("%s: could not find the database system\n"
|
|
|
|
|
"Expected to find it in the directory \"%s\",\n"
|
|
|
|
|
"but could not open file \"%s\": %s\n",
|
|
|
|
|
progname, checkdir, path, strerror(errno));
|
2004-05-28 07:13:32 +02:00
|
|
|
ExitPostmaster(2);
|
|
|
|
|
}
|
|
|
|
|
FreeFile(fp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef USE_RENDEZVOUS
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* empty callback function for DNSServiceRegistrationCreate()
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
reg_reply(DNSServiceRegistrationReplyErrorType errorCode, void *context)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif /* USE_RENDEZVOUS */
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Fork away from the controlling terminal (-S option)
|
|
|
|
|
*/
|
1996-07-09 08:22:35 +02:00
|
|
|
static void
|
2004-05-28 07:13:32 +02:00
|
|
|
pmdaemonize(void)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2004-05-30 00:48:23 +02:00
|
|
|
#ifndef WIN32
|
1997-09-08 04:41:22 +02:00
|
|
|
int i;
|
2000-04-12 19:17:23 +02:00
|
|
|
pid_t pid;
|
2002-09-04 22:31:48 +02:00
|
|
|
|
2002-03-02 21:46:12 +01:00
|
|
|
#ifdef LINUX_PROFILE
|
|
|
|
|
struct itimerval prof_itimer;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef LINUX_PROFILE
|
2004-05-28 07:13:32 +02:00
|
|
|
/* see comments in BackendStartup */
|
2002-03-02 21:46:12 +01:00
|
|
|
getitimer(ITIMER_PROF, &prof_itimer);
|
|
|
|
|
#endif
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1999-12-04 09:23:43 +01:00
|
|
|
pid = fork();
|
2000-11-29 23:04:04 +01:00
|
|
|
if (pid == (pid_t) -1)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2004-07-21 22:34:50 +02:00
|
|
|
write_stderr("%s: could not fork background process: %s\n",
|
|
|
|
|
progname, strerror(errno));
|
1999-12-04 09:23:43 +01:00
|
|
|
ExitPostmaster(1);
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
else if (pid)
|
|
|
|
|
{ /* parent */
|
2000-11-29 21:59:54 +01:00
|
|
|
/* Parent should just exit, without doing any atexit cleanup */
|
|
|
|
|
_exit(0);
|
1999-12-04 09:23:43 +01:00
|
|
|
}
|
1999-12-06 08:21:12 +01:00
|
|
|
|
2002-03-02 21:46:12 +01:00
|
|
|
#ifdef LINUX_PROFILE
|
|
|
|
|
setitimer(ITIMER_PROF, &prof_itimer, NULL);
|
|
|
|
|
#endif
|
|
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
MyProcPid = PostmasterPid = getpid(); /* reset PID vars to child */
|
2000-11-29 23:04:04 +01:00
|
|
|
|
1997-02-13 09:32:20 +01:00
|
|
|
/* GH: If there's no setsid(), we hopefully don't need silent mode.
|
|
|
|
|
* Until there's a better solution.
|
|
|
|
|
*/
|
|
|
|
|
#ifdef HAVE_SETSID
|
1997-09-07 07:04:48 +02:00
|
|
|
if (setsid() < 0)
|
|
|
|
|
{
|
2004-07-21 22:34:50 +02:00
|
|
|
write_stderr("%s: could not dissociate from controlling TTY: %s\n",
|
|
|
|
|
progname, strerror(errno));
|
2000-11-29 21:59:54 +01:00
|
|
|
ExitPostmaster(1);
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
1997-02-13 09:32:20 +01:00
|
|
|
#endif
|
2000-06-02 17:57:44 +02:00
|
|
|
i = open(NULL_DEV, O_RDWR | PG_BINARY);
|
1997-09-07 07:04:48 +02:00
|
|
|
dup2(i, 0);
|
|
|
|
|
dup2(i, 1);
|
|
|
|
|
dup2(i, 2);
|
|
|
|
|
close(i);
|
2004-05-30 00:48:23 +02:00
|
|
|
#else /* WIN32 */
|
|
|
|
|
/* not supported */
|
|
|
|
|
elog(FATAL, "SilentMode not supported under WIN32");
|
|
|
|
|
#endif /* WIN32 */
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2000-07-12 19:38:53 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Print out help message
|
|
|
|
|
*/
|
1996-07-09 08:22:35 +02:00
|
|
|
static void
|
1996-10-04 22:17:11 +02:00
|
|
|
usage(const char *progname)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2001-06-03 16:53:56 +02:00
|
|
|
printf(gettext("%s is the PostgreSQL server.\n\n"), progname);
|
2002-10-19 00:05:36 +02:00
|
|
|
printf(gettext("Usage:\n %s [OPTION]...\n\n"), progname);
|
2001-06-03 16:53:56 +02:00
|
|
|
printf(gettext("Options:\n"));
|
1998-08-25 23:04:41 +02:00
|
|
|
#ifdef USE_ASSERT_CHECKING
|
2001-06-03 16:53:56 +02:00
|
|
|
printf(gettext(" -A 1|0 enable/disable run-time assert checking\n"));
|
1998-08-25 23:04:41 +02:00
|
|
|
#endif
|
2003-04-07 00:45:23 +02:00
|
|
|
printf(gettext(" -B NBUFFERS number of shared buffers\n"));
|
2001-06-03 16:53:56 +02:00
|
|
|
printf(gettext(" -c NAME=VALUE set run-time parameter\n"));
|
|
|
|
|
printf(gettext(" -d 1-5 debugging level\n"));
|
|
|
|
|
printf(gettext(" -D DATADIR database directory\n"));
|
|
|
|
|
printf(gettext(" -F turn fsync off\n"));
|
|
|
|
|
printf(gettext(" -h HOSTNAME host name or IP address to listen on\n"));
|
|
|
|
|
printf(gettext(" -i enable TCP/IP connections\n"));
|
|
|
|
|
printf(gettext(" -k DIRECTORY Unix-domain socket location\n"));
|
1999-09-27 05:13:16 +02:00
|
|
|
#ifdef USE_SSL
|
2001-06-03 16:53:56 +02:00
|
|
|
printf(gettext(" -l enable SSL connections\n"));
|
1999-09-27 05:13:16 +02:00
|
|
|
#endif
|
2003-04-07 00:45:23 +02:00
|
|
|
printf(gettext(" -N MAX-CONNECT maximum number of allowed connections\n"));
|
2003-09-26 17:27:37 +02:00
|
|
|
printf(gettext(" -o OPTIONS pass \"OPTIONS\" to each server process\n"));
|
2003-04-07 00:45:23 +02:00
|
|
|
printf(gettext(" -p PORT port number to listen on\n"));
|
2001-06-03 16:53:56 +02:00
|
|
|
printf(gettext(" -S silent mode (start in background without logging output)\n"));
|
2002-10-19 00:05:36 +02:00
|
|
|
printf(gettext(" --help show this help, then exit\n"));
|
|
|
|
|
printf(gettext(" --version output version information, then exit\n"));
|
2001-06-03 16:53:56 +02:00
|
|
|
|
|
|
|
|
printf(gettext("\nDeveloper options:\n"));
|
|
|
|
|
printf(gettext(" -n do not reinitialize shared memory after abnormal exit\n"));
|
|
|
|
|
printf(gettext(" -s send SIGSTOP to all backend servers if one dies\n"));
|
|
|
|
|
|
|
|
|
|
printf(gettext("\nPlease read the documentation for the complete list of run-time\n"
|
|
|
|
|
"configuration settings and how to set them on the command line or in\n"
|
|
|
|
|
"the configuration file.\n\n"
|
|
|
|
|
"Report bugs to <pgsql-bugs@postgresql.org>.\n"));
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
|
|
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* Main idle loop of postmaster
|
2004-05-28 07:13:32 +02:00
|
|
|
*/
|
1997-08-19 23:40:56 +02:00
|
|
|
static int
|
1996-10-04 22:17:11 +02:00
|
|
|
ServerLoop(void)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2003-08-04 02:43:34 +02:00
|
|
|
fd_set readmask;
|
1998-02-26 05:46:47 +01:00
|
|
|
int nSockets;
|
2004-05-30 00:48:23 +02:00
|
|
|
time_t now,
|
|
|
|
|
last_touch_time;
|
2004-07-21 22:34:50 +02:00
|
|
|
struct timeval earlier,
|
2003-08-04 02:43:34 +02:00
|
|
|
later;
|
2004-07-21 22:34:50 +02:00
|
|
|
struct timezone tz;
|
1998-06-08 06:27:59 +02:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
gettimeofday(&earlier, &tz);
|
|
|
|
|
last_touch_time = time(NULL);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2003-07-24 01:30:41 +02:00
|
|
|
nSockets = initMasks(&readmask);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
|
for (;;)
|
|
|
|
|
{
|
2001-03-22 05:01:46 +01:00
|
|
|
Port *port;
|
2003-07-24 01:30:41 +02:00
|
|
|
fd_set rmask;
|
2001-11-04 20:55:31 +01:00
|
|
|
struct timeval timeout;
|
2004-05-30 00:48:23 +02:00
|
|
|
int selres;
|
|
|
|
|
int i;
|
2001-11-04 20:55:31 +01:00
|
|
|
|
|
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* Wait for something to happen.
|
|
|
|
|
*
|
|
|
|
|
* We wait at most one minute, to ensure that the other background
|
|
|
|
|
* tasks handled below get done even when no requests are arriving.
|
2001-11-04 20:55:31 +01:00
|
|
|
*/
|
2004-05-30 00:48:23 +02:00
|
|
|
memcpy((char *) &rmask, (char *) &readmask, sizeof(fd_set));
|
|
|
|
|
|
2001-11-04 20:55:31 +01:00
|
|
|
timeout.tv_sec = 60;
|
|
|
|
|
timeout.tv_usec = 0;
|
2000-11-09 12:26:00 +01:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
PG_SETMASK(&UnBlockSig);
|
1998-01-26 02:42:53 +01:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
selres = select(nSockets, &rmask, NULL, NULL, &timeout);
|
2003-11-19 16:55:08 +01:00
|
|
|
|
2000-10-26 00:27:25 +02:00
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* Block all signals until we wait again. (This makes it safe for
|
|
|
|
|
* our signal handlers to do nontrivial work.)
|
2000-10-26 00:27:25 +02:00
|
|
|
*/
|
2004-05-30 00:48:23 +02:00
|
|
|
PG_SETMASK(&BlockSig);
|
2000-10-24 23:33:52 +02:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
if (selres < 0)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2004-07-27 03:46:03 +02:00
|
|
|
if (errno != EINTR && errno != EWOULDBLOCK)
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode_for_socket_access(),
|
|
|
|
|
errmsg("select() failed in postmaster: %m")));
|
|
|
|
|
return STATUS_ERROR;
|
|
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
2000-10-24 23:33:52 +02:00
|
|
|
|
|
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* New connection pending on any of our sockets? If so, fork a
|
|
|
|
|
* child process to deal with it.
|
1998-06-09 06:06:12 +02:00
|
|
|
*/
|
2004-05-30 00:48:23 +02:00
|
|
|
if (selres > 0)
|
1998-06-08 06:27:59 +02:00
|
|
|
{
|
|
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* Select a random seed at the time of first receiving a request.
|
1998-06-08 06:27:59 +02:00
|
|
|
*/
|
2004-05-30 00:48:23 +02:00
|
|
|
while (random_seed == 0)
|
|
|
|
|
{
|
|
|
|
|
gettimeofday(&later, &tz);
|
1998-09-01 06:40:42 +02:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
/*
|
|
|
|
|
* We are not sure how much precision is in tv_usec, so we
|
|
|
|
|
* swap the nibbles of 'later' and XOR them with 'earlier'. On
|
|
|
|
|
* the off chance that the result is 0, we loop until it isn't.
|
|
|
|
|
*/
|
|
|
|
|
random_seed = earlier.tv_usec ^
|
|
|
|
|
((later.tv_usec << 16) |
|
|
|
|
|
((later.tv_usec >> 16) & 0xffff));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < MAXLISTEN; i++)
|
2001-06-21 18:43:24 +02:00
|
|
|
{
|
2004-05-30 00:48:23 +02:00
|
|
|
if (ListenSocket[i] == -1)
|
|
|
|
|
break;
|
|
|
|
|
if (FD_ISSET(ListenSocket[i], &rmask))
|
2003-06-12 09:36:51 +02:00
|
|
|
{
|
2004-05-30 00:48:23 +02:00
|
|
|
port = ConnCreate(ListenSocket[i]);
|
|
|
|
|
if (port)
|
|
|
|
|
{
|
|
|
|
|
BackendStartup(port);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We no longer need the open socket or port structure
|
|
|
|
|
* in this process
|
|
|
|
|
*/
|
|
|
|
|
StreamClose(port->sock);
|
|
|
|
|
ConnFree(port);
|
|
|
|
|
}
|
2003-06-12 09:36:51 +02:00
|
|
|
}
|
2001-06-21 18:43:24 +02:00
|
|
|
}
|
1999-09-27 05:13:16 +02:00
|
|
|
}
|
2003-04-26 04:57:14 +02:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
/*
|
|
|
|
|
* If no background writer process is running, and we are not in
|
|
|
|
|
* a state that prevents it, start one. It doesn't matter if this
|
|
|
|
|
* fails, we'll just try again later.
|
|
|
|
|
*/
|
|
|
|
|
if (BgWriterPID == 0 && StartupPID == 0 && !FatalError)
|
|
|
|
|
{
|
|
|
|
|
BgWriterPID = StartBackgroundWriter();
|
|
|
|
|
/* If shutdown is pending, set it going */
|
|
|
|
|
if (Shutdown > NoShutdown && BgWriterPID != 0)
|
|
|
|
|
kill(BgWriterPID, SIGUSR2);
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-19 04:47:16 +02:00
|
|
|
/* If we have lost the archiver, try to start a new one */
|
|
|
|
|
if (XLogArchivingActive() && PgArchPID == 0 &&
|
|
|
|
|
StartupPID == 0 && !FatalError && Shutdown == NoShutdown)
|
|
|
|
|
PgArchPID = pgarch_start();
|
|
|
|
|
|
2003-04-26 04:57:14 +02:00
|
|
|
/* If we have lost the stats collector, try to start a new one */
|
2004-06-14 20:08:19 +02:00
|
|
|
if (PgStatPID == 0 &&
|
|
|
|
|
StartupPID == 0 && !FatalError && Shutdown == NoShutdown)
|
|
|
|
|
PgStatPID = pgstat_start();
|
2004-05-30 00:48:23 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Touch the socket and lock file at least every ten minutes, to ensure
|
|
|
|
|
* that they are not removed by overzealous /tmp-cleaning tasks.
|
|
|
|
|
*/
|
|
|
|
|
now = time(NULL);
|
|
|
|
|
if (now - last_touch_time >= 10 * 60)
|
|
|
|
|
{
|
|
|
|
|
TouchSocketFile();
|
|
|
|
|
TouchSocketLockFile();
|
|
|
|
|
last_touch_time = now;
|
|
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
1996-10-12 09:48:49 +02:00
|
|
|
|
|
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* Initialise the masks for select() for the ports we are listening on.
|
|
|
|
|
* Return the number of sockets to listen on.
|
1998-01-26 02:42:53 +01:00
|
|
|
*/
|
1998-02-26 05:46:47 +01:00
|
|
|
static int
|
2003-07-24 01:30:41 +02:00
|
|
|
initMasks(fd_set *rmask)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1998-02-26 05:46:47 +01:00
|
|
|
int nsocks = -1;
|
2003-06-12 09:36:51 +02:00
|
|
|
int i;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
|
|
|
|
FD_ZERO(rmask);
|
|
|
|
|
|
2003-06-12 09:36:51 +02:00
|
|
|
for (i = 0; i < MAXLISTEN; i++)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2003-08-04 02:43:34 +02:00
|
|
|
int fd = ListenSocket[i];
|
2003-07-24 01:30:41 +02:00
|
|
|
|
|
|
|
|
if (fd == -1)
|
|
|
|
|
break;
|
|
|
|
|
FD_SET(fd, rmask);
|
|
|
|
|
if (fd > nsocks)
|
|
|
|
|
nsocks = fd;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-09-01 05:29:17 +02:00
|
|
|
return nsocks + 1;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
1996-10-12 09:48:49 +02:00
|
|
|
|
|
|
|
|
/*
|
2001-06-20 20:07:56 +02:00
|
|
|
* Read the startup packet and do something according to it.
|
|
|
|
|
*
|
2003-07-22 21:00:12 +02:00
|
|
|
* Returns STATUS_OK or STATUS_ERROR, or might call ereport(FATAL) and
|
2001-06-20 20:07:56 +02:00
|
|
|
* not return at all.
|
2001-08-30 21:02:42 +02:00
|
|
|
*
|
2003-07-22 21:00:12 +02:00
|
|
|
* (Note that ereport(FATAL) stuff is sent to the client, so only use it
|
2001-10-19 02:44:08 +02:00
|
|
|
* if that's what you want. Return STATUS_ERROR if you don't want to
|
|
|
|
|
* send anything to the client, which would typically be appropriate
|
|
|
|
|
* if we detect a communications failure.)
|
1998-01-26 02:42:53 +01:00
|
|
|
*/
|
1998-07-09 05:29:11 +02:00
|
|
|
static int
|
2001-06-21 18:43:24 +02:00
|
|
|
ProcessStartupPacket(Port *port, bool SSLdone)
|
1996-10-12 09:48:49 +02:00
|
|
|
{
|
2001-06-20 20:07:56 +02:00
|
|
|
int32 len;
|
|
|
|
|
void *buf;
|
2003-04-18 00:26:02 +02:00
|
|
|
ProtocolVersion proto;
|
|
|
|
|
MemoryContext oldcontext;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2001-10-19 02:44:08 +02:00
|
|
|
if (pq_getbytes((char *) &len, 4) == EOF)
|
|
|
|
|
{
|
2003-04-22 02:08:07 +02:00
|
|
|
/*
|
|
|
|
|
* EOF after SSLdone probably means the client didn't like our
|
2003-08-04 02:43:34 +02:00
|
|
|
* response to NEGOTIATE_SSL_CODE. That's not an error condition,
|
2003-04-22 02:08:07 +02:00
|
|
|
* so don't clutter the log with a complaint.
|
|
|
|
|
*/
|
|
|
|
|
if (!SSLdone)
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(COMMERROR,
|
|
|
|
|
(errcode(ERRCODE_PROTOCOL_VIOLATION),
|
|
|
|
|
errmsg("incomplete startup packet")));
|
2001-10-19 02:44:08 +02:00
|
|
|
return STATUS_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-20 20:07:56 +02:00
|
|
|
len = ntohl(len);
|
|
|
|
|
len -= 4;
|
|
|
|
|
|
2003-04-18 00:26:02 +02:00
|
|
|
if (len < (int32) sizeof(ProtocolVersion) ||
|
|
|
|
|
len > MAX_STARTUP_PACKET_LENGTH)
|
2003-04-22 02:08:07 +02:00
|
|
|
{
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(COMMERROR,
|
|
|
|
|
(errcode(ERRCODE_PROTOCOL_VIOLATION),
|
|
|
|
|
errmsg("invalid length of startup packet")));
|
2003-04-22 02:08:07 +02:00
|
|
|
return STATUS_ERROR;
|
|
|
|
|
}
|
2001-06-20 20:07:56 +02:00
|
|
|
|
2003-04-18 00:26:02 +02:00
|
|
|
/*
|
|
|
|
|
* Allocate at least the size of an old-style startup packet, plus one
|
2003-08-04 02:43:34 +02:00
|
|
|
* extra byte, and make sure all are zeroes. This ensures we will
|
|
|
|
|
* have null termination of all strings, in both fixed- and
|
|
|
|
|
* variable-length packet layouts.
|
2003-04-18 00:26:02 +02:00
|
|
|
*/
|
|
|
|
|
if (len <= (int32) sizeof(StartupPacket))
|
|
|
|
|
buf = palloc0(sizeof(StartupPacket) + 1);
|
|
|
|
|
else
|
|
|
|
|
buf = palloc0(len + 1);
|
2001-10-19 02:44:08 +02:00
|
|
|
|
|
|
|
|
if (pq_getbytes(buf, len) == EOF)
|
|
|
|
|
{
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(COMMERROR,
|
|
|
|
|
(errcode(ERRCODE_PROTOCOL_VIOLATION),
|
|
|
|
|
errmsg("incomplete startup packet")));
|
2001-10-19 02:44:08 +02:00
|
|
|
return STATUS_ERROR;
|
|
|
|
|
}
|
2001-07-30 16:50:24 +02:00
|
|
|
|
1998-09-01 06:40:42 +02:00
|
|
|
/*
|
|
|
|
|
* The first field is either a protocol version number or a special
|
|
|
|
|
* request code.
|
1998-07-09 05:29:11 +02:00
|
|
|
*/
|
2003-04-18 00:26:02 +02:00
|
|
|
port->proto = proto = ntohl(*((ProtocolVersion *) buf));
|
1998-07-09 05:29:11 +02:00
|
|
|
|
2003-04-18 00:26:02 +02:00
|
|
|
if (proto == CANCEL_REQUEST_CODE)
|
2001-06-20 20:07:56 +02:00
|
|
|
{
|
2003-04-18 00:26:02 +02:00
|
|
|
processCancelRequest(port, buf);
|
2001-06-20 20:07:56 +02:00
|
|
|
return 127; /* XXX */
|
|
|
|
|
}
|
1998-07-09 05:29:11 +02:00
|
|
|
|
2003-04-18 00:26:02 +02:00
|
|
|
if (proto == NEGOTIATE_SSL_CODE && !SSLdone)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
|
|
|
|
char SSLok;
|
|
|
|
|
|
1999-09-27 05:13:16 +02:00
|
|
|
#ifdef USE_SSL
|
2000-10-26 00:27:25 +02:00
|
|
|
/* No SSL when disabled or on Unix sockets */
|
2003-08-02 01:25:00 +02:00
|
|
|
if (!EnableSSL || IS_AF_UNIX(port->laddr.addr.ss_family))
|
2000-10-26 00:27:25 +02:00
|
|
|
SSLok = 'N';
|
2000-08-30 16:54:24 +02:00
|
|
|
else
|
2000-10-26 00:27:25 +02:00
|
|
|
SSLok = 'S'; /* Support for SSL */
|
1999-09-27 05:13:16 +02:00
|
|
|
#else
|
2000-04-12 19:17:23 +02:00
|
|
|
SSLok = 'N'; /* No support for SSL */
|
1999-09-27 05:13:16 +02:00
|
|
|
#endif
|
2000-04-12 19:17:23 +02:00
|
|
|
if (send(port->sock, &SSLok, 1, 0) != 1)
|
|
|
|
|
{
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(COMMERROR,
|
|
|
|
|
(errcode_for_socket_access(),
|
2003-08-04 02:43:34 +02:00
|
|
|
errmsg("failed to send SSL negotiation response: %m")));
|
2001-10-28 07:26:15 +01:00
|
|
|
return STATUS_ERROR; /* close the connection */
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
1999-09-27 05:13:16 +02:00
|
|
|
#ifdef USE_SSL
|
UPDATED PATCH:
Attached are a revised set of SSL patches. Many of these patches
are motivated by security concerns, it's not just bug fixes. The key
differences (from stock 7.2.1) are:
*) almost all code that directly uses the OpenSSL library is in two
new files,
src/interfaces/libpq/fe-ssl.c
src/backend/postmaster/be-ssl.c
in the long run, it would be nice to merge these two files.
*) the legacy code to read and write network data have been
encapsulated into read_SSL() and write_SSL(). These functions
should probably be renamed - they handle both SSL and non-SSL
cases.
the remaining code should eliminate the problems identified
earlier, albeit not very cleanly.
*) both front- and back-ends will send a SSL shutdown via the
new close_SSL() function. This is necessary for sessions to
work properly.
(Sessions are not yet fully supported, but by cleanly closing
the SSL connection instead of just sending a TCP FIN packet
other SSL tools will be much happier.)
*) The client certificate and key are now expected in a subdirectory
of the user's home directory. Specifically,
- the directory .postgresql must be owned by the user, and
allow no access by 'group' or 'other.'
- the file .postgresql/postgresql.crt must be a regular file
owned by the user.
- the file .postgresql/postgresql.key must be a regular file
owned by the user, and allow no access by 'group' or 'other'.
At the current time encrypted private keys are not supported.
There should also be a way to support multiple client certs/keys.
*) the front-end performs minimal validation of the back-end cert.
Self-signed certs are permitted, but the common name *must*
match the hostname used by the front-end. (The cert itself
should always use a fully qualified domain name (FDQN) in its
common name field.)
This means that
psql -h eris db
will fail, but
psql -h eris.example.com db
will succeed. At the current time this must be an exact match;
future patches may support any FQDN that resolves to the address
returned by getpeername(2).
Another common "problem" is expiring certs. For now, it may be
a good idea to use a very-long-lived self-signed cert.
As a compile-time option, the front-end can specify a file
containing valid root certificates, but it is not yet required.
*) the back-end performs minimal validation of the client cert.
It allows self-signed certs. It checks for expiration. It
supports a compile-time option specifying a file containing
valid root certificates.
*) both front- and back-ends default to TLSv1, not SSLv3/SSLv2.
*) both front- and back-ends support DSA keys. DSA keys are
moderately more expensive on startup, but many people consider
them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.)
*) if /dev/urandom exists, both client and server will read 16k
of randomization data from it.
*) the server can read empheral DH parameters from the files
$DataDir/dh512.pem
$DataDir/dh1024.pem
$DataDir/dh2048.pem
$DataDir/dh4096.pem
if none are provided, the server will default to hardcoded
parameter files provided by the OpenSSL project.
Remaining tasks:
*) the select() clauses need to be revisited - the SSL abstraction
layer may need to absorb more of the current code to avoid rare
deadlock conditions. This also touches on a true solution to
the pg_eof() problem.
*) the SIGPIPE signal handler may need to be revisited.
*) support encrypted private keys.
*) sessions are not yet fully supported. (SSL sessions can span
multiple "connections," and allow the client and server to avoid
costly renegotiations.)
*) makecert - a script that creates back-end certs.
*) pgkeygen - a tool that creates front-end certs.
*) the whole protocol issue, SASL, etc.
*) certs are fully validated - valid root certs must be available.
This is a hassle, but it means that you *can* trust the identity
of the server.
*) the client library can handle hardcoded root certificates, to
avoid the need to copy these files.
*) host name of server cert must resolve to IP address, or be a
recognized alias. This is more liberal than the previous
iteration.
*) the number of bytes transferred is tracked, and the session
key is periodically renegotiated.
*) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The
configuration files have reasonable defaults for each type
of use.
Bear Giles
2002-06-14 06:23:17 +02:00
|
|
|
if (SSLok == 'S' && secure_open_server(port) == -1)
|
2002-09-04 22:31:48 +02:00
|
|
|
return STATUS_ERROR;
|
1999-09-27 05:13:16 +02:00
|
|
|
#endif
|
2001-06-21 18:43:24 +02:00
|
|
|
/* regular startup packet, cancel, etc packet should follow... */
|
|
|
|
|
/* but not another SSL negotiation request */
|
|
|
|
|
return ProcessStartupPacket(port, true);
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
1999-09-27 05:13:16 +02:00
|
|
|
|
1998-07-09 05:29:11 +02:00
|
|
|
/* Could add additional special packet types here */
|
|
|
|
|
|
2003-04-22 02:08:07 +02:00
|
|
|
/*
|
2003-08-04 02:43:34 +02:00
|
|
|
* Set FrontendProtocol now so that ereport() knows what format to
|
|
|
|
|
* send if we fail during startup.
|
2003-04-22 02:08:07 +02:00
|
|
|
*/
|
|
|
|
|
FrontendProtocol = proto;
|
1999-09-27 05:13:16 +02:00
|
|
|
|
1998-07-09 05:29:11 +02:00
|
|
|
/* Check we can handle the protocol the frontend is using. */
|
|
|
|
|
|
2003-04-18 00:26:02 +02:00
|
|
|
if (PG_PROTOCOL_MAJOR(proto) < PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST) ||
|
2003-08-04 02:43:34 +02:00
|
|
|
PG_PROTOCOL_MAJOR(proto) > PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST) ||
|
|
|
|
|
(PG_PROTOCOL_MAJOR(proto) == PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST) &&
|
|
|
|
|
PG_PROTOCOL_MINOR(proto) > PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST)))
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(FATAL,
|
|
|
|
|
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
|
|
|
|
|
errmsg("unsupported frontend protocol %u.%u: server supports %u.0 to %u.%u",
|
2003-08-04 02:43:34 +02:00
|
|
|
PG_PROTOCOL_MAJOR(proto), PG_PROTOCOL_MINOR(proto),
|
2003-07-22 21:00:12 +02:00
|
|
|
PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST),
|
|
|
|
|
PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST),
|
|
|
|
|
PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST))));
|
1998-07-09 05:29:11 +02:00
|
|
|
|
2001-03-22 05:01:46 +01:00
|
|
|
/*
|
2003-04-18 00:26:02 +02:00
|
|
|
* Now fetch parameters out of startup packet and save them into the
|
2003-08-04 02:43:34 +02:00
|
|
|
* Port structure. All data structures attached to the Port struct
|
2003-04-18 00:26:02 +02:00
|
|
|
* must be allocated in TopMemoryContext so that they won't disappear
|
2004-05-27 17:07:41 +02:00
|
|
|
* when we pass them to PostgresMain (see BackendRun). We need not
|
2003-08-04 02:43:34 +02:00
|
|
|
* worry about leaking this storage on failure, since we aren't in the
|
|
|
|
|
* postmaster process anymore.
|
2001-03-22 05:01:46 +01:00
|
|
|
*/
|
2003-04-18 00:26:02 +02:00
|
|
|
oldcontext = MemoryContextSwitchTo(TopMemoryContext);
|
|
|
|
|
|
|
|
|
|
if (PG_PROTOCOL_MAJOR(proto) >= 3)
|
|
|
|
|
{
|
2003-08-04 02:43:34 +02:00
|
|
|
int32 offset = sizeof(ProtocolVersion);
|
2003-04-18 00:26:02 +02:00
|
|
|
|
|
|
|
|
/*
|
2003-08-04 02:43:34 +02:00
|
|
|
* Scan packet body for name/option pairs. We can assume any
|
2003-04-18 00:26:02 +02:00
|
|
|
* string beginning within the packet body is null-terminated,
|
|
|
|
|
* thanks to zeroing extra byte above.
|
|
|
|
|
*/
|
|
|
|
|
port->guc_options = NIL;
|
|
|
|
|
|
|
|
|
|
while (offset < len)
|
|
|
|
|
{
|
2003-08-04 02:43:34 +02:00
|
|
|
char *nameptr = ((char *) buf) + offset;
|
|
|
|
|
int32 valoffset;
|
|
|
|
|
char *valptr;
|
2003-04-18 00:26:02 +02:00
|
|
|
|
|
|
|
|
if (*nameptr == '\0')
|
|
|
|
|
break; /* found packet terminator */
|
|
|
|
|
valoffset = offset + strlen(nameptr) + 1;
|
|
|
|
|
if (valoffset >= len)
|
|
|
|
|
break; /* missing value, will complain below */
|
|
|
|
|
valptr = ((char *) buf) + valoffset;
|
|
|
|
|
|
|
|
|
|
if (strcmp(nameptr, "database") == 0)
|
|
|
|
|
port->database_name = pstrdup(valptr);
|
|
|
|
|
else if (strcmp(nameptr, "user") == 0)
|
|
|
|
|
port->user_name = pstrdup(valptr);
|
|
|
|
|
else if (strcmp(nameptr, "options") == 0)
|
|
|
|
|
port->cmdline_options = pstrdup(valptr);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Assume it's a generic GUC option */
|
|
|
|
|
port->guc_options = lappend(port->guc_options,
|
|
|
|
|
pstrdup(nameptr));
|
|
|
|
|
port->guc_options = lappend(port->guc_options,
|
|
|
|
|
pstrdup(valptr));
|
|
|
|
|
}
|
|
|
|
|
offset = valoffset + strlen(valptr) + 1;
|
|
|
|
|
}
|
2003-08-04 02:43:34 +02:00
|
|
|
|
2003-04-18 00:26:02 +02:00
|
|
|
/*
|
|
|
|
|
* If we didn't find a packet terminator exactly at the end of the
|
|
|
|
|
* given packet length, complain.
|
|
|
|
|
*/
|
2003-08-04 02:43:34 +02:00
|
|
|
if (offset != len - 1)
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(FATAL,
|
|
|
|
|
(errcode(ERRCODE_PROTOCOL_VIOLATION),
|
|
|
|
|
errmsg("invalid startup packet layout: expected terminator as last byte")));
|
2003-04-18 00:26:02 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/*
|
2003-08-04 02:43:34 +02:00
|
|
|
* Get the parameters from the old-style, fixed-width-fields
|
|
|
|
|
* startup packet as C strings. The packet destination was
|
|
|
|
|
* cleared first so a short packet has zeros silently added. We
|
|
|
|
|
* have to be prepared to truncate the pstrdup result for oversize
|
|
|
|
|
* fields, though.
|
2003-04-18 00:26:02 +02:00
|
|
|
*/
|
|
|
|
|
StartupPacket *packet = (StartupPacket *) buf;
|
|
|
|
|
|
|
|
|
|
port->database_name = pstrdup(packet->database);
|
|
|
|
|
if (strlen(port->database_name) > sizeof(packet->database))
|
|
|
|
|
port->database_name[sizeof(packet->database)] = '\0';
|
|
|
|
|
port->user_name = pstrdup(packet->user);
|
|
|
|
|
if (strlen(port->user_name) > sizeof(packet->user))
|
|
|
|
|
port->user_name[sizeof(packet->user)] = '\0';
|
|
|
|
|
port->cmdline_options = pstrdup(packet->options);
|
|
|
|
|
if (strlen(port->cmdline_options) > sizeof(packet->options))
|
|
|
|
|
port->cmdline_options[sizeof(packet->options)] = '\0';
|
|
|
|
|
port->guc_options = NIL;
|
|
|
|
|
}
|
2001-02-20 02:34:40 +01:00
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
/* Check a user name was given. */
|
2003-04-18 00:26:02 +02:00
|
|
|
if (port->user_name == NULL || port->user_name[0] == '\0')
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(FATAL,
|
|
|
|
|
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
|
2003-08-04 02:43:34 +02:00
|
|
|
errmsg("no PostgreSQL user name specified in startup packet")));
|
1998-01-26 02:42:53 +01:00
|
|
|
|
2003-04-18 00:26:02 +02:00
|
|
|
/* The database defaults to the user name. */
|
|
|
|
|
if (port->database_name == NULL || port->database_name[0] == '\0')
|
|
|
|
|
port->database_name = pstrdup(port->user_name);
|
|
|
|
|
|
2002-08-18 05:03:26 +02:00
|
|
|
if (Db_user_namespace)
|
2002-09-04 22:31:48 +02:00
|
|
|
{
|
2002-08-18 05:03:26 +02:00
|
|
|
/*
|
2002-09-04 22:31:48 +02:00
|
|
|
* If user@, it is a global user, remove '@'. We only want to do
|
|
|
|
|
* this if there is an '@' at the end and no earlier in the user
|
|
|
|
|
* string or they may fake as a local user of another database
|
|
|
|
|
* attaching to this database.
|
2002-08-18 05:03:26 +02:00
|
|
|
*/
|
2003-04-18 00:26:02 +02:00
|
|
|
if (strchr(port->user_name, '@') ==
|
|
|
|
|
port->user_name + strlen(port->user_name) - 1)
|
|
|
|
|
*strchr(port->user_name, '@') = '\0';
|
2002-08-18 05:03:26 +02:00
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Append '@' and dbname */
|
2003-04-18 00:26:02 +02:00
|
|
|
char *db_user;
|
2002-09-04 22:31:48 +02:00
|
|
|
|
2003-04-18 00:26:02 +02:00
|
|
|
db_user = palloc(strlen(port->user_name) +
|
|
|
|
|
strlen(port->database_name) + 2);
|
|
|
|
|
sprintf(db_user, "%s@%s", port->user_name, port->database_name);
|
|
|
|
|
port->user_name = db_user;
|
2002-08-18 05:03:26 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2003-04-18 00:26:02 +02:00
|
|
|
/*
|
|
|
|
|
* Truncate given database and user names to length of a Postgres
|
|
|
|
|
* name. This avoids lookup failures when overlength names are given.
|
|
|
|
|
*/
|
|
|
|
|
if (strlen(port->database_name) >= NAMEDATALEN)
|
|
|
|
|
port->database_name[NAMEDATALEN - 1] = '\0';
|
|
|
|
|
if (strlen(port->user_name) >= NAMEDATALEN)
|
|
|
|
|
port->user_name[NAMEDATALEN - 1] = '\0';
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Done putting stuff in TopMemoryContext.
|
|
|
|
|
*/
|
|
|
|
|
MemoryContextSwitchTo(oldcontext);
|
|
|
|
|
|
2000-11-29 21:59:54 +01:00
|
|
|
/*
|
2001-03-22 05:01:46 +01:00
|
|
|
* If we're going to reject the connection due to database state, say
|
|
|
|
|
* so now instead of wasting cycles on an authentication exchange.
|
2000-11-29 21:59:54 +01:00
|
|
|
* (This also allows a pg_ping utility to be written.)
|
|
|
|
|
*/
|
2003-12-20 18:31:21 +01:00
|
|
|
switch (port->canAcceptConnections)
|
2001-08-30 21:02:42 +02:00
|
|
|
{
|
|
|
|
|
case CAC_STARTUP:
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(FATAL,
|
|
|
|
|
(errcode(ERRCODE_CANNOT_CONNECT_NOW),
|
|
|
|
|
errmsg("the database system is starting up")));
|
2001-08-30 21:02:42 +02:00
|
|
|
break;
|
|
|
|
|
case CAC_SHUTDOWN:
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(FATAL,
|
|
|
|
|
(errcode(ERRCODE_CANNOT_CONNECT_NOW),
|
|
|
|
|
errmsg("the database system is shutting down")));
|
2001-08-30 21:02:42 +02:00
|
|
|
break;
|
|
|
|
|
case CAC_RECOVERY:
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(FATAL,
|
|
|
|
|
(errcode(ERRCODE_CANNOT_CONNECT_NOW),
|
|
|
|
|
errmsg("the database system is in recovery mode")));
|
2001-08-30 21:02:42 +02:00
|
|
|
break;
|
|
|
|
|
case CAC_TOOMANY:
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(FATAL,
|
|
|
|
|
(errcode(ERRCODE_TOO_MANY_CONNECTIONS),
|
|
|
|
|
errmsg("sorry, too many clients already")));
|
2001-08-30 21:02:42 +02:00
|
|
|
break;
|
|
|
|
|
case CAC_OK:
|
|
|
|
|
default:
|
2002-05-29 01:56:51 +02:00
|
|
|
break;
|
2001-08-30 21:02:42 +02:00
|
|
|
}
|
2000-11-29 21:59:54 +01:00
|
|
|
|
2001-06-20 20:07:56 +02:00
|
|
|
return STATUS_OK;
|
1998-07-09 05:29:11 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-20 20:07:56 +02:00
|
|
|
|
1998-07-09 05:29:11 +02:00
|
|
|
/*
|
|
|
|
|
* The client has sent a cancel request packet, not a normal
|
2001-06-20 20:07:56 +02:00
|
|
|
* start-a-new-connection packet. Perform the necessary processing.
|
|
|
|
|
* Nothing is sent back to the client.
|
1998-07-09 05:29:11 +02:00
|
|
|
*/
|
2001-06-20 20:07:56 +02:00
|
|
|
static void
|
|
|
|
|
processCancelRequest(Port *port, void *pkt)
|
1998-07-09 05:29:11 +02:00
|
|
|
{
|
1998-09-01 06:40:42 +02:00
|
|
|
CancelRequestPacket *canc = (CancelRequestPacket *) pkt;
|
1998-07-09 05:29:11 +02:00
|
|
|
int backendPID;
|
|
|
|
|
long cancelAuthCode;
|
2004-01-26 23:54:58 +01:00
|
|
|
Backend *bp;
|
2004-01-26 23:59:54 +01:00
|
|
|
#ifndef EXEC_BACKEND
|
|
|
|
|
Dlelem *curr;
|
|
|
|
|
#else
|
2004-05-27 17:07:41 +02:00
|
|
|
int i;
|
2004-01-26 23:59:54 +01:00
|
|
|
#endif
|
1998-07-09 05:29:11 +02:00
|
|
|
|
|
|
|
|
backendPID = (int) ntohl(canc->backendPID);
|
|
|
|
|
cancelAuthCode = (long) ntohl(canc->cancelAuthCode);
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/*
|
|
|
|
|
* See if we have a matching backend. In the EXEC_BACKEND case, we
|
|
|
|
|
* can no longer access the postmaster's own backend list, and must
|
2004-05-30 00:48:23 +02:00
|
|
|
* rely on the duplicate array in shared memory.
|
2004-05-28 07:13:32 +02:00
|
|
|
*/
|
2004-01-26 23:59:54 +01:00
|
|
|
#ifndef EXEC_BACKEND
|
1998-07-09 05:29:11 +02:00
|
|
|
for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
|
|
|
|
|
{
|
|
|
|
|
bp = (Backend *) DLE_VAL(curr);
|
2004-01-26 23:59:54 +01:00
|
|
|
#else
|
|
|
|
|
for (i = 0; i < NUM_BACKENDARRAY_ELEMS; i++)
|
|
|
|
|
{
|
2004-05-27 17:07:41 +02:00
|
|
|
bp = (Backend *) &ShmemBackendArray[i];
|
2004-01-26 23:59:54 +01:00
|
|
|
#endif
|
1998-07-09 05:29:11 +02:00
|
|
|
if (bp->pid == backendPID)
|
|
|
|
|
{
|
|
|
|
|
if (bp->cancel_key == cancelAuthCode)
|
|
|
|
|
{
|
|
|
|
|
/* Found a match; signal that backend to cancel current op */
|
2003-08-12 20:23:21 +02:00
|
|
|
ereport(DEBUG2,
|
|
|
|
|
(errmsg_internal("processing cancel request: sending SIGINT to process %d",
|
|
|
|
|
backendPID)));
|
2004-02-08 23:28:57 +01:00
|
|
|
kill(bp->pid, SIGINT);
|
1998-07-09 05:29:11 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
/* Right PID, wrong key: no way, Jose */
|
2003-08-12 20:23:21 +02:00
|
|
|
ereport(DEBUG2,
|
|
|
|
|
(errmsg_internal("bad key in cancel request for process %d",
|
|
|
|
|
backendPID)));
|
2001-06-20 20:07:56 +02:00
|
|
|
return;
|
1998-07-09 05:29:11 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* No matching backend */
|
2003-08-12 20:23:21 +02:00
|
|
|
ereport(DEBUG2,
|
|
|
|
|
(errmsg_internal("bad pid in cancel request for process %d",
|
|
|
|
|
backendPID)));
|
1996-10-12 09:48:49 +02:00
|
|
|
}
|
|
|
|
|
|
2000-11-29 21:59:54 +01:00
|
|
|
/*
|
|
|
|
|
* canAcceptConnections --- check to see if database state allows connections.
|
|
|
|
|
*/
|
2001-08-30 21:02:42 +02:00
|
|
|
static enum CAC_state
|
2000-11-29 21:59:54 +01:00
|
|
|
canAcceptConnections(void)
|
|
|
|
|
{
|
|
|
|
|
/* Can't start backends when in startup/shutdown/recovery state. */
|
|
|
|
|
if (Shutdown > NoShutdown)
|
2001-08-30 21:02:42 +02:00
|
|
|
return CAC_SHUTDOWN;
|
2000-11-29 21:59:54 +01:00
|
|
|
if (StartupPID)
|
2001-08-30 21:02:42 +02:00
|
|
|
return CAC_STARTUP;
|
2000-11-29 21:59:54 +01:00
|
|
|
if (FatalError)
|
2001-08-30 21:02:42 +02:00
|
|
|
return CAC_RECOVERY;
|
2001-10-25 07:50:21 +02:00
|
|
|
|
2001-06-17 00:58:17 +02:00
|
|
|
/*
|
|
|
|
|
* Don't start too many children.
|
|
|
|
|
*
|
2001-10-25 07:50:21 +02:00
|
|
|
* We allow more connections than we can have backends here because some
|
|
|
|
|
* might still be authenticating; they might fail auth, or some
|
|
|
|
|
* existing backend might exit before the auth cycle is completed. The
|
|
|
|
|
* exact MaxBackends limit is enforced when a new backend tries to
|
|
|
|
|
* join the shared-inval backend array.
|
2001-06-17 00:58:17 +02:00
|
|
|
*/
|
|
|
|
|
if (CountChildren() >= 2 * MaxBackends)
|
2001-08-30 21:02:42 +02:00
|
|
|
return CAC_TOOMANY;
|
2000-11-29 21:59:54 +01:00
|
|
|
|
2001-08-30 21:02:42 +02:00
|
|
|
return CAC_OK;
|
2000-11-29 21:59:54 +01:00
|
|
|
}
|
1996-10-12 09:48:49 +02:00
|
|
|
|
2001-06-20 20:07:56 +02:00
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
/*
|
|
|
|
|
* ConnCreate -- create a local connection data structure
|
|
|
|
|
*/
|
1998-01-26 02:42:53 +01:00
|
|
|
static Port *
|
|
|
|
|
ConnCreate(int serverFd)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1997-09-08 04:41:22 +02:00
|
|
|
Port *port;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
|
if (!(port = (Port *) calloc(1, sizeof(Port))))
|
|
|
|
|
{
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_OUT_OF_MEMORY),
|
|
|
|
|
errmsg("out of memory")));
|
1997-09-07 07:04:48 +02:00
|
|
|
ExitPostmaster(1);
|
|
|
|
|
}
|
|
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
if (StreamConnection(serverFd, port) != STATUS_OK)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
|
|
|
|
StreamClose(port->sock);
|
2000-05-26 03:38:08 +02:00
|
|
|
ConnFree(port);
|
1998-01-26 02:42:53 +01:00
|
|
|
port = NULL;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2001-09-21 22:31:49 +02:00
|
|
|
/*
|
|
|
|
|
* Precompute password salt values to use for this connection.
|
|
|
|
|
* It's slightly annoying to do this long in advance of knowing
|
|
|
|
|
* whether we'll need 'em or not, but we must do the random()
|
|
|
|
|
* calls before we fork, not after. Else the postmaster's random
|
|
|
|
|
* sequence won't get advanced, and all backends would end up
|
|
|
|
|
* using the same salt...
|
|
|
|
|
*/
|
2001-08-17 04:59:20 +02:00
|
|
|
RandomSalt(port->cryptSalt, port->md5Salt);
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
|
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
return port;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-20 20:07:56 +02:00
|
|
|
|
1999-09-27 05:13:16 +02:00
|
|
|
/*
|
2000-05-26 03:38:08 +02:00
|
|
|
* ConnFree -- free a local connection data structure
|
1999-09-27 05:13:16 +02:00
|
|
|
*/
|
2000-03-17 03:36:41 +01:00
|
|
|
static void
|
2000-04-12 19:17:23 +02:00
|
|
|
ConnFree(Port *conn)
|
1999-09-27 05:13:16 +02:00
|
|
|
{
|
|
|
|
|
#ifdef USE_SSL
|
UPDATED PATCH:
Attached are a revised set of SSL patches. Many of these patches
are motivated by security concerns, it's not just bug fixes. The key
differences (from stock 7.2.1) are:
*) almost all code that directly uses the OpenSSL library is in two
new files,
src/interfaces/libpq/fe-ssl.c
src/backend/postmaster/be-ssl.c
in the long run, it would be nice to merge these two files.
*) the legacy code to read and write network data have been
encapsulated into read_SSL() and write_SSL(). These functions
should probably be renamed - they handle both SSL and non-SSL
cases.
the remaining code should eliminate the problems identified
earlier, albeit not very cleanly.
*) both front- and back-ends will send a SSL shutdown via the
new close_SSL() function. This is necessary for sessions to
work properly.
(Sessions are not yet fully supported, but by cleanly closing
the SSL connection instead of just sending a TCP FIN packet
other SSL tools will be much happier.)
*) The client certificate and key are now expected in a subdirectory
of the user's home directory. Specifically,
- the directory .postgresql must be owned by the user, and
allow no access by 'group' or 'other.'
- the file .postgresql/postgresql.crt must be a regular file
owned by the user.
- the file .postgresql/postgresql.key must be a regular file
owned by the user, and allow no access by 'group' or 'other'.
At the current time encrypted private keys are not supported.
There should also be a way to support multiple client certs/keys.
*) the front-end performs minimal validation of the back-end cert.
Self-signed certs are permitted, but the common name *must*
match the hostname used by the front-end. (The cert itself
should always use a fully qualified domain name (FDQN) in its
common name field.)
This means that
psql -h eris db
will fail, but
psql -h eris.example.com db
will succeed. At the current time this must be an exact match;
future patches may support any FQDN that resolves to the address
returned by getpeername(2).
Another common "problem" is expiring certs. For now, it may be
a good idea to use a very-long-lived self-signed cert.
As a compile-time option, the front-end can specify a file
containing valid root certificates, but it is not yet required.
*) the back-end performs minimal validation of the client cert.
It allows self-signed certs. It checks for expiration. It
supports a compile-time option specifying a file containing
valid root certificates.
*) both front- and back-ends default to TLSv1, not SSLv3/SSLv2.
*) both front- and back-ends support DSA keys. DSA keys are
moderately more expensive on startup, but many people consider
them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.)
*) if /dev/urandom exists, both client and server will read 16k
of randomization data from it.
*) the server can read empheral DH parameters from the files
$DataDir/dh512.pem
$DataDir/dh1024.pem
$DataDir/dh2048.pem
$DataDir/dh4096.pem
if none are provided, the server will default to hardcoded
parameter files provided by the OpenSSL project.
Remaining tasks:
*) the select() clauses need to be revisited - the SSL abstraction
layer may need to absorb more of the current code to avoid rare
deadlock conditions. This also touches on a true solution to
the pg_eof() problem.
*) the SIGPIPE signal handler may need to be revisited.
*) support encrypted private keys.
*) sessions are not yet fully supported. (SSL sessions can span
multiple "connections," and allow the client and server to avoid
costly renegotiations.)
*) makecert - a script that creates back-end certs.
*) pgkeygen - a tool that creates front-end certs.
*) the whole protocol issue, SASL, etc.
*) certs are fully validated - valid root certs must be available.
This is a hassle, but it means that you *can* trust the identity
of the server.
*) the client library can handle hardcoded root certificates, to
avoid the need to copy these files.
*) host name of server cert must resolve to IP address, or be a
recognized alias. This is more liberal than the previous
iteration.
*) the number of bytes transferred is tracked, and the session
key is periodically renegotiated.
*) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The
configuration files have reasonable defaults for each type
of use.
Bear Giles
2002-06-14 06:23:17 +02:00
|
|
|
secure_close(conn);
|
1999-09-27 05:13:16 +02:00
|
|
|
#endif
|
|
|
|
|
free(conn);
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-20 20:07:56 +02:00
|
|
|
|
2001-02-08 01:35:10 +01:00
|
|
|
/*
|
|
|
|
|
* ClosePostmasterPorts -- close all the postmaster's open sockets
|
|
|
|
|
*
|
|
|
|
|
* This is called during child process startup to release file descriptors
|
2001-06-21 18:43:24 +02:00
|
|
|
* that are not needed by that child process. The postmaster still has
|
|
|
|
|
* them open, of course.
|
2001-02-08 01:35:10 +01:00
|
|
|
*/
|
2001-08-05 04:06:50 +02:00
|
|
|
void
|
2004-05-30 00:48:23 +02:00
|
|
|
ClosePostmasterPorts(void)
|
2001-02-08 01:35:10 +01:00
|
|
|
{
|
2003-08-04 02:43:34 +02:00
|
|
|
int i;
|
2003-06-12 09:36:51 +02:00
|
|
|
|
2001-02-08 01:35:10 +01:00
|
|
|
/* Close the listen sockets */
|
2003-06-12 09:36:51 +02:00
|
|
|
for (i = 0; i < MAXLISTEN; i++)
|
|
|
|
|
{
|
|
|
|
|
if (ListenSocket[i] != -1)
|
|
|
|
|
{
|
|
|
|
|
StreamClose(ListenSocket[i]);
|
|
|
|
|
ListenSocket[i] = -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
2001-02-08 01:35:10 +01:00
|
|
|
}
|
|
|
|
|
|
UUNET is looking into offering PostgreSQL as a part of a managed web
hosting product, on both shared and dedicated machines. We currently
offer Oracle and MySQL, and it would be a nice middle-ground.
However, as shipped, PostgreSQL lacks the following features we need
that MySQL has:
1. The ability to listen only on a particular IP address. Each
hosting customer has their own IP address, on which all of their
servers (http, ftp, real media, etc.) run.
2. The ability to place the Unix-domain socket in a mode 700 directory.
This allows us to automatically create an empty database, with an
empty DBA password, for new or upgrading customers without having
to interactively set a DBA password and communicate it to (or from)
the customer. This in turn cuts down our install and upgrade times.
3. The ability to connect to the Unix-domain socket from within a
change-rooted environment. We run CGI programs chrooted to the
user's home directory, which is another reason why we need to be
able to specify where the Unix-domain socket is, instead of /tmp.
4. The ability to, if run as root, open a pid file in /var/run as
root, and then setuid to the desired user. (mysqld -u can almost
do this; I had to patch it, too).
The patch below fixes problem 1-3. I plan to address #4, also, but
haven't done so yet. These diffs are big enough that they should give
the PG development team something to think about in the meantime :-)
Also, I'm about to leave for 2 weeks' vacation, so I thought I'd get
out what I have, which works (for the problems it tackles), now.
With these changes, we can set up and run PostgreSQL with scripts the
same way we can with apache or proftpd or mysql.
In summary, this patch makes the following enhancements:
1. Adds an environment variable PGUNIXSOCKET, analogous to MYSQL_UNIX_PORT,
and command line options -k --unix-socket to the relevant programs.
2. Adds a -h option to postmaster to set the hostname or IP address to
listen on instead of the default INADDR_ANY.
3. Extends some library interfaces to support the above.
4. Fixes a few memory leaks in PQconnectdb().
The default behavior is unchanged from stock 7.0.2; if you don't use
any of these new features, they don't change the operation.
David J. MacKenzie
2000-11-13 16:18:15 +01:00
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
/*
|
|
|
|
|
* reset_shared -- reset shared memory and semaphores
|
|
|
|
|
*/
|
|
|
|
|
static void
|
UUNET is looking into offering PostgreSQL as a part of a managed web
hosting product, on both shared and dedicated machines. We currently
offer Oracle and MySQL, and it would be a nice middle-ground.
However, as shipped, PostgreSQL lacks the following features we need
that MySQL has:
1. The ability to listen only on a particular IP address. Each
hosting customer has their own IP address, on which all of their
servers (http, ftp, real media, etc.) run.
2. The ability to place the Unix-domain socket in a mode 700 directory.
This allows us to automatically create an empty database, with an
empty DBA password, for new or upgrading customers without having
to interactively set a DBA password and communicate it to (or from)
the customer. This in turn cuts down our install and upgrade times.
3. The ability to connect to the Unix-domain socket from within a
change-rooted environment. We run CGI programs chrooted to the
user's home directory, which is another reason why we need to be
able to specify where the Unix-domain socket is, instead of /tmp.
4. The ability to, if run as root, open a pid file in /var/run as
root, and then setuid to the desired user. (mysqld -u can almost
do this; I had to patch it, too).
The patch below fixes problem 1-3. I plan to address #4, also, but
haven't done so yet. These diffs are big enough that they should give
the PG development team something to think about in the meantime :-)
Also, I'm about to leave for 2 weeks' vacation, so I thought I'd get
out what I have, which works (for the problems it tackles), now.
With these changes, we can set up and run PostgreSQL with scripts the
same way we can with apache or proftpd or mysql.
In summary, this patch makes the following enhancements:
1. Adds an environment variable PGUNIXSOCKET, analogous to MYSQL_UNIX_PORT,
and command line options -k --unix-socket to the relevant programs.
2. Adds a -h option to postmaster to set the hostname or IP address to
listen on instead of the default INADDR_ANY.
3. Extends some library interfaces to support the above.
4. Fixes a few memory leaks in PQconnectdb().
The default behavior is unchanged from stock 7.0.2; if you don't use
any of these new features, they don't change the operation.
David J. MacKenzie
2000-11-13 16:18:15 +01:00
|
|
|
reset_shared(unsigned short port)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2000-11-29 00:27:57 +01:00
|
|
|
/*
|
|
|
|
|
* Create or re-create shared memory and semaphores.
|
2002-05-05 02:03:29 +02:00
|
|
|
*
|
|
|
|
|
* Note: in each "cycle of life" we will normally assign the same IPC
|
|
|
|
|
* keys (if using SysV shmem and/or semas), since the port number is
|
2002-09-04 22:31:48 +02:00
|
|
|
* used to determine IPC keys. This helps ensure that we will clean
|
|
|
|
|
* up dead IPC objects if the postmaster crashes and is restarted.
|
2000-11-29 00:27:57 +01:00
|
|
|
*/
|
2002-05-05 02:03:29 +02:00
|
|
|
CreateSharedMemoryAndSemaphores(false, MaxBackends, port);
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2000-05-31 02:28:42 +02:00
|
|
|
|
|
|
|
|
/*
|
2001-11-04 21:12:57 +01:00
|
|
|
* SIGHUP -- reread config files, and tell children to do same
|
2000-05-31 02:28:42 +02:00
|
|
|
*/
|
|
|
|
|
static void
|
2000-08-29 11:36:51 +02:00
|
|
|
SIGHUP_handler(SIGNAL_ARGS)
|
2000-05-31 02:28:42 +02:00
|
|
|
{
|
2000-12-18 18:33:42 +01:00
|
|
|
int save_errno = errno;
|
|
|
|
|
|
2001-06-14 21:59:24 +02:00
|
|
|
PG_SETMASK(&BlockSig);
|
|
|
|
|
|
|
|
|
|
if (Shutdown <= SmartShutdown)
|
|
|
|
|
{
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
2003-08-04 02:43:34 +02:00
|
|
|
(errmsg("received SIGHUP, reloading configuration files")));
|
2001-11-04 20:55:31 +01:00
|
|
|
ProcessConfigFile(PGC_SIGHUP);
|
2003-05-08 22:43:07 +02:00
|
|
|
SignalChildren(SIGHUP);
|
2004-05-30 00:48:23 +02:00
|
|
|
if (BgWriterPID != 0)
|
|
|
|
|
kill(BgWriterPID, SIGHUP);
|
2004-07-19 04:47:16 +02:00
|
|
|
if (PgArchPID != 0)
|
|
|
|
|
kill(PgArchPID, SIGHUP);
|
2004-06-14 20:08:19 +02:00
|
|
|
/* PgStatPID does not currently need SIGHUP */
|
2002-04-04 06:25:54 +02:00
|
|
|
load_hba();
|
|
|
|
|
load_ident();
|
2003-11-19 16:55:08 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
#ifdef EXEC_BACKEND
|
|
|
|
|
/* Update the starting-point file for future children */
|
|
|
|
|
write_nondefault_variables(PGC_SIGHUP);
|
|
|
|
|
#endif
|
2001-06-14 21:59:24 +02:00
|
|
|
}
|
|
|
|
|
|
2001-11-04 20:55:31 +01:00
|
|
|
PG_SETMASK(&UnBlockSig);
|
|
|
|
|
|
2000-12-18 18:33:42 +01:00
|
|
|
errno = save_errno;
|
2000-05-31 02:28:42 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
/*
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
* pmdie -- signal handler for processing various postmaster signals.
|
1996-07-09 08:22:35 +02:00
|
|
|
*/
|
|
|
|
|
static void
|
2000-08-29 11:36:51 +02:00
|
|
|
pmdie(SIGNAL_ARGS)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2000-12-18 18:33:42 +01:00
|
|
|
int save_errno = errno;
|
|
|
|
|
|
1999-10-06 23:58:18 +02:00
|
|
|
PG_SETMASK(&BlockSig);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2003-08-12 20:23:21 +02:00
|
|
|
ereport(DEBUG2,
|
|
|
|
|
(errmsg_internal("postmaster received signal %d",
|
|
|
|
|
postgres_signal_arg)));
|
1998-08-25 23:34:10 +02:00
|
|
|
|
2000-08-29 11:36:51 +02:00
|
|
|
switch (postgres_signal_arg)
|
1998-09-01 06:40:42 +02:00
|
|
|
{
|
1998-08-25 23:34:10 +02:00
|
|
|
case SIGTERM:
|
1999-10-06 23:58:18 +02:00
|
|
|
/*
|
|
|
|
|
* Smart Shutdown:
|
|
|
|
|
*
|
2004-05-30 00:48:23 +02:00
|
|
|
* Wait for children to end their work, then shut down.
|
1999-10-06 23:58:18 +02:00
|
|
|
*/
|
|
|
|
|
if (Shutdown >= SmartShutdown)
|
2001-11-04 20:55:31 +01:00
|
|
|
break;
|
1999-10-06 23:58:18 +02:00
|
|
|
Shutdown = SmartShutdown;
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errmsg("received smart shutdown request")));
|
2004-02-11 23:25:02 +01:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
if (DLGetHead(BackendList))
|
|
|
|
|
break; /* let reaper() handle this */
|
2000-04-12 19:17:23 +02:00
|
|
|
|
1999-10-06 23:58:18 +02:00
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* No children left. Begin shutdown of data base system.
|
1999-10-06 23:58:18 +02:00
|
|
|
*/
|
2004-05-30 00:48:23 +02:00
|
|
|
if (StartupPID != 0 || FatalError)
|
|
|
|
|
break; /* let reaper() handle this */
|
|
|
|
|
/* Start the bgwriter if not running */
|
|
|
|
|
if (BgWriterPID == 0)
|
|
|
|
|
BgWriterPID = StartBackgroundWriter();
|
|
|
|
|
/* And tell it to shut down */
|
|
|
|
|
if (BgWriterPID != 0)
|
|
|
|
|
kill(BgWriterPID, SIGUSR2);
|
2004-07-19 04:47:16 +02:00
|
|
|
/* Tell pgarch to shut down too; nothing left for it to do */
|
|
|
|
|
if (PgArchPID != 0)
|
|
|
|
|
kill(PgArchPID, SIGQUIT);
|
2004-06-14 20:08:19 +02:00
|
|
|
/* Tell pgstat to shut down too; nothing left for it to do */
|
|
|
|
|
if (PgStatPID != 0)
|
|
|
|
|
kill(PgStatPID, SIGQUIT);
|
2001-11-04 20:55:31 +01:00
|
|
|
break;
|
1999-10-06 23:58:18 +02:00
|
|
|
|
|
|
|
|
case SIGINT:
|
|
|
|
|
/*
|
|
|
|
|
* Fast Shutdown:
|
2000-04-12 19:17:23 +02:00
|
|
|
*
|
2004-02-11 23:25:02 +01:00
|
|
|
* Abort all children with SIGTERM (rollback active transactions
|
2004-05-30 00:48:23 +02:00
|
|
|
* and exit) and shut down when they are gone.
|
1999-10-06 23:58:18 +02:00
|
|
|
*/
|
|
|
|
|
if (Shutdown >= FastShutdown)
|
2001-11-04 20:55:31 +01:00
|
|
|
break;
|
2004-02-11 23:25:02 +01:00
|
|
|
Shutdown = FastShutdown;
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errmsg("received fast shutdown request")));
|
2004-02-11 23:25:02 +01:00
|
|
|
|
|
|
|
|
if (DLGetHead(BackendList))
|
1998-09-01 06:40:42 +02:00
|
|
|
{
|
1999-10-06 23:58:18 +02:00
|
|
|
if (!FatalError)
|
1999-10-08 04:16:22 +02:00
|
|
|
{
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errmsg("aborting any active transactions")));
|
1999-10-06 23:58:18 +02:00
|
|
|
SignalChildren(SIGTERM);
|
2004-02-11 23:25:02 +01:00
|
|
|
/* reaper() does the rest */
|
1999-10-08 04:16:22 +02:00
|
|
|
}
|
2001-11-04 20:55:31 +01:00
|
|
|
break;
|
1998-08-25 23:34:10 +02:00
|
|
|
}
|
2000-04-12 19:17:23 +02:00
|
|
|
|
1999-10-06 23:58:18 +02:00
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* No children left. Begin shutdown of data base system.
|
2004-02-11 23:25:02 +01:00
|
|
|
*
|
2004-05-30 00:48:23 +02:00
|
|
|
* Note: if we previously got SIGTERM then we may send SIGUSR2
|
|
|
|
|
* to the bgwriter a second time here. This should be harmless.
|
1999-10-06 23:58:18 +02:00
|
|
|
*/
|
2004-05-30 00:48:23 +02:00
|
|
|
if (StartupPID != 0 || FatalError)
|
|
|
|
|
break; /* let reaper() handle this */
|
|
|
|
|
/* Start the bgwriter if not running */
|
|
|
|
|
if (BgWriterPID == 0)
|
|
|
|
|
BgWriterPID = StartBackgroundWriter();
|
|
|
|
|
/* And tell it to shut down */
|
|
|
|
|
if (BgWriterPID != 0)
|
|
|
|
|
kill(BgWriterPID, SIGUSR2);
|
2004-07-19 04:47:16 +02:00
|
|
|
/* Tell pgarch to shut down too; nothing left for it to do */
|
|
|
|
|
if (PgArchPID != 0)
|
|
|
|
|
kill(PgArchPID, SIGQUIT);
|
2004-06-14 20:08:19 +02:00
|
|
|
/* Tell pgstat to shut down too; nothing left for it to do */
|
|
|
|
|
if (PgStatPID != 0)
|
|
|
|
|
kill(PgStatPID, SIGQUIT);
|
2001-11-04 20:55:31 +01:00
|
|
|
break;
|
1999-10-06 23:58:18 +02:00
|
|
|
|
|
|
|
|
case SIGQUIT:
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
1999-10-06 23:58:18 +02:00
|
|
|
* Immediate Shutdown:
|
2000-04-12 19:17:23 +02:00
|
|
|
*
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
* abort all children with SIGQUIT and exit without attempt to
|
2004-05-30 00:48:23 +02:00
|
|
|
* properly shut down data base system.
|
1999-10-06 23:58:18 +02:00
|
|
|
*/
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errmsg("received immediate shutdown request")));
|
2004-05-30 00:48:23 +02:00
|
|
|
if (StartupPID != 0)
|
2004-02-08 23:28:57 +01:00
|
|
|
kill(StartupPID, SIGQUIT);
|
2004-05-30 00:48:23 +02:00
|
|
|
if (BgWriterPID != 0)
|
|
|
|
|
kill(BgWriterPID, SIGQUIT);
|
2004-07-19 04:47:16 +02:00
|
|
|
if (PgArchPID != 0)
|
|
|
|
|
kill(PgArchPID, SIGQUIT);
|
2004-06-14 20:08:19 +02:00
|
|
|
if (PgStatPID != 0)
|
|
|
|
|
kill(PgStatPID, SIGQUIT);
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
if (DLGetHead(BackendList))
|
|
|
|
|
SignalChildren(SIGQUIT);
|
2001-11-04 20:55:31 +01:00
|
|
|
ExitPostmaster(0);
|
1999-10-06 23:58:18 +02:00
|
|
|
break;
|
1998-08-25 23:34:10 +02:00
|
|
|
}
|
|
|
|
|
|
2001-11-04 20:55:31 +01:00
|
|
|
PG_SETMASK(&UnBlockSig);
|
|
|
|
|
|
|
|
|
|
errno = save_errno;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Reaper -- signal handler to cleanup after a backend (child) dies.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
2000-08-29 11:36:51 +02:00
|
|
|
reaper(SIGNAL_ARGS)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2000-12-18 18:33:42 +01:00
|
|
|
int save_errno = errno;
|
2001-11-05 18:46:40 +01:00
|
|
|
|
1997-02-13 09:32:20 +01:00
|
|
|
#ifdef HAVE_WAITPID
|
1997-09-08 04:41:22 +02:00
|
|
|
int status; /* backend exit status */
|
2004-05-27 17:07:41 +02:00
|
|
|
|
1997-02-13 09:32:20 +01:00
|
|
|
#else
|
2004-01-26 23:59:54 +01:00
|
|
|
#ifndef WIN32
|
1999-10-06 23:58:18 +02:00
|
|
|
union wait status; /* backend exit status */
|
2004-01-26 23:59:54 +01:00
|
|
|
#endif
|
1997-02-13 09:32:20 +01:00
|
|
|
#endif
|
1999-10-06 23:58:18 +02:00
|
|
|
int exitstatus;
|
1997-09-08 04:41:22 +02:00
|
|
|
int pid; /* process id of dead backend */
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1999-10-06 23:58:18 +02:00
|
|
|
PG_SETMASK(&BlockSig);
|
|
|
|
|
|
2003-08-12 20:23:21 +02:00
|
|
|
ereport(DEBUG4,
|
|
|
|
|
(errmsg_internal("reaping dead processes")));
|
1997-02-13 09:32:20 +01:00
|
|
|
#ifdef HAVE_WAITPID
|
1997-09-07 07:04:48 +02:00
|
|
|
while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
|
|
|
|
|
{
|
1999-10-06 23:58:18 +02:00
|
|
|
exitstatus = status;
|
1997-02-13 09:32:20 +01:00
|
|
|
#else
|
2004-01-26 23:59:54 +01:00
|
|
|
#ifndef WIN32
|
1999-10-06 23:58:18 +02:00
|
|
|
while ((pid = wait3(&status, WNOHANG, NULL)) > 0)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
1999-10-06 23:58:18 +02:00
|
|
|
exitstatus = status.w_status;
|
2004-01-26 23:59:54 +01:00
|
|
|
#else
|
|
|
|
|
while ((pid = win32_waitpid(&exitstatus)) > 0)
|
|
|
|
|
{
|
|
|
|
|
/*
|
2004-08-04 22:09:47 +02:00
|
|
|
* We need to do this here, and not in CleanupBackend, since this is
|
2004-05-27 17:07:41 +02:00
|
|
|
* to be called on all children when we are done with them. Could
|
|
|
|
|
* move to LogChildExit, but that seems like asking for future
|
|
|
|
|
* trouble...
|
2004-01-26 23:59:54 +01:00
|
|
|
*/
|
|
|
|
|
win32_RemoveChild(pid);
|
2004-05-27 19:12:57 +02:00
|
|
|
#endif /* WIN32 */
|
|
|
|
|
#endif /* HAVE_WAITPID */
|
2001-10-25 07:50:21 +02:00
|
|
|
|
2001-11-06 19:02:48 +01:00
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* Check if this child was a startup process.
|
2001-11-06 19:02:48 +01:00
|
|
|
*/
|
2004-05-30 00:48:23 +02:00
|
|
|
if (StartupPID != 0 && pid == StartupPID)
|
1999-10-06 23:58:18 +02:00
|
|
|
{
|
2004-05-30 00:48:23 +02:00
|
|
|
StartupPID = 0;
|
2001-11-06 19:02:48 +01:00
|
|
|
if (exitstatus != 0)
|
1999-10-08 04:16:22 +02:00
|
|
|
{
|
2002-03-04 02:46:04 +01:00
|
|
|
LogChildExit(LOG, gettext("startup process"),
|
2001-11-11 00:06:12 +01:00
|
|
|
pid, exitstatus);
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errmsg("aborting startup due to startup process failure")));
|
2000-11-29 21:59:54 +01:00
|
|
|
ExitPostmaster(1);
|
1999-10-08 04:16:22 +02:00
|
|
|
}
|
2003-02-23 05:48:19 +01:00
|
|
|
|
|
|
|
|
/*
|
2004-05-27 19:12:57 +02:00
|
|
|
* Startup succeeded - we are done with system startup or recovery.
|
2003-02-23 05:48:19 +01:00
|
|
|
*/
|
2004-05-27 19:12:57 +02:00
|
|
|
FatalError = false;
|
2003-02-23 05:48:19 +01:00
|
|
|
|
|
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* Crank up the background writer. It doesn't matter if this
|
|
|
|
|
* fails, we'll just try again later.
|
2003-02-23 05:48:19 +01:00
|
|
|
*/
|
2004-05-30 00:48:23 +02:00
|
|
|
Assert(BgWriterPID == 0);
|
|
|
|
|
BgWriterPID = StartBackgroundWriter();
|
2003-02-23 05:48:19 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Go to shutdown mode if a shutdown request was pending.
|
2004-07-19 04:47:16 +02:00
|
|
|
* Otherwise, try to start the archiver and stats collector too.
|
2003-02-23 05:48:19 +01:00
|
|
|
*/
|
2004-05-30 00:48:23 +02:00
|
|
|
if (Shutdown > NoShutdown && BgWriterPID != 0)
|
|
|
|
|
kill(BgWriterPID, SIGUSR2);
|
2004-07-19 04:47:16 +02:00
|
|
|
else if (Shutdown == NoShutdown) {
|
|
|
|
|
if (XLogArchivingActive() && PgArchPID == 0)
|
|
|
|
|
PgArchPID = pgarch_start();
|
|
|
|
|
if (PgStatPID == 0)
|
|
|
|
|
PgStatPID = pgstat_start();
|
|
|
|
|
}
|
2004-05-30 00:48:23 +02:00
|
|
|
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Was it the bgwriter?
|
|
|
|
|
*/
|
|
|
|
|
if (BgWriterPID != 0 && pid == BgWriterPID)
|
|
|
|
|
{
|
2004-06-14 20:08:19 +02:00
|
|
|
BgWriterPID = 0;
|
2004-05-30 00:48:23 +02:00
|
|
|
if (exitstatus == 0 && Shutdown > NoShutdown &&
|
|
|
|
|
!FatalError && !DLGetHead(BackendList))
|
1999-10-06 23:58:18 +02:00
|
|
|
{
|
2004-05-30 00:48:23 +02:00
|
|
|
/*
|
|
|
|
|
* Normal postmaster exit is here: we've seen normal
|
|
|
|
|
* exit of the bgwriter after it's been told to shut down.
|
|
|
|
|
* We expect that it wrote a shutdown checkpoint. (If
|
|
|
|
|
* for some reason it didn't, recovery will occur on next
|
|
|
|
|
* postmaster start.)
|
2004-07-27 03:46:03 +02:00
|
|
|
*
|
|
|
|
|
* Note: we do not wait around for exit of the archiver or
|
|
|
|
|
* stats processes. They've been sent SIGQUIT by this
|
|
|
|
|
* point, and in any case contain logic to commit hara-kiri
|
|
|
|
|
* if they notice the postmaster is gone.
|
2004-05-30 00:48:23 +02:00
|
|
|
*/
|
|
|
|
|
ExitPostmaster(0);
|
1999-10-06 23:58:18 +02:00
|
|
|
}
|
2004-05-30 00:48:23 +02:00
|
|
|
/*
|
|
|
|
|
* Any unexpected exit of the bgwriter is treated as a crash.
|
|
|
|
|
*/
|
2004-08-04 22:09:47 +02:00
|
|
|
HandleChildCrash(pid, exitstatus,
|
|
|
|
|
gettext("background writer process"));
|
2004-05-30 00:48:23 +02:00
|
|
|
continue;
|
1999-10-06 23:58:18 +02:00
|
|
|
}
|
2001-06-22 21:16:24 +02:00
|
|
|
|
2004-07-19 04:47:16 +02:00
|
|
|
/*
|
|
|
|
|
* Was it the archiver? If so, just try to start a new
|
|
|
|
|
* one; no need to force reset of the rest of the system. (If fail,
|
|
|
|
|
* we'll try again in future cycles of the main loop.)
|
|
|
|
|
*/
|
|
|
|
|
if (PgArchPID != 0 && pid == PgArchPID)
|
|
|
|
|
{
|
|
|
|
|
PgArchPID = 0;
|
|
|
|
|
if (exitstatus != 0)
|
|
|
|
|
LogChildExit(LOG, gettext("archiver process"),
|
|
|
|
|
pid, exitstatus);
|
|
|
|
|
if (XLogArchivingActive() &&
|
|
|
|
|
StartupPID == 0 && !FatalError && Shutdown == NoShutdown)
|
|
|
|
|
PgArchPID = pgarch_start();
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2004-06-14 20:08:19 +02:00
|
|
|
/*
|
|
|
|
|
* Was it the statistics collector? If so, just try to start a new
|
|
|
|
|
* one; no need to force reset of the rest of the system. (If fail,
|
|
|
|
|
* we'll try again in future cycles of the main loop.)
|
|
|
|
|
*/
|
|
|
|
|
if (PgStatPID != 0 && pid == PgStatPID)
|
|
|
|
|
{
|
|
|
|
|
PgStatPID = 0;
|
|
|
|
|
if (exitstatus != 0)
|
|
|
|
|
LogChildExit(LOG, gettext("statistics collector process"),
|
|
|
|
|
pid, exitstatus);
|
|
|
|
|
if (StartupPID == 0 && !FatalError && Shutdown == NoShutdown)
|
|
|
|
|
PgStatPID = pgstat_start();
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2003-05-10 20:15:42 +02:00
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* Else do standard backend child cleanup.
|
2003-05-10 20:15:42 +02:00
|
|
|
*/
|
2004-08-04 22:09:47 +02:00
|
|
|
CleanupBackend(pid, exitstatus);
|
2003-08-04 02:43:34 +02:00
|
|
|
} /* loop over pending child-death reports */
|
1999-10-06 23:58:18 +02:00
|
|
|
|
|
|
|
|
if (FatalError)
|
|
|
|
|
{
|
|
|
|
|
/*
|
2004-07-19 04:47:16 +02:00
|
|
|
* Wait for all important children to exit, then reset shmem and
|
|
|
|
|
* StartupDataBase. (We can ignore the archiver and stats processes
|
|
|
|
|
* here since they are not connected to shmem.)
|
1999-10-06 23:58:18 +02:00
|
|
|
*/
|
2004-07-21 22:34:50 +02:00
|
|
|
if (DLGetHead(BackendList) || StartupPID != 0 || BgWriterPID != 0)
|
2001-11-04 20:55:31 +01:00
|
|
|
goto reaper_done;
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
2003-08-04 02:43:34 +02:00
|
|
|
(errmsg("all server processes terminated; reinitializing")));
|
2000-11-29 21:59:54 +01:00
|
|
|
|
1999-10-06 23:58:18 +02:00
|
|
|
shmem_exit(0);
|
2000-11-14 02:15:06 +01:00
|
|
|
reset_shared(PostPortNumber);
|
2000-11-29 21:59:54 +01:00
|
|
|
|
1999-10-06 23:58:18 +02:00
|
|
|
StartupPID = StartupDataBase();
|
2001-11-04 20:55:31 +01:00
|
|
|
|
|
|
|
|
goto reaper_done;
|
1999-10-06 23:58:18 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (Shutdown > NoShutdown)
|
|
|
|
|
{
|
2004-05-30 00:48:23 +02:00
|
|
|
if (DLGetHead(BackendList) || StartupPID != 0)
|
2001-11-04 20:55:31 +01:00
|
|
|
goto reaper_done;
|
2004-05-30 00:48:23 +02:00
|
|
|
/* Start the bgwriter if not running */
|
|
|
|
|
if (BgWriterPID == 0)
|
|
|
|
|
BgWriterPID = StartBackgroundWriter();
|
|
|
|
|
/* And tell it to shut down */
|
|
|
|
|
if (BgWriterPID != 0)
|
|
|
|
|
kill(BgWriterPID, SIGUSR2);
|
2004-07-27 03:46:03 +02:00
|
|
|
/* Tell pgarch to shut down too; nothing left for it to do */
|
|
|
|
|
if (PgArchPID != 0)
|
|
|
|
|
kill(PgArchPID, SIGQUIT);
|
|
|
|
|
/* Tell pgstat to shut down too; nothing left for it to do */
|
|
|
|
|
if (PgStatPID != 0)
|
|
|
|
|
kill(PgStatPID, SIGQUIT);
|
1999-10-06 23:58:18 +02:00
|
|
|
}
|
|
|
|
|
|
2001-11-04 20:55:31 +01:00
|
|
|
reaper_done:
|
|
|
|
|
PG_SETMASK(&UnBlockSig);
|
|
|
|
|
|
2000-12-18 18:33:42 +01:00
|
|
|
errno = save_errno;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2004-03-24 05:04:51 +01:00
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
/*
|
2004-08-04 22:09:47 +02:00
|
|
|
* CleanupBackend -- cleanup after terminated backend.
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
* Remove all local state associated with backend.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
2004-08-04 22:09:47 +02:00
|
|
|
CleanupBackend(int pid,
|
|
|
|
|
int exitstatus) /* child's exit status. */
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2004-05-30 00:48:23 +02:00
|
|
|
Dlelem *curr;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
LogChildExit(DEBUG2, gettext("server process"), pid, exitstatus);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
|
/*
|
1998-09-01 06:40:42 +02:00
|
|
|
* If a backend dies in an ugly way (i.e. exit status not 0) then we
|
|
|
|
|
* must signal all other backends to quickdie. If exit status is zero
|
|
|
|
|
* we assume everything is hunky dory and simply remove the backend
|
|
|
|
|
* from the active backend list.
|
1997-09-07 07:04:48 +02:00
|
|
|
*/
|
2004-05-30 00:48:23 +02:00
|
|
|
if (exitstatus != 0)
|
|
|
|
|
{
|
2004-08-04 22:09:47 +02:00
|
|
|
HandleChildCrash(pid, exitstatus, gettext("server process"));
|
2004-05-30 00:48:23 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2004-05-30 00:48:23 +02:00
|
|
|
Backend *bp = (Backend *) DLE_VAL(curr);
|
|
|
|
|
|
|
|
|
|
if (bp->pid == pid)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2004-05-30 00:48:23 +02:00
|
|
|
DLRemove(curr);
|
|
|
|
|
free(bp);
|
|
|
|
|
DLFreeElem(curr);
|
2004-01-26 23:59:54 +01:00
|
|
|
#ifdef EXEC_BACKEND
|
2004-05-30 00:48:23 +02:00
|
|
|
ShmemBackendArrayRemove(pid);
|
2004-01-26 23:59:54 +01:00
|
|
|
#endif
|
2004-05-30 00:48:23 +02:00
|
|
|
/* Tell the collector about backend termination */
|
2001-06-22 21:16:24 +02:00
|
|
|
pgstat_beterm(pid);
|
2004-05-30 00:48:23 +02:00
|
|
|
break;
|
|
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
2004-05-30 00:48:23 +02:00
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
/*
|
|
|
|
|
* HandleChildCrash -- cleanup after failed backend or bgwriter.
|
|
|
|
|
*
|
|
|
|
|
* The objectives here are to clean up our local state about the child
|
|
|
|
|
* process, and to signal all other remaining children to quickdie.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
2004-08-04 22:09:47 +02:00
|
|
|
HandleChildCrash(int pid, int exitstatus, const char *procname)
|
2004-05-30 00:48:23 +02:00
|
|
|
{
|
|
|
|
|
Dlelem *curr,
|
|
|
|
|
*next;
|
|
|
|
|
Backend *bp;
|
2001-08-30 21:02:42 +02:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
/*
|
|
|
|
|
* Make log entry unless there was a previous crash (if so, nonzero
|
|
|
|
|
* exit status is to be expected in SIGQUIT response; don't clutter log)
|
|
|
|
|
*/
|
1999-10-08 04:16:22 +02:00
|
|
|
if (!FatalError)
|
|
|
|
|
{
|
2004-08-04 22:09:47 +02:00
|
|
|
LogChildExit(LOG, procname, pid, exitstatus);
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
2004-05-30 00:48:23 +02:00
|
|
|
(errmsg("terminating any other active server processes")));
|
1999-10-08 04:16:22 +02:00
|
|
|
}
|
2000-12-20 22:51:52 +01:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
/* Process regular backends */
|
|
|
|
|
for (curr = DLGetHead(BackendList); curr; curr = next)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
1999-10-06 23:58:18 +02:00
|
|
|
next = DLGetSucc(curr);
|
1997-09-07 07:04:48 +02:00
|
|
|
bp = (Backend *) DLE_VAL(curr);
|
2004-05-30 00:48:23 +02:00
|
|
|
if (bp->pid == pid)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Found entry for freshly-dead backend, so remove it.
|
|
|
|
|
*/
|
|
|
|
|
DLRemove(curr);
|
|
|
|
|
free(bp);
|
|
|
|
|
DLFreeElem(curr);
|
|
|
|
|
#ifdef EXEC_BACKEND
|
|
|
|
|
ShmemBackendArrayRemove(pid);
|
|
|
|
|
#endif
|
|
|
|
|
/* Tell the collector about backend termination */
|
|
|
|
|
pgstat_beterm(pid);
|
|
|
|
|
/* Keep looping so we can signal remaining backends */
|
|
|
|
|
}
|
|
|
|
|
else
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2000-12-20 22:51:52 +01:00
|
|
|
/*
|
|
|
|
|
* This backend is still alive. Unless we did so already,
|
|
|
|
|
* tell it to commit hara-kiri.
|
|
|
|
|
*
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
* SIGQUIT is the special signal that says exit without proc_exit
|
2001-03-22 05:01:46 +01:00
|
|
|
* and let the user know what's going on. But if SendStop is
|
|
|
|
|
* set (-s on command line), then we send SIGSTOP instead, so
|
|
|
|
|
* that we can get core dumps from all backends by hand.
|
2000-12-20 22:51:52 +01:00
|
|
|
*/
|
|
|
|
|
if (!FatalError)
|
|
|
|
|
{
|
2003-08-12 20:23:21 +02:00
|
|
|
ereport(DEBUG2,
|
|
|
|
|
(errmsg_internal("sending %s to process %d",
|
2004-05-27 17:07:41 +02:00
|
|
|
(SendStop ? "SIGSTOP" : "SIGQUIT"),
|
2003-08-12 20:23:21 +02:00
|
|
|
(int) bp->pid)));
|
2004-02-08 23:28:57 +01:00
|
|
|
kill(bp->pid, (SendStop ? SIGSTOP : SIGQUIT));
|
2000-12-20 22:51:52 +01:00
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
/* Take care of the bgwriter too */
|
|
|
|
|
if (pid == BgWriterPID)
|
2003-11-19 16:55:08 +01:00
|
|
|
BgWriterPID = 0;
|
2004-05-30 00:48:23 +02:00
|
|
|
else if (BgWriterPID != 0 && !FatalError)
|
2001-06-22 21:16:24 +02:00
|
|
|
{
|
2004-05-30 00:48:23 +02:00
|
|
|
ereport(DEBUG2,
|
|
|
|
|
(errmsg_internal("sending %s to process %d",
|
|
|
|
|
(SendStop ? "SIGSTOP" : "SIGQUIT"),
|
|
|
|
|
(int) BgWriterPID)));
|
|
|
|
|
kill(BgWriterPID, (SendStop ? SIGSTOP : SIGQUIT));
|
2001-06-22 21:16:24 +02:00
|
|
|
}
|
2000-12-20 22:51:52 +01:00
|
|
|
|
2004-07-19 04:47:16 +02:00
|
|
|
/* Force a power-cycle of the pgarch process too */
|
|
|
|
|
/* (Shouldn't be necessary, but just for luck) */
|
|
|
|
|
if (PgArchPID != 0 && !FatalError)
|
|
|
|
|
{
|
|
|
|
|
ereport(DEBUG2,
|
|
|
|
|
(errmsg_internal("sending %s to process %d",
|
|
|
|
|
"SIGQUIT",
|
|
|
|
|
(int) PgArchPID)));
|
|
|
|
|
kill(PgArchPID, SIGQUIT);
|
|
|
|
|
}
|
|
|
|
|
|
2004-06-14 20:08:19 +02:00
|
|
|
/* Force a power-cycle of the pgstat processes too */
|
|
|
|
|
/* (Shouldn't be necessary, but just for luck) */
|
|
|
|
|
if (PgStatPID != 0 && !FatalError)
|
|
|
|
|
{
|
|
|
|
|
ereport(DEBUG2,
|
|
|
|
|
(errmsg_internal("sending %s to process %d",
|
|
|
|
|
"SIGQUIT",
|
|
|
|
|
(int) PgStatPID)));
|
|
|
|
|
kill(PgStatPID, SIGQUIT);
|
|
|
|
|
}
|
|
|
|
|
|
2000-12-20 22:51:52 +01:00
|
|
|
FatalError = true;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2001-11-06 19:02:48 +01:00
|
|
|
/*
|
2001-11-11 00:06:12 +01:00
|
|
|
* Log the death of a child process.
|
2001-11-06 19:02:48 +01:00
|
|
|
*/
|
2001-11-11 00:06:12 +01:00
|
|
|
static void
|
2002-03-04 02:46:04 +01:00
|
|
|
LogChildExit(int lev, const char *procname, int pid, int exitstatus)
|
2001-11-06 19:02:48 +01:00
|
|
|
{
|
|
|
|
|
if (WIFEXITED(exitstatus))
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(lev,
|
2003-08-04 02:43:34 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* translator: %s is a noun phrase describing a child process,
|
|
|
|
|
* such as "server process"
|
|
|
|
|
*/
|
2003-09-25 08:58:07 +02:00
|
|
|
(errmsg("%s (PID %d) exited with exit code %d",
|
2003-07-22 21:00:12 +02:00
|
|
|
procname, pid, WEXITSTATUS(exitstatus))));
|
2001-11-06 19:02:48 +01:00
|
|
|
else if (WIFSIGNALED(exitstatus))
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(lev,
|
2003-08-04 02:43:34 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* translator: %s is a noun phrase describing a child process,
|
|
|
|
|
* such as "server process"
|
|
|
|
|
*/
|
2003-09-25 08:58:07 +02:00
|
|
|
(errmsg("%s (PID %d) was terminated by signal %d",
|
2003-07-22 21:00:12 +02:00
|
|
|
procname, pid, WTERMSIG(exitstatus))));
|
2001-11-06 19:02:48 +01:00
|
|
|
else
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(lev,
|
2003-08-04 02:43:34 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* translator: %s is a noun phrase describing a child process,
|
|
|
|
|
* such as "server process"
|
|
|
|
|
*/
|
2003-09-25 08:58:07 +02:00
|
|
|
(errmsg("%s (PID %d) exited with unexpected status %d",
|
2003-07-22 21:00:12 +02:00
|
|
|
procname, pid, exitstatus)));
|
2001-11-06 19:02:48 +01:00
|
|
|
}
|
|
|
|
|
|
1998-08-25 23:34:10 +02:00
|
|
|
/*
|
2004-06-14 20:08:19 +02:00
|
|
|
* Send a signal to all backend children (but NOT special children)
|
1998-08-25 23:34:10 +02:00
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
SignalChildren(int signal)
|
|
|
|
|
{
|
2004-05-30 00:48:23 +02:00
|
|
|
Dlelem *curr;
|
1998-08-25 23:34:10 +02:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
|
1998-08-25 23:34:10 +02:00
|
|
|
{
|
2004-05-30 00:48:23 +02:00
|
|
|
Backend *bp = (Backend *) DLE_VAL(curr);
|
1998-08-25 23:34:10 +02:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
ereport(DEBUG4,
|
|
|
|
|
(errmsg_internal("sending signal %d to process %d",
|
|
|
|
|
signal, (int) bp->pid)));
|
|
|
|
|
kill(bp->pid, signal);
|
1998-08-25 23:34:10 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
/*
|
|
|
|
|
* BackendStartup -- start backend process
|
|
|
|
|
*
|
2002-03-02 21:46:12 +01:00
|
|
|
* returns: STATUS_ERROR if the fork failed, STATUS_OK otherwise.
|
1996-07-09 08:22:35 +02:00
|
|
|
*/
|
1997-08-19 23:40:56 +02:00
|
|
|
static int
|
1998-01-26 02:42:53 +01:00
|
|
|
BackendStartup(Port *port)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1997-09-08 04:41:22 +02:00
|
|
|
Backend *bn; /* for backend cleanup */
|
2001-06-20 20:07:56 +02:00
|
|
|
pid_t pid;
|
2002-09-04 22:31:48 +02:00
|
|
|
|
2002-03-02 21:46:12 +01:00
|
|
|
#ifdef LINUX_PROFILE
|
|
|
|
|
struct itimerval prof_itimer;
|
|
|
|
|
#endif
|
1998-02-24 16:27:04 +01:00
|
|
|
|
1998-06-09 06:06:12 +02:00
|
|
|
/*
|
1998-09-01 06:40:42 +02:00
|
|
|
* Compute the cancel key that will be assigned to this backend. The
|
|
|
|
|
* backend will have its own copy in the forked-off process' value of
|
|
|
|
|
* MyCancelKey, so that it can transmit the key to the frontend.
|
1998-06-09 06:06:12 +02:00
|
|
|
*/
|
|
|
|
|
MyCancelKey = PostmasterRandom();
|
|
|
|
|
|
2001-10-21 05:25:36 +02:00
|
|
|
/*
|
2001-10-25 07:50:21 +02:00
|
|
|
* Make room for backend data structure. Better before the fork() so
|
|
|
|
|
* we can handle failure cleanly.
|
2001-10-21 05:25:36 +02:00
|
|
|
*/
|
|
|
|
|
bn = (Backend *) malloc(sizeof(Backend));
|
|
|
|
|
if (!bn)
|
|
|
|
|
{
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errcode(ERRCODE_OUT_OF_MEMORY),
|
|
|
|
|
errmsg("out of memory")));
|
2001-10-21 05:25:36 +02:00
|
|
|
return STATUS_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/* Pass down canAcceptConnections state (kluge for EXEC_BACKEND case) */
|
|
|
|
|
port->canAcceptConnections = canAcceptConnections();
|
|
|
|
|
|
1998-09-01 06:40:42 +02:00
|
|
|
/*
|
1999-05-25 18:15:34 +02:00
|
|
|
* Flush stdio channels just before fork, to avoid double-output
|
|
|
|
|
* problems. Ideally we'd use fflush(NULL) here, but there are still a
|
|
|
|
|
* few non-ANSI stdio libraries out there (like SunOS 4.1.x) that
|
|
|
|
|
* coredump if we do. Presently stdout and stderr are the only stdio
|
|
|
|
|
* output channels used by the postmaster, so fflush'ing them should
|
|
|
|
|
* be sufficient.
|
1998-06-09 06:06:12 +02:00
|
|
|
*/
|
1998-11-29 02:51:56 +01:00
|
|
|
fflush(stdout);
|
|
|
|
|
fflush(stderr);
|
1998-06-09 06:06:12 +02:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
#ifdef EXEC_BACKEND
|
|
|
|
|
|
|
|
|
|
pid = backend_forkexec(port);
|
|
|
|
|
|
|
|
|
|
#else /* !EXEC_BACKEND */
|
|
|
|
|
|
2002-03-02 21:46:12 +01:00
|
|
|
#ifdef LINUX_PROFILE
|
2002-09-04 22:31:48 +02:00
|
|
|
|
2002-03-02 21:46:12 +01:00
|
|
|
/*
|
2002-09-04 22:31:48 +02:00
|
|
|
* Linux's fork() resets the profiling timer in the child process. If
|
|
|
|
|
* we want to profile child processes then we need to save and restore
|
|
|
|
|
* the timer setting. This is a waste of time if not profiling,
|
|
|
|
|
* however, so only do it if commanded by specific -DLINUX_PROFILE
|
|
|
|
|
* switch.
|
2002-03-02 21:46:12 +01:00
|
|
|
*/
|
|
|
|
|
getitimer(ITIMER_PROF, &prof_itimer);
|
|
|
|
|
#endif
|
|
|
|
|
|
2000-10-28 20:27:57 +02:00
|
|
|
#ifdef __BEOS__
|
|
|
|
|
/* Specific beos actions before backend startup */
|
|
|
|
|
beos_before_backend_startup();
|
|
|
|
|
#endif
|
2000-11-12 21:51:52 +01:00
|
|
|
|
2001-06-20 20:07:56 +02:00
|
|
|
pid = fork();
|
|
|
|
|
|
|
|
|
|
if (pid == 0) /* child */
|
2003-05-28 21:36:28 +02:00
|
|
|
{
|
|
|
|
|
#ifdef LINUX_PROFILE
|
|
|
|
|
setitimer(ITIMER_PROF, &prof_itimer, NULL);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef __BEOS__
|
|
|
|
|
/* Specific beos backend startup actions */
|
|
|
|
|
beos_backend_startup();
|
|
|
|
|
#endif
|
|
|
|
|
free(bn);
|
|
|
|
|
|
2004-01-07 00:15:22 +01:00
|
|
|
proc_exit(BackendRun(port));
|
2003-05-28 21:36:28 +02:00
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
#endif /* EXEC_BACKEND */
|
|
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
if (pid < 0)
|
|
|
|
|
{
|
2004-05-28 07:13:32 +02:00
|
|
|
/* in parent, fork failed */
|
2002-01-06 22:40:02 +01:00
|
|
|
int save_errno = errno;
|
|
|
|
|
|
2000-10-28 20:27:57 +02:00
|
|
|
#ifdef __BEOS__
|
2000-11-12 21:51:52 +01:00
|
|
|
/* Specific beos backend startup actions */
|
2000-10-28 20:27:57 +02:00
|
|
|
beos_backend_startup_failed();
|
|
|
|
|
#endif
|
2002-01-06 22:40:02 +01:00
|
|
|
free(bn);
|
2003-07-22 21:00:12 +02:00
|
|
|
errno = save_errno;
|
|
|
|
|
ereport(LOG,
|
2003-08-04 02:43:34 +02:00
|
|
|
(errmsg("could not fork new process for connection: %m")));
|
2002-01-06 22:40:02 +01:00
|
|
|
report_fork_failure_to_client(port, save_errno);
|
1998-09-01 05:29:17 +02:00
|
|
|
return STATUS_ERROR;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/* in parent, successful fork */
|
2003-08-12 20:23:21 +02:00
|
|
|
ereport(DEBUG2,
|
|
|
|
|
(errmsg_internal("forked new backend, pid=%d socket=%d",
|
|
|
|
|
(int) pid, port->sock)));
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Everything's been successful, it's safe to add this backend to our
|
|
|
|
|
* list of backends.
|
|
|
|
|
*/
|
|
|
|
|
bn->pid = pid;
|
1998-06-09 06:06:12 +02:00
|
|
|
bn->cancel_key = MyCancelKey;
|
2004-05-30 00:48:23 +02:00
|
|
|
DLAddHead(BackendList, DLNewElem(bn));
|
2004-01-26 23:59:54 +01:00
|
|
|
#ifdef EXEC_BACKEND
|
|
|
|
|
ShmemBackendArrayAdd(bn);
|
|
|
|
|
#endif
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1998-09-01 05:29:17 +02:00
|
|
|
return STATUS_OK;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2002-01-06 22:40:02 +01:00
|
|
|
/*
|
|
|
|
|
* Try to report backend fork() failure to client before we close the
|
2002-09-04 22:31:48 +02:00
|
|
|
* connection. Since we do not care to risk blocking the postmaster on
|
2002-01-06 22:40:02 +01:00
|
|
|
* this connection, we set the connection to non-blocking and try only once.
|
|
|
|
|
*
|
|
|
|
|
* This is grungy special-purpose code; we cannot use backend libpq since
|
|
|
|
|
* it's not up and running.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
report_fork_failure_to_client(Port *port, int errnum)
|
|
|
|
|
{
|
|
|
|
|
char buffer[1000];
|
2002-09-04 22:31:48 +02:00
|
|
|
|
2003-07-22 21:00:12 +02:00
|
|
|
/* Format the error message packet (always V2 protocol) */
|
2002-01-06 22:40:02 +01:00
|
|
|
snprintf(buffer, sizeof(buffer), "E%s%s\n",
|
2003-07-22 21:00:12 +02:00
|
|
|
gettext("could not fork new process for connection: "),
|
2002-01-06 22:40:02 +01:00
|
|
|
strerror(errnum));
|
|
|
|
|
|
|
|
|
|
/* Set port to non-blocking. Don't do send() if this fails */
|
2004-03-10 22:12:49 +01:00
|
|
|
if (!set_noblock(port->sock))
|
2002-01-06 22:40:02 +01:00
|
|
|
return;
|
|
|
|
|
|
2002-09-04 22:31:48 +02:00
|
|
|
send(port->sock, buffer, strlen(buffer) + 1, 0);
|
2002-01-06 22:40:02 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
/*
|
1999-05-22 19:47:54 +02:00
|
|
|
* split_opts -- split a string of options and append it to an argv array
|
|
|
|
|
*
|
|
|
|
|
* NB: the string is destructively modified!
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
* Since no current POSTGRES arguments require any quoting characters,
|
|
|
|
|
* we can use the simple-minded tactic of assuming each set of space-
|
|
|
|
|
* delimited characters is a separate argv element.
|
|
|
|
|
*
|
|
|
|
|
* If you don't like that, well, we *used* to pass the whole option string
|
|
|
|
|
* as ONE argument to execl(), which was even less intelligent...
|
|
|
|
|
*/
|
1996-11-10 04:06:38 +01:00
|
|
|
static void
|
1996-07-09 08:22:35 +02:00
|
|
|
split_opts(char **argv, int *argcp, char *s)
|
|
|
|
|
{
|
1997-09-07 07:04:48 +02:00
|
|
|
while (s && *s)
|
|
|
|
|
{
|
2000-12-03 21:45:40 +01:00
|
|
|
while (isspace((unsigned char) *s))
|
1997-09-07 07:04:48 +02:00
|
|
|
++s;
|
1999-05-22 19:47:54 +02:00
|
|
|
if (*s == '\0')
|
|
|
|
|
break;
|
1999-10-08 06:28:57 +02:00
|
|
|
argv[(*argcp)++] = s;
|
2000-12-03 21:45:40 +01:00
|
|
|
while (*s && !isspace((unsigned char) *s))
|
1997-09-07 07:04:48 +02:00
|
|
|
++s;
|
1999-05-22 19:47:54 +02:00
|
|
|
if (*s)
|
1997-09-07 07:04:48 +02:00
|
|
|
*s++ = '\0';
|
|
|
|
|
}
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2003-12-20 18:31:21 +01:00
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
/*
|
2004-05-28 07:13:32 +02:00
|
|
|
* BackendRun -- perform authentication, and if successful,
|
|
|
|
|
* set up the backend's argument list and invoke PostgresMain()
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
1998-09-01 06:40:42 +02:00
|
|
|
* returns:
|
|
|
|
|
* Shouldn't return at all.
|
1999-05-22 19:47:54 +02:00
|
|
|
* If PostgresMain() fails, return status.
|
1996-07-09 08:22:35 +02:00
|
|
|
*/
|
2004-05-28 07:13:32 +02:00
|
|
|
static int
|
|
|
|
|
BackendRun(Port *port)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2003-08-04 02:43:34 +02:00
|
|
|
int status;
|
|
|
|
|
struct timeval now;
|
|
|
|
|
struct timezone tz;
|
2003-06-12 09:36:51 +02:00
|
|
|
char remote_host[NI_MAXHOST];
|
|
|
|
|
char remote_port[NI_MAXSERV];
|
2004-03-15 16:56:28 +01:00
|
|
|
char remote_ps_data[NI_MAXHOST];
|
2004-05-28 07:13:32 +02:00
|
|
|
char **av;
|
|
|
|
|
int maxac;
|
|
|
|
|
int ac;
|
|
|
|
|
char debugbuf[32];
|
|
|
|
|
char protobuf[32];
|
|
|
|
|
int i;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2001-09-30 22:08:18 +02:00
|
|
|
IsUnderPostmaster = true; /* we are a postmaster subprocess now */
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/*
|
|
|
|
|
* Let's clean up ourselves as the postmaster child, and close the
|
2004-05-30 00:48:23 +02:00
|
|
|
* postmaster's listen sockets
|
2004-05-28 07:13:32 +02:00
|
|
|
*/
|
2004-05-30 00:48:23 +02:00
|
|
|
ClosePostmasterPorts();
|
2002-03-04 02:46:04 +01:00
|
|
|
|
1999-07-02 20:09:28 +02:00
|
|
|
/* We don't want the postmaster's proc_exit() handlers */
|
2000-04-12 19:17:23 +02:00
|
|
|
on_exit_reset();
|
1998-05-29 19:00:34 +02:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
1999-10-06 23:58:18 +02:00
|
|
|
* Signal handlers setting is moved to tcop/postgres...
|
1998-05-29 19:00:34 +02:00
|
|
|
*/
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/* Save port etc. for ps status */
|
|
|
|
|
MyProcPort = port;
|
|
|
|
|
|
|
|
|
|
/* Reset MyProcPid to new backend's pid */
|
|
|
|
|
MyProcPid = getpid();
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* PreAuthDelay is a debugging aid for investigating problems in the
|
|
|
|
|
* authentication cycle: it can be set in postgresql.conf to allow
|
|
|
|
|
* time to attach to the newly-forked backend with a debugger. (See
|
|
|
|
|
* also the -W backend switch, which we allow clients to pass through
|
|
|
|
|
* PGOPTIONS, but it is not honored until after authentication.)
|
|
|
|
|
*/
|
|
|
|
|
if (PreAuthDelay > 0)
|
|
|
|
|
pg_usleep(PreAuthDelay * 1000000L);
|
|
|
|
|
|
|
|
|
|
ClientAuthInProgress = true; /* limit visibility of log messages */
|
|
|
|
|
|
2004-02-17 04:54:57 +01:00
|
|
|
/* save start time for end of session reporting */
|
2004-05-27 17:07:41 +02:00
|
|
|
gettimeofday(&(port->session_start), NULL);
|
2004-02-17 04:54:57 +01:00
|
|
|
|
|
|
|
|
/* set these to empty in case they are needed before we set them up */
|
|
|
|
|
port->remote_host = "";
|
|
|
|
|
port->remote_port = "";
|
2004-03-09 05:43:07 +01:00
|
|
|
port->commandTag = "";
|
2004-02-17 04:54:57 +01:00
|
|
|
|
2001-09-21 19:06:12 +02:00
|
|
|
/*
|
2003-08-04 02:43:34 +02:00
|
|
|
* Initialize libpq and enable reporting of ereport errors to the
|
|
|
|
|
* client. Must do this now because authentication uses libpq to send
|
2001-10-25 07:50:21 +02:00
|
|
|
* messages.
|
2001-09-21 19:06:12 +02:00
|
|
|
*/
|
|
|
|
|
pq_init(); /* initialize libpq to talk to client */
|
2003-07-22 21:00:12 +02:00
|
|
|
whereToSendOutput = Remote; /* now safe to ereport to client */
|
2001-09-21 19:06:12 +02:00
|
|
|
|
2001-09-07 18:12:49 +02:00
|
|
|
/*
|
|
|
|
|
* We arrange for a simple exit(0) if we receive SIGTERM or SIGQUIT
|
|
|
|
|
* during any client authentication related communication. Otherwise
|
|
|
|
|
* the postmaster cannot shutdown the database FAST or IMMED cleanly
|
2002-05-29 01:56:51 +02:00
|
|
|
* if a buggy client blocks a backend during authentication.
|
2001-09-07 18:12:49 +02:00
|
|
|
*/
|
|
|
|
|
pqsignal(SIGTERM, authdie);
|
|
|
|
|
pqsignal(SIGQUIT, authdie);
|
2001-09-21 19:06:12 +02:00
|
|
|
pqsignal(SIGALRM, authdie);
|
2001-09-07 18:12:49 +02:00
|
|
|
PG_SETMASK(&AuthBlockSig);
|
|
|
|
|
|
2001-08-01 00:55:45 +02:00
|
|
|
/*
|
2002-05-29 01:56:51 +02:00
|
|
|
* Get the remote host name and port for logging and status display.
|
2001-10-19 02:44:08 +02:00
|
|
|
*/
|
2003-06-12 09:36:51 +02:00
|
|
|
remote_host[0] = '\0';
|
|
|
|
|
remote_port[0] = '\0';
|
2003-07-24 01:30:41 +02:00
|
|
|
if (getnameinfo_all(&port->raddr.addr, port->raddr.salen,
|
|
|
|
|
remote_host, sizeof(remote_host),
|
|
|
|
|
remote_port, sizeof(remote_port),
|
2003-08-04 02:43:34 +02:00
|
|
|
(log_hostname ? 0 : NI_NUMERICHOST) | NI_NUMERICSERV))
|
2001-10-19 02:44:08 +02:00
|
|
|
{
|
2004-05-27 17:07:41 +02:00
|
|
|
int ret = getnameinfo_all(&port->raddr.addr, port->raddr.salen,
|
|
|
|
|
remote_host, sizeof(remote_host),
|
|
|
|
|
remote_port, sizeof(remote_port),
|
|
|
|
|
NI_NUMERICHOST | NI_NUMERICSERV);
|
|
|
|
|
|
2004-05-26 20:35:51 +02:00
|
|
|
if (ret)
|
|
|
|
|
ereport(WARNING,
|
2004-05-27 17:07:41 +02:00
|
|
|
(errmsg("getnameinfo_all() failed: %s",
|
|
|
|
|
gai_strerror(ret))));
|
2001-10-19 02:44:08 +02:00
|
|
|
}
|
2004-03-15 16:56:28 +01:00
|
|
|
snprintf(remote_ps_data, sizeof(remote_ps_data),
|
|
|
|
|
remote_port[0] == '\0' ? "%s" : "%s(%s)",
|
|
|
|
|
remote_host, remote_port);
|
2003-06-12 09:36:51 +02:00
|
|
|
|
|
|
|
|
if (Log_connections)
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errmsg("connection received: host=%s port=%s",
|
|
|
|
|
remote_host, remote_port)));
|
2002-05-29 01:56:51 +02:00
|
|
|
|
2004-02-17 04:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* save remote_host and remote_port in port stucture
|
|
|
|
|
*/
|
|
|
|
|
port->remote_host = strdup(remote_host);
|
|
|
|
|
port->remote_port = strdup(remote_port);
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/*
|
|
|
|
|
* In EXEC_BACKEND case, we didn't inherit the contents of pg_hba.c
|
|
|
|
|
* etcetera from the postmaster, and have to load them ourselves.
|
|
|
|
|
* Build the PostmasterContext (which didn't exist before, in this
|
|
|
|
|
* process) to contain the data.
|
|
|
|
|
*
|
|
|
|
|
* FIXME: [fork/exec] Ugh. Is there a way around this overhead?
|
|
|
|
|
*/
|
|
|
|
|
#ifdef EXEC_BACKEND
|
|
|
|
|
Assert(PostmasterContext == NULL);
|
|
|
|
|
PostmasterContext = AllocSetContextCreate(TopMemoryContext,
|
|
|
|
|
"Postmaster",
|
|
|
|
|
ALLOCSET_DEFAULT_MINSIZE,
|
|
|
|
|
ALLOCSET_DEFAULT_INITSIZE,
|
|
|
|
|
ALLOCSET_DEFAULT_MAXSIZE);
|
|
|
|
|
MemoryContextSwitchTo(PostmasterContext);
|
|
|
|
|
|
|
|
|
|
load_hba();
|
|
|
|
|
load_ident();
|
|
|
|
|
load_user();
|
|
|
|
|
load_group();
|
|
|
|
|
#endif
|
|
|
|
|
|
2002-05-29 01:56:51 +02:00
|
|
|
/*
|
|
|
|
|
* Ready to begin client interaction. We will give up and exit(0)
|
|
|
|
|
* after a time delay, so that a broken client can't hog a connection
|
|
|
|
|
* indefinitely. PreAuthDelay doesn't count against the time limit.
|
|
|
|
|
*/
|
2002-07-13 03:02:14 +02:00
|
|
|
if (!enable_sig_alarm(AuthenticationTimeout * 1000, false))
|
2003-07-22 21:00:12 +02:00
|
|
|
elog(FATAL, "could not set timer for authorization timeout");
|
2002-05-29 01:56:51 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Receive the startup packet (which might turn out to be a cancel
|
|
|
|
|
* request packet).
|
|
|
|
|
*/
|
|
|
|
|
status = ProcessStartupPacket(port, false);
|
|
|
|
|
|
|
|
|
|
if (status != STATUS_OK)
|
2004-01-10 00:11:39 +01:00
|
|
|
proc_exit(0);
|
2002-05-29 01:56:51 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Now that we have the user and database name, we can set the process
|
|
|
|
|
* title for ps. It's good to do this as early as possible in
|
|
|
|
|
* startup.
|
2001-10-19 02:44:08 +02:00
|
|
|
*/
|
2004-03-15 16:56:28 +01:00
|
|
|
init_ps_display(port->user_name, port->database_name, remote_ps_data);
|
2001-10-19 02:44:08 +02:00
|
|
|
set_ps_display("authentication");
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Now perform authentication exchange.
|
|
|
|
|
*/
|
|
|
|
|
ClientAuthentication(port); /* might not return, if failure */
|
2001-08-01 00:55:45 +02:00
|
|
|
|
2001-09-08 03:10:21 +02:00
|
|
|
/*
|
2001-10-25 07:50:21 +02:00
|
|
|
* Done with authentication. Disable timeout, and prevent
|
|
|
|
|
* SIGTERM/SIGQUIT again until backend startup is complete.
|
2001-09-08 03:10:21 +02:00
|
|
|
*/
|
2002-07-13 03:02:14 +02:00
|
|
|
if (!disable_sig_alarm(false))
|
2003-07-22 21:00:12 +02:00
|
|
|
elog(FATAL, "could not disable timer for authorization timeout");
|
2001-09-07 18:12:49 +02:00
|
|
|
PG_SETMASK(&BlockSig);
|
|
|
|
|
|
2001-10-19 02:44:08 +02:00
|
|
|
if (Log_connections)
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errmsg("connection authorized: user=%s database=%s",
|
|
|
|
|
port->user_name, port->database_name)));
|
2001-10-19 02:44:08 +02:00
|
|
|
|
1998-07-09 05:29:11 +02:00
|
|
|
/*
|
|
|
|
|
* Don't want backend to be able to see the postmaster random number
|
|
|
|
|
* generator state. We have to clobber the static random_seed *and*
|
|
|
|
|
* start a new random sequence in the random() library function.
|
|
|
|
|
*/
|
|
|
|
|
random_seed = 0;
|
|
|
|
|
gettimeofday(&now, &tz);
|
2000-08-07 02:51:42 +02:00
|
|
|
srandom((unsigned int) now.tv_usec);
|
2003-12-20 18:31:21 +01:00
|
|
|
|
|
|
|
|
|
1999-05-22 19:47:54 +02:00
|
|
|
/* ----------------
|
|
|
|
|
* Now, build the argv vector that will be given to PostgresMain.
|
|
|
|
|
*
|
|
|
|
|
* The layout of the command line is
|
|
|
|
|
* postgres [secure switches] -p databasename [insecure switches]
|
|
|
|
|
* where the switches after -p come from the client request.
|
2003-04-18 00:26:02 +02:00
|
|
|
*
|
|
|
|
|
* The maximum possible number of commandline arguments that could come
|
|
|
|
|
* from ExtraOptions or port->cmdline_options is (strlen + 1) / 2; see
|
|
|
|
|
* split_opts().
|
1999-05-22 19:47:54 +02:00
|
|
|
* ----------------
|
|
|
|
|
*/
|
2003-04-18 00:26:02 +02:00
|
|
|
maxac = 10; /* for fixed args supplied below */
|
|
|
|
|
maxac += (strlen(ExtraOptions) + 1) / 2;
|
|
|
|
|
if (port->cmdline_options)
|
|
|
|
|
maxac += (strlen(port->cmdline_options) + 1) / 2;
|
|
|
|
|
|
|
|
|
|
av = (char **) MemoryContextAlloc(TopMemoryContext,
|
|
|
|
|
maxac * sizeof(char *));
|
|
|
|
|
ac = 0;
|
1998-05-29 19:00:34 +02:00
|
|
|
|
2000-06-04 03:44:38 +02:00
|
|
|
av[ac++] = "postgres";
|
1998-05-29 19:00:34 +02:00
|
|
|
|
2002-09-26 07:17:00 +02:00
|
|
|
/*
|
|
|
|
|
* Pass the requested debugging level along to the backend.
|
|
|
|
|
*/
|
|
|
|
|
if (debug_flag > 0)
|
|
|
|
|
{
|
2003-04-18 00:26:02 +02:00
|
|
|
snprintf(debugbuf, sizeof(debugbuf), "-d%d", debug_flag);
|
2002-09-26 07:17:00 +02:00
|
|
|
av[ac++] = debugbuf;
|
|
|
|
|
}
|
|
|
|
|
|
1999-05-22 19:47:54 +02:00
|
|
|
/*
|
1999-05-25 18:15:34 +02:00
|
|
|
* Pass any backend switches specified with -o in the postmaster's own
|
2004-05-28 07:13:32 +02:00
|
|
|
* command line. We assume these are secure. (It's OK to mangle
|
|
|
|
|
* ExtraOptions now, since we're safely inside a subprocess.)
|
1999-05-22 19:47:54 +02:00
|
|
|
*/
|
2004-01-07 00:15:22 +01:00
|
|
|
split_opts(av, &ac, ExtraOptions);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
/* Tell the backend what protocol the frontend is using. */
|
2003-04-18 00:26:02 +02:00
|
|
|
snprintf(protobuf, sizeof(protobuf), "-v%u", port->proto);
|
1998-01-26 02:42:53 +01:00
|
|
|
av[ac++] = protobuf;
|
|
|
|
|
|
2003-12-20 18:31:21 +01:00
|
|
|
/*
|
2004-01-07 00:15:22 +01:00
|
|
|
* Tell the backend it is being called from the postmaster, and which
|
|
|
|
|
* database to use. -p marks the end of secure switches.
|
2003-12-20 18:31:21 +01:00
|
|
|
*/
|
|
|
|
|
av[ac++] = "-p";
|
2003-04-18 00:26:02 +02:00
|
|
|
av[ac++] = port->database_name;
|
2003-08-04 02:43:34 +02:00
|
|
|
|
1999-05-22 19:47:54 +02:00
|
|
|
/*
|
|
|
|
|
* Pass the (insecure) option switches from the connection request.
|
2003-04-18 00:26:02 +02:00
|
|
|
* (It's OK to mangle port->cmdline_options now.)
|
1999-05-22 19:47:54 +02:00
|
|
|
*/
|
2003-04-18 00:26:02 +02:00
|
|
|
if (port->cmdline_options)
|
|
|
|
|
split_opts(av, &ac, port->cmdline_options);
|
2001-08-01 00:55:45 +02:00
|
|
|
|
2004-01-07 19:56:30 +01:00
|
|
|
av[ac] = NULL;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2003-04-18 00:26:02 +02:00
|
|
|
Assert(ac < maxac);
|
|
|
|
|
|
2001-08-01 00:55:45 +02:00
|
|
|
/*
|
|
|
|
|
* Release postmaster's working memory context so that backend can
|
|
|
|
|
* recycle the space. Note this does not trash *MyProcPort, because
|
|
|
|
|
* ConnCreate() allocated that space with malloc() ... else we'd need
|
2003-08-04 02:43:34 +02:00
|
|
|
* to copy the Port data here. Also, subsidiary data such as the
|
2003-04-18 00:26:02 +02:00
|
|
|
* username isn't lost either; see ProcessStartupPacket().
|
2001-08-01 00:55:45 +02:00
|
|
|
*/
|
|
|
|
|
MemoryContextSwitchTo(TopMemoryContext);
|
|
|
|
|
MemoryContextDelete(PostmasterContext);
|
|
|
|
|
PostmasterContext = NULL;
|
|
|
|
|
|
2000-06-28 05:33:33 +02:00
|
|
|
/*
|
|
|
|
|
* Debug: print arguments being passed to backend
|
|
|
|
|
*/
|
2003-08-12 20:23:21 +02:00
|
|
|
ereport(DEBUG3,
|
|
|
|
|
(errmsg_internal("%s child[%d]: starting with (",
|
2003-12-20 18:31:21 +01:00
|
|
|
progname, getpid())));
|
Commit to match discussed elog() changes. Only update is that LOG is
now just below FATAL in server_min_messages. Added more text to
highlight ordering difference between it and client_min_messages.
---------------------------------------------------------------------------
REALLYFATAL => PANIC
STOP => PANIC
New INFO level the prints to client by default
New LOG level the prints to server log by default
Cause VACUUM information to print only to the client
NOTICE => INFO where purely information messages are sent
DEBUG => LOG for purely server status messages
DEBUG removed, kept as backward compatible
DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added
DebugLvl removed in favor of new DEBUG[1-5] symbols
New server_min_messages GUC parameter with values:
DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC
New client_min_messages GUC parameter with values:
DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC
Server startup now logged with LOG instead of DEBUG
Remove debug_level GUC parameter
elog() numbers now start at 10
Add test to print error message if older elog() values are passed to elog()
Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
|
|
|
for (i = 0; i < ac; ++i)
|
2003-08-12 20:23:21 +02:00
|
|
|
ereport(DEBUG3,
|
|
|
|
|
(errmsg_internal("\t%s", av[i])));
|
|
|
|
|
ereport(DEBUG3,
|
|
|
|
|
(errmsg_internal(")")));
|
2002-03-04 02:46:04 +01:00
|
|
|
|
2002-09-04 22:31:48 +02:00
|
|
|
ClientAuthInProgress = false; /* client_min_messages is active
|
|
|
|
|
* now */
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2003-04-18 00:26:02 +02:00
|
|
|
return (PostgresMain(ac, av, port->user_name));
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2004-01-07 00:15:22 +01:00
|
|
|
|
|
|
|
|
#ifdef EXEC_BACKEND
|
|
|
|
|
|
|
|
|
|
/*
|
2004-05-28 07:13:32 +02:00
|
|
|
* postmaster_forkexec -- fork and exec a postmaster subprocess
|
2004-01-07 00:15:22 +01:00
|
|
|
*
|
2004-05-28 07:13:32 +02:00
|
|
|
* The caller must have set up the argv array already, except for argv[2]
|
|
|
|
|
* which will be filled with the name of the temp variable file.
|
|
|
|
|
*
|
|
|
|
|
* Returns the child process PID, or -1 on fork failure (a suitable error
|
|
|
|
|
* message has been logged on failure).
|
|
|
|
|
*
|
|
|
|
|
* All uses of this routine will dispatch to SubPostmasterMain in the
|
|
|
|
|
* child process.
|
2004-01-07 00:15:22 +01:00
|
|
|
*/
|
2004-05-28 07:13:32 +02:00
|
|
|
pid_t
|
|
|
|
|
postmaster_forkexec(int argc, char *argv[])
|
2004-01-07 00:15:22 +01:00
|
|
|
{
|
2004-05-27 17:07:41 +02:00
|
|
|
Port port;
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/* This entry point passes dummy values for the Port variables */
|
|
|
|
|
memset(&port, 0, sizeof(port));
|
|
|
|
|
return internal_forkexec(argc, argv, &port);
|
|
|
|
|
}
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/*
|
|
|
|
|
* backend_forkexec -- fork/exec off a backend process
|
|
|
|
|
*
|
|
|
|
|
* returns the pid of the fork/exec'd process, or -1 on failure
|
|
|
|
|
*/
|
|
|
|
|
static pid_t
|
|
|
|
|
backend_forkexec(Port *port)
|
|
|
|
|
{
|
|
|
|
|
char *av[4];
|
|
|
|
|
int ac = 0;
|
2004-01-26 23:59:54 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
av[ac++] = "postgres";
|
|
|
|
|
av[ac++] = "-forkbackend";
|
|
|
|
|
av[ac++] = NULL; /* filled in by internal_forkexec */
|
2004-01-28 22:02:40 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
av[ac] = NULL;
|
|
|
|
|
Assert(ac < lengthof(av));
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
return internal_forkexec(ac, av, port);
|
|
|
|
|
}
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
static pid_t
|
|
|
|
|
internal_forkexec(int argc, char *argv[], Port *port)
|
|
|
|
|
{
|
|
|
|
|
pid_t pid;
|
|
|
|
|
char tmpfilename[MAXPGPATH];
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
if (!write_backend_variables(tmpfilename, port))
|
|
|
|
|
return -1; /* log made by write_backend_variables */
|
2004-03-09 06:11:53 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/* Make sure caller set up argv properly */
|
|
|
|
|
Assert(argc >= 3);
|
|
|
|
|
Assert(argv[argc] == NULL);
|
|
|
|
|
Assert(strncmp(argv[1], "-fork", 5) == 0);
|
|
|
|
|
Assert(argv[2] == NULL);
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/* Insert temp file name after -fork argument */
|
|
|
|
|
argv[2] = tmpfilename;
|
2004-01-26 23:59:54 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
#ifdef WIN32
|
|
|
|
|
pid = win32_forkexec(postgres_exec_path, argv);
|
|
|
|
|
#else
|
|
|
|
|
/* Fire off execv in child */
|
|
|
|
|
if ((pid = fork()) == 0)
|
|
|
|
|
{
|
|
|
|
|
if (execv(postgres_exec_path, argv) < 0)
|
|
|
|
|
{
|
|
|
|
|
ereport(LOG,
|
|
|
|
|
(errmsg("could not exec backend process \"%s\": %m",
|
|
|
|
|
postgres_exec_path)));
|
|
|
|
|
/* We're already in the child process here, can't return */
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
return pid; /* Parent returns pid, or -1 on fork failure */
|
|
|
|
|
}
|
2004-01-07 00:15:22 +01:00
|
|
|
|
|
|
|
|
/*
|
2004-05-28 07:13:32 +02:00
|
|
|
* SubPostmasterMain -- Get the fork/exec'd process into a state equivalent
|
|
|
|
|
* to what it would be if we'd simply forked on Unix, and then
|
|
|
|
|
* dispatch to the appropriate place.
|
2004-01-07 00:15:22 +01:00
|
|
|
*
|
2004-05-28 07:13:32 +02:00
|
|
|
* The first two command line arguments are expected to be "-forkFOO"
|
|
|
|
|
* (where FOO indicates which postmaster child we are to become), and
|
|
|
|
|
* the name of a variables file that we can read to load data that would
|
|
|
|
|
* have been inherited by fork() on Unix. Remaining arguments go to the
|
|
|
|
|
* subprocess FooMain() routine.
|
2004-01-07 00:15:22 +01:00
|
|
|
*/
|
2004-05-28 07:13:32 +02:00
|
|
|
int
|
|
|
|
|
SubPostmasterMain(int argc, char *argv[])
|
2004-01-07 00:15:22 +01:00
|
|
|
{
|
2004-05-28 07:13:32 +02:00
|
|
|
Port port;
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/* Do this sooner rather than later... */
|
|
|
|
|
IsUnderPostmaster = true; /* we are a postmaster subprocess now */
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
MyProcPid = getpid(); /* reset MyProcPid */
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/* In EXEC_BACKEND case we will not have inherited these settings */
|
|
|
|
|
IsPostmasterEnvironment = true;
|
|
|
|
|
whereToSendOutput = None;
|
|
|
|
|
pqinitmask();
|
|
|
|
|
PG_SETMASK(&BlockSig);
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/* Setup essential subsystems */
|
|
|
|
|
MemoryContextInit();
|
|
|
|
|
InitializeGUCOptions();
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/* Check we got appropriate args */
|
|
|
|
|
if (argc < 3)
|
|
|
|
|
elog(FATAL, "invalid subpostmaster invocation");
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/* Read in file-based context */
|
|
|
|
|
memset(&port, 0, sizeof(Port));
|
|
|
|
|
read_backend_variables(argv[2], &port);
|
|
|
|
|
read_nondefault_variables();
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/* Run backend or appropriate child */
|
|
|
|
|
if (strcmp(argv[1], "-forkbackend") == 0)
|
|
|
|
|
{
|
|
|
|
|
/* BackendRun will close sockets */
|
|
|
|
|
|
|
|
|
|
/* Attach process to shared segments */
|
|
|
|
|
CreateSharedMemoryAndSemaphores(false, MaxBackends, 0);
|
2004-05-27 17:07:41 +02:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
Assert(argc == 3); /* shouldn't be any more args */
|
|
|
|
|
proc_exit(BackendRun(&port));
|
|
|
|
|
}
|
|
|
|
|
if (strcmp(argv[1], "-forkboot") == 0)
|
|
|
|
|
{
|
|
|
|
|
/* Close the postmaster's sockets */
|
2004-05-30 00:48:23 +02:00
|
|
|
ClosePostmasterPorts();
|
2004-05-28 07:13:32 +02:00
|
|
|
|
|
|
|
|
/* Attach process to shared segments */
|
|
|
|
|
CreateSharedMemoryAndSemaphores(false, MaxBackends, 0);
|
|
|
|
|
|
|
|
|
|
BootstrapMain(argc - 2, argv + 2);
|
2004-05-30 00:48:23 +02:00
|
|
|
proc_exit(0);
|
2004-05-28 07:13:32 +02:00
|
|
|
}
|
2004-07-19 04:47:16 +02:00
|
|
|
if (strcmp(argv[1], "-forkarch") == 0)
|
|
|
|
|
{
|
|
|
|
|
/* Close the postmaster's sockets */
|
|
|
|
|
ClosePostmasterPorts();
|
|
|
|
|
|
|
|
|
|
/* Do not want to attach to shared memory */
|
|
|
|
|
|
|
|
|
|
PgArchiverMain(argc, argv);
|
|
|
|
|
proc_exit(0);
|
|
|
|
|
}
|
2004-05-28 07:13:32 +02:00
|
|
|
if (strcmp(argv[1], "-forkbuf") == 0)
|
|
|
|
|
{
|
|
|
|
|
/* Close the postmaster's sockets */
|
2004-05-30 00:48:23 +02:00
|
|
|
ClosePostmasterPorts();
|
2004-05-28 07:13:32 +02:00
|
|
|
|
|
|
|
|
/* Do not want to attach to shared memory */
|
|
|
|
|
|
|
|
|
|
PgstatBufferMain(argc, argv);
|
2004-05-30 00:48:23 +02:00
|
|
|
proc_exit(0);
|
2004-05-28 07:13:32 +02:00
|
|
|
}
|
|
|
|
|
if (strcmp(argv[1], "-forkcol") == 0)
|
|
|
|
|
{
|
2004-01-07 00:15:22 +01:00
|
|
|
/*
|
2004-05-28 07:13:32 +02:00
|
|
|
* Do NOT close postmaster sockets here, because we are forking from
|
|
|
|
|
* pgstat buffer process, which already did it.
|
2004-01-07 00:15:22 +01:00
|
|
|
*/
|
2004-05-28 07:13:32 +02:00
|
|
|
|
|
|
|
|
/* Do not want to attach to shared memory */
|
|
|
|
|
|
|
|
|
|
PgstatCollectorMain(argc, argv);
|
2004-05-30 00:48:23 +02:00
|
|
|
proc_exit(0);
|
2004-05-28 07:13:32 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 1; /* shouldn't get here */
|
2004-01-07 00:15:22 +01:00
|
|
|
}
|
2004-05-28 07:13:32 +02:00
|
|
|
|
|
|
|
|
#endif /* EXEC_BACKEND */
|
2004-01-07 00:15:22 +01:00
|
|
|
|
|
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
/*
|
|
|
|
|
* ExitPostmaster -- cleanup
|
2000-11-29 21:59:54 +01:00
|
|
|
*
|
|
|
|
|
* Do NOT call exit() directly --- always go through here!
|
1996-07-09 08:22:35 +02:00
|
|
|
*/
|
2003-07-27 23:49:55 +02:00
|
|
|
static void
|
1996-07-09 08:22:35 +02:00
|
|
|
ExitPostmaster(int status)
|
|
|
|
|
{
|
1997-09-07 07:04:48 +02:00
|
|
|
/* should cleanup shared memory and kill all backends */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Not sure of the semantics here. When the Postmaster dies, should
|
|
|
|
|
* the backends all be killed? probably not.
|
1999-10-06 23:58:18 +02:00
|
|
|
*
|
|
|
|
|
* MUST -- vadim 05-10-1999
|
1997-09-07 07:04:48 +02:00
|
|
|
*/
|
2000-05-26 03:38:08 +02:00
|
|
|
|
1998-06-27 06:53:49 +02:00
|
|
|
proc_exit(status);
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2001-11-04 20:55:31 +01:00
|
|
|
/*
|
|
|
|
|
* sigusr1_handler - handle signal conditions from child processes
|
|
|
|
|
*/
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
static void
|
2001-11-04 20:55:31 +01:00
|
|
|
sigusr1_handler(SIGNAL_ARGS)
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
{
|
|
|
|
|
int save_errno = errno;
|
|
|
|
|
|
|
|
|
|
PG_SETMASK(&BlockSig);
|
|
|
|
|
|
2001-11-04 20:55:31 +01:00
|
|
|
if (CheckPostmasterSignal(PMSIGNAL_PASSWORD_CHANGE))
|
|
|
|
|
{
|
|
|
|
|
/*
|
2002-04-04 06:25:54 +02:00
|
|
|
* Password or group file has changed.
|
2001-11-04 20:55:31 +01:00
|
|
|
*/
|
2002-04-04 06:25:54 +02:00
|
|
|
load_user();
|
|
|
|
|
load_group();
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
}
|
|
|
|
|
|
2001-11-04 20:55:31 +01:00
|
|
|
if (CheckPostmasterSignal(PMSIGNAL_WAKEN_CHILDREN))
|
|
|
|
|
{
|
|
|
|
|
/*
|
2004-05-27 17:07:41 +02:00
|
|
|
* Send SIGUSR1 to all children (triggers
|
|
|
|
|
* CatchupInterruptHandler). See storage/ipc/sinval[adt].c for the
|
|
|
|
|
* use of this.
|
2001-11-04 20:55:31 +01:00
|
|
|
*/
|
2004-05-30 00:48:23 +02:00
|
|
|
if (Shutdown <= SmartShutdown)
|
2004-05-23 05:50:45 +02:00
|
|
|
SignalChildren(SIGUSR1);
|
2001-11-04 20:55:31 +01:00
|
|
|
}
|
2004-07-19 04:47:16 +02:00
|
|
|
|
|
|
|
|
if (PgArchPID != 0 && Shutdown == NoShutdown)
|
|
|
|
|
{
|
|
|
|
|
if (CheckPostmasterSignal(PMSIGNAL_WAKEN_ARCHIVER))
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Send SIGUSR1 to archiver process, to wake it up and begin
|
|
|
|
|
* archiving next transaction log file.
|
|
|
|
|
*/
|
|
|
|
|
kill(PgArchPID, SIGUSR1);
|
|
|
|
|
}
|
|
|
|
|
}
|
2001-11-04 20:55:31 +01:00
|
|
|
|
|
|
|
|
PG_SETMASK(&UnBlockSig);
|
|
|
|
|
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
errno = save_errno;
|
|
|
|
|
}
|
|
|
|
|
|
1997-12-04 01:28:15 +01:00
|
|
|
|
2001-11-04 20:55:31 +01:00
|
|
|
/*
|
|
|
|
|
* Dummy signal handler
|
|
|
|
|
*
|
|
|
|
|
* We use this for signals that we don't actually use in the postmaster,
|
2004-05-30 00:48:23 +02:00
|
|
|
* but we do use in backends. If we were to SIG_IGN such signals in the
|
|
|
|
|
* postmaster, then a newly started backend might drop a signal that arrives
|
|
|
|
|
* before it's able to reconfigure its signal processing. (See notes in
|
|
|
|
|
* tcop/postgres.c.)
|
2001-11-04 20:55:31 +01:00
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
dummy_handler(SIGNAL_ARGS)
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
1997-12-04 01:28:15 +01:00
|
|
|
/*
|
2001-09-21 22:31:49 +02:00
|
|
|
* CharRemap: given an int in range 0..61, produce textual encoding of it
|
|
|
|
|
* per crypt(3) conventions.
|
1997-12-04 01:28:15 +01:00
|
|
|
*/
|
|
|
|
|
static char
|
2001-09-21 22:31:49 +02:00
|
|
|
CharRemap(long ch)
|
1998-02-26 05:46:47 +01:00
|
|
|
{
|
|
|
|
|
if (ch < 0)
|
|
|
|
|
ch = -ch;
|
|
|
|
|
ch = ch % 62;
|
2001-09-21 22:31:49 +02:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
if (ch < 26)
|
1998-09-01 05:29:17 +02:00
|
|
|
return 'A' + ch;
|
1997-12-04 01:28:15 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
ch -= 26;
|
|
|
|
|
if (ch < 26)
|
1998-09-01 05:29:17 +02:00
|
|
|
return 'a' + ch;
|
1997-12-04 01:28:15 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
ch -= 26;
|
1998-09-01 05:29:17 +02:00
|
|
|
return '0' + ch;
|
1997-12-04 01:28:15 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* RandomSalt
|
|
|
|
|
*/
|
|
|
|
|
static void
|
2001-08-17 04:59:20 +02:00
|
|
|
RandomSalt(char *cryptSalt, char *md5Salt)
|
1998-06-08 06:27:59 +02:00
|
|
|
{
|
1998-09-01 06:40:42 +02:00
|
|
|
long rand = PostmasterRandom();
|
|
|
|
|
|
2001-08-17 04:59:20 +02:00
|
|
|
cryptSalt[0] = CharRemap(rand % 62);
|
|
|
|
|
cryptSalt[1] = CharRemap(rand / 62);
|
2001-10-25 07:50:21 +02:00
|
|
|
|
2001-09-21 22:31:49 +02:00
|
|
|
/*
|
2001-10-25 07:50:21 +02:00
|
|
|
* It's okay to reuse the first random value for one of the MD5 salt
|
|
|
|
|
* bytes, since only one of the two salts will be sent to the client.
|
|
|
|
|
* After that we need to compute more random bits.
|
2001-09-21 22:31:49 +02:00
|
|
|
*
|
|
|
|
|
* We use % 255, sacrificing one possible byte value, so as to ensure
|
2001-10-25 07:50:21 +02:00
|
|
|
* that all bits of the random() value participate in the result.
|
|
|
|
|
* While at it, add one to avoid generating any null bytes.
|
2001-09-21 22:31:49 +02:00
|
|
|
*/
|
|
|
|
|
md5Salt[0] = (rand % 255) + 1;
|
|
|
|
|
rand = PostmasterRandom();
|
|
|
|
|
md5Salt[1] = (rand % 255) + 1;
|
|
|
|
|
rand = PostmasterRandom();
|
|
|
|
|
md5Salt[2] = (rand % 255) + 1;
|
2001-08-17 04:59:20 +02:00
|
|
|
rand = PostmasterRandom();
|
2001-09-21 22:31:49 +02:00
|
|
|
md5Salt[3] = (rand % 255) + 1;
|
1998-06-08 06:27:59 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* PostmasterRandom
|
|
|
|
|
*/
|
|
|
|
|
static long
|
|
|
|
|
PostmasterRandom(void)
|
1998-02-26 05:46:47 +01:00
|
|
|
{
|
|
|
|
|
static bool initialized = false;
|
1997-12-04 01:28:15 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
if (!initialized)
|
|
|
|
|
{
|
2000-06-23 00:31:24 +02:00
|
|
|
Assert(random_seed != 0);
|
1998-06-08 06:27:59 +02:00
|
|
|
srandom(random_seed);
|
1998-02-26 05:46:47 +01:00
|
|
|
initialized = true;
|
|
|
|
|
}
|
1997-12-04 01:28:15 +01:00
|
|
|
|
2001-09-21 22:31:49 +02:00
|
|
|
return random();
|
1997-12-04 01:28:15 +01:00
|
|
|
}
|
1999-01-30 21:04:37 +01:00
|
|
|
|
|
|
|
|
/*
|
2004-06-14 20:08:19 +02:00
|
|
|
* Count up number of child processes (regular backends only)
|
1999-01-30 21:04:37 +01:00
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
CountChildren(void)
|
|
|
|
|
{
|
|
|
|
|
Dlelem *curr;
|
|
|
|
|
int cnt = 0;
|
|
|
|
|
|
|
|
|
|
for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
|
|
|
|
|
{
|
2004-05-30 00:48:23 +02:00
|
|
|
cnt++;
|
|
|
|
|
}
|
1999-01-30 21:04:37 +01:00
|
|
|
return cnt;
|
|
|
|
|
}
|
1999-09-27 05:13:16 +02:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* StartChildProcess -- start a non-backend child process for the postmaster
|
2001-03-14 18:58:46 +01:00
|
|
|
*
|
2004-05-28 07:13:32 +02:00
|
|
|
* xlog determines what kind of child will be started. All child types
|
|
|
|
|
* initially go to BootstrapMain, which will handle common setup.
|
2004-01-07 00:15:22 +01:00
|
|
|
*
|
2004-05-30 00:48:23 +02:00
|
|
|
* Return value of StartChildProcess is subprocess' PID, or 0 if failed
|
|
|
|
|
* to start subprocess.
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
*/
|
2004-05-28 07:13:32 +02:00
|
|
|
static pid_t
|
2004-05-30 00:48:23 +02:00
|
|
|
StartChildProcess(int xlop)
|
2003-12-25 04:52:51 +01:00
|
|
|
{
|
2004-05-28 07:13:32 +02:00
|
|
|
pid_t pid;
|
|
|
|
|
char *av[10];
|
|
|
|
|
int ac = 0;
|
|
|
|
|
char xlbuf[32];
|
|
|
|
|
#ifdef LINUX_PROFILE
|
|
|
|
|
struct itimerval prof_itimer;
|
|
|
|
|
#endif
|
2003-12-25 04:52:51 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/*
|
|
|
|
|
* Set up command-line arguments for subprocess
|
|
|
|
|
*/
|
|
|
|
|
av[ac++] = "postgres";
|
2003-12-25 04:52:51 +01:00
|
|
|
|
2004-01-28 22:02:40 +01:00
|
|
|
#ifdef EXEC_BACKEND
|
2004-05-28 07:13:32 +02:00
|
|
|
av[ac++] = "-forkboot";
|
|
|
|
|
av[ac++] = NULL; /* filled in by postmaster_forkexec */
|
2004-01-28 22:02:40 +01:00
|
|
|
#endif
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
snprintf(xlbuf, sizeof(xlbuf), "-x%d", xlop);
|
|
|
|
|
av[ac++] = xlbuf;
|
2004-01-28 22:02:40 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
av[ac++] = "-p";
|
|
|
|
|
av[ac++] = "template1";
|
|
|
|
|
|
|
|
|
|
av[ac] = NULL;
|
|
|
|
|
Assert(ac < lengthof(av));
|
2003-12-25 04:52:51 +01:00
|
|
|
|
|
|
|
|
/*
|
2004-05-28 07:13:32 +02:00
|
|
|
* Flush stdio channels (see comments in BackendStartup)
|
2003-12-25 04:52:51 +01:00
|
|
|
*/
|
2004-05-28 07:13:32 +02:00
|
|
|
fflush(stdout);
|
|
|
|
|
fflush(stderr);
|
2003-12-25 04:52:51 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
#ifdef EXEC_BACKEND
|
2004-05-27 17:07:41 +02:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
pid = postmaster_forkexec(ac, av);
|
1999-10-06 23:58:18 +02:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
#else /* !EXEC_BACKEND */
|
1999-10-06 23:58:18 +02:00
|
|
|
|
2002-03-02 21:46:12 +01:00
|
|
|
#ifdef LINUX_PROFILE
|
2004-05-28 07:13:32 +02:00
|
|
|
/* see comments in BackendStartup */
|
2002-03-02 21:46:12 +01:00
|
|
|
getitimer(ITIMER_PROF, &prof_itimer);
|
|
|
|
|
#endif
|
|
|
|
|
|
2000-12-18 19:45:05 +01:00
|
|
|
#ifdef __BEOS__
|
|
|
|
|
/* Specific beos actions before backend startup */
|
|
|
|
|
beos_before_backend_startup();
|
|
|
|
|
#endif
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
pid = fork();
|
2003-08-04 02:43:34 +02:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
if (pid == 0) /* child */
|
|
|
|
|
{
|
2002-03-02 21:46:12 +01:00
|
|
|
#ifdef LINUX_PROFILE
|
|
|
|
|
setitimer(ITIMER_PROF, &prof_itimer, NULL);
|
|
|
|
|
#endif
|
|
|
|
|
|
2000-12-18 19:45:05 +01:00
|
|
|
#ifdef __BEOS__
|
|
|
|
|
/* Specific beos actions after backend startup */
|
|
|
|
|
beos_backend_startup();
|
|
|
|
|
#endif
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
IsUnderPostmaster = true; /* we are a postmaster subprocess now */
|
|
|
|
|
|
2001-02-08 01:35:10 +01:00
|
|
|
/* Close the postmaster's sockets */
|
2004-05-30 00:48:23 +02:00
|
|
|
ClosePostmasterPorts();
|
2001-02-08 01:35:10 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/* Lose the postmaster's on-exit routines and port connections */
|
|
|
|
|
on_exit_reset();
|
1999-10-06 23:58:18 +02:00
|
|
|
|
2004-07-31 02:45:57 +02:00
|
|
|
/* Release postmaster's working memory context */
|
|
|
|
|
MemoryContextSwitchTo(TopMemoryContext);
|
|
|
|
|
MemoryContextDelete(PostmasterContext);
|
|
|
|
|
PostmasterContext = NULL;
|
|
|
|
|
|
1999-10-06 23:58:18 +02:00
|
|
|
BootstrapMain(ac, av);
|
2000-11-29 21:59:54 +01:00
|
|
|
ExitPostmaster(0);
|
1999-10-06 23:58:18 +02:00
|
|
|
}
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
#endif /* EXEC_BACKEND */
|
|
|
|
|
|
1999-10-06 23:58:18 +02:00
|
|
|
if (pid < 0)
|
|
|
|
|
{
|
2004-05-28 07:13:32 +02:00
|
|
|
/* in parent, fork failed */
|
|
|
|
|
int save_errno = errno;
|
|
|
|
|
|
2000-12-18 19:45:05 +01:00
|
|
|
#ifdef __BEOS__
|
|
|
|
|
/* Specific beos actions before backend startup */
|
|
|
|
|
beos_backend_startup_failed();
|
|
|
|
|
#endif
|
2004-05-28 07:13:32 +02:00
|
|
|
errno = save_errno;
|
2001-10-25 07:50:21 +02:00
|
|
|
switch (xlop)
|
2001-08-30 21:02:42 +02:00
|
|
|
{
|
|
|
|
|
case BS_XLOG_STARTUP:
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errmsg("could not fork startup process: %m")));
|
2001-08-30 21:02:42 +02:00
|
|
|
break;
|
2003-11-19 16:55:08 +01:00
|
|
|
case BS_XLOG_BGWRITER:
|
|
|
|
|
ereport(LOG,
|
2004-05-30 00:48:23 +02:00
|
|
|
(errmsg("could not fork background writer process: %m")));
|
2002-03-04 02:46:04 +01:00
|
|
|
break;
|
2001-08-30 21:02:42 +02:00
|
|
|
default:
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errmsg("could not fork process: %m")));
|
2001-08-30 21:02:42 +02:00
|
|
|
break;
|
|
|
|
|
}
|
2001-03-22 05:01:46 +01:00
|
|
|
|
2001-03-14 18:58:46 +01:00
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* fork failure is fatal during startup, but there's no need
|
|
|
|
|
* to choke immediately if starting other child types fails.
|
2001-03-14 18:58:46 +01:00
|
|
|
*/
|
2004-05-30 00:48:23 +02:00
|
|
|
if (xlop == BS_XLOG_STARTUP)
|
|
|
|
|
ExitPostmaster(1);
|
|
|
|
|
return 0;
|
1999-10-06 23:58:18 +02:00
|
|
|
}
|
|
|
|
|
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
/*
|
2004-05-28 07:13:32 +02:00
|
|
|
* in parent, successful fork
|
XLOG (and related) changes:
* Store two past checkpoint locations, not just one, in pg_control.
On startup, we fall back to the older checkpoint if the newer one
is unreadable. Also, a physical copy of the newest checkpoint record
is kept in pg_control for possible use in disaster recovery (ie,
complete loss of pg_xlog). Also add a version number for pg_control
itself. Remove archdir from pg_control; it ought to be a GUC
parameter, not a special case (not that it's implemented yet anyway).
* Suppress successive checkpoint records when nothing has been entered
in the WAL log since the last one. This is not so much to avoid I/O
as to make it actually useful to keep track of the last two
checkpoints. If the things are right next to each other then there's
not a lot of redundancy gained...
* Change CRC scheme to a true 64-bit CRC, not a pair of 32-bit CRCs
on alternate bytes. Polynomial borrowed from ECMA DLT1 standard.
* Fix XLOG record length handling so that it will work at BLCKSZ = 32k.
* Change XID allocation to work more like OID allocation. (This is of
dubious necessity, but I think it's a good idea anyway.)
* Fix a number of minor bugs, such as off-by-one logic for XLOG file
wraparound at the 4 gig mark.
* Add documentation and clean up some coding infelicities; move file
format declarations out to include files where planned contrib
utilities can get at them.
* Checkpoint will now occur every CHECKPOINT_SEGMENTS log segments or
every CHECKPOINT_TIMEOUT seconds, whichever comes first. It is also
possible to force a checkpoint by sending SIGUSR1 to the postmaster
(undocumented feature...)
* Defend against kill -9 postmaster by storing shmem block's key and ID
in postmaster.pid lockfile, and checking at startup to ensure that no
processes are still connected to old shmem block (if it still exists).
* Switch backends to accept SIGQUIT rather than SIGUSR1 for emergency
stop, for symmetry with postmaster and xlog utilities. Clean up signal
handling in bootstrap.c so that xlog utilities launched by postmaster
will react to signals better.
* Standalone bootstrap now grabs lockfile in target directory, as added
insurance against running it in parallel with live postmaster.
2001-03-13 02:17:06 +01:00
|
|
|
*/
|
2001-03-14 18:58:46 +01:00
|
|
|
return pid;
|
1999-10-06 23:58:18 +02:00
|
|
|
}
|
1999-12-03 07:26:34 +01:00
|
|
|
|
2000-07-09 15:14:19 +02:00
|
|
|
|
1999-12-06 08:21:12 +01:00
|
|
|
/*
|
2000-01-09 13:13:24 +01:00
|
|
|
* Create the opts file
|
1999-12-06 08:21:12 +01:00
|
|
|
*/
|
2000-07-09 15:14:19 +02:00
|
|
|
static bool
|
2004-05-14 00:45:04 +02:00
|
|
|
CreateOptsFile(int argc, char *argv[], char *fullprogname)
|
1999-12-03 07:26:34 +01:00
|
|
|
{
|
2003-07-27 23:49:55 +02:00
|
|
|
char filename[MAXPGPATH];
|
2001-03-22 05:01:46 +01:00
|
|
|
FILE *fp;
|
2003-07-27 23:49:55 +02:00
|
|
|
int i;
|
1999-12-03 07:26:34 +01:00
|
|
|
|
2003-07-27 23:49:55 +02:00
|
|
|
snprintf(filename, sizeof(filename), "%s/postmaster.opts", DataDir);
|
1999-12-03 07:26:34 +01:00
|
|
|
|
2002-08-18 05:03:26 +02:00
|
|
|
if ((fp = fopen(filename, "w")) == NULL)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2003-07-27 23:49:55 +02:00
|
|
|
elog(LOG, "could not create file \"%s\": %m", filename);
|
2000-07-09 15:14:19 +02:00
|
|
|
return false;
|
1999-12-03 07:26:34 +01:00
|
|
|
}
|
|
|
|
|
|
2000-07-09 15:14:19 +02:00
|
|
|
fprintf(fp, "%s", fullprogname);
|
|
|
|
|
for (i = 1; i < argc; i++)
|
|
|
|
|
fprintf(fp, " '%s'", argv[i]);
|
|
|
|
|
fputs("\n", fp);
|
1999-12-03 07:26:34 +01:00
|
|
|
|
2004-01-26 23:35:32 +01:00
|
|
|
if (fclose(fp))
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2003-07-27 23:49:55 +02:00
|
|
|
elog(LOG, "could not write file \"%s\": %m", filename);
|
2000-07-09 15:14:19 +02:00
|
|
|
return false;
|
1999-12-03 07:26:34 +01:00
|
|
|
}
|
|
|
|
|
|
2000-07-09 15:14:19 +02:00
|
|
|
return true;
|
1999-12-03 07:26:34 +01:00
|
|
|
}
|
2001-06-03 16:53:56 +02:00
|
|
|
|
2003-12-20 18:31:21 +01:00
|
|
|
|
|
|
|
|
#ifdef EXEC_BACKEND
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The following need to be available to the read/write_backend_variables
|
|
|
|
|
* functions
|
|
|
|
|
*/
|
2004-01-07 00:15:22 +01:00
|
|
|
#include "storage/spin.h"
|
2004-05-28 07:13:32 +02:00
|
|
|
|
2003-12-20 18:31:21 +01:00
|
|
|
extern slock_t *ShmemLock;
|
|
|
|
|
extern slock_t *ShmemIndexLock;
|
|
|
|
|
extern void *ShmemIndexAlloc;
|
|
|
|
|
typedef struct LWLock LWLock;
|
|
|
|
|
extern LWLock *LWLockArray;
|
2004-05-27 17:07:41 +02:00
|
|
|
extern slock_t *ProcStructLock;
|
2003-12-20 18:31:21 +01:00
|
|
|
extern int pgStatSock;
|
|
|
|
|
|
|
|
|
|
#define write_var(var,fp) fwrite((void*)&(var),sizeof(var),1,fp)
|
2003-12-25 04:52:51 +01:00
|
|
|
#define read_var(var,fp) fread((void*)&(var),sizeof(var),1,fp)
|
2004-05-30 00:48:23 +02:00
|
|
|
#define write_array_var(var,fp) fwrite((void*)(var),sizeof(var),1,fp)
|
|
|
|
|
#define read_array_var(var,fp) fread((void*)(var),sizeof(var),1,fp)
|
2003-12-20 18:31:21 +01:00
|
|
|
|
2004-01-07 00:15:22 +01:00
|
|
|
static bool
|
2004-05-28 07:13:32 +02:00
|
|
|
write_backend_variables(char *filename, Port *port)
|
2003-12-20 18:31:21 +01:00
|
|
|
{
|
2004-05-28 07:13:32 +02:00
|
|
|
static unsigned long tmpBackendFileNum = 0;
|
2004-05-27 17:07:41 +02:00
|
|
|
FILE *fp;
|
2004-05-28 07:13:32 +02:00
|
|
|
char str_buf[MAXPGPATH];
|
2004-05-27 17:07:41 +02:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
/* Calculate name for temp file in caller's buffer */
|
|
|
|
|
Assert(DataDir);
|
2004-05-30 00:48:23 +02:00
|
|
|
snprintf(filename, MAXPGPATH, "%s/%s/%s.backend_var.%d.%lu",
|
2004-05-28 07:13:32 +02:00
|
|
|
DataDir, PG_TEMP_FILES_DIR, PG_TEMP_FILE_PREFIX,
|
2004-05-30 00:48:23 +02:00
|
|
|
MyProcPid, ++tmpBackendFileNum);
|
2003-12-20 18:31:21 +01:00
|
|
|
|
|
|
|
|
/* Open file */
|
|
|
|
|
fp = AllocateFile(filename, PG_BINARY_W);
|
|
|
|
|
if (!fp)
|
|
|
|
|
{
|
|
|
|
|
/* As per OpenTemporaryFile... */
|
2004-05-27 17:07:41 +02:00
|
|
|
char dirname[MAXPGPATH];
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
snprintf(dirname, MAXPGPATH, "%s/%s", DataDir, PG_TEMP_FILES_DIR);
|
2003-12-20 18:31:21 +01:00
|
|
|
mkdir(dirname, S_IRWXU);
|
|
|
|
|
|
|
|
|
|
fp = AllocateFile(filename, PG_BINARY_W);
|
|
|
|
|
if (!fp)
|
|
|
|
|
{
|
2004-05-28 07:13:32 +02:00
|
|
|
ereport(LOG,
|
2004-05-27 17:07:41 +02:00
|
|
|
(errcode_for_file_access(),
|
2004-05-28 07:13:32 +02:00
|
|
|
errmsg("could not create file \"%s\": %m",
|
|
|
|
|
filename)));
|
2004-01-07 00:15:22 +01:00
|
|
|
return false;
|
2003-12-20 18:31:21 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Write vars */
|
2004-05-28 07:13:32 +02:00
|
|
|
write_var(port->sock, fp);
|
|
|
|
|
write_var(port->proto, fp);
|
|
|
|
|
write_var(port->laddr, fp);
|
|
|
|
|
write_var(port->raddr, fp);
|
|
|
|
|
write_var(port->canAcceptConnections, fp);
|
|
|
|
|
write_var(port->cryptSalt, fp);
|
|
|
|
|
write_var(port->md5Salt, fp);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* XXX FIXME later: writing these strings as MAXPGPATH bytes always is
|
|
|
|
|
* probably a waste of resources
|
|
|
|
|
*/
|
2003-12-20 18:31:21 +01:00
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
StrNCpy(str_buf, DataDir, MAXPGPATH);
|
2004-05-30 00:48:23 +02:00
|
|
|
write_array_var(str_buf, fp);
|
|
|
|
|
|
|
|
|
|
write_array_var(ListenSocket, fp);
|
2004-05-28 07:13:32 +02:00
|
|
|
|
|
|
|
|
write_var(MyCancelKey, fp);
|
2003-12-20 18:31:21 +01:00
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
write_var(UsedShmemSegID, fp);
|
|
|
|
|
write_var(UsedShmemSegAddr, fp);
|
2003-12-20 18:31:21 +01:00
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
write_var(ShmemLock, fp);
|
|
|
|
|
write_var(ShmemIndexLock, fp);
|
|
|
|
|
write_var(ShmemVariableCache, fp);
|
|
|
|
|
write_var(ShmemIndexAlloc, fp);
|
|
|
|
|
write_var(ShmemBackendArray, fp);
|
2003-12-20 18:31:21 +01:00
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
write_var(LWLockArray, fp);
|
|
|
|
|
write_var(ProcStructLock, fp);
|
|
|
|
|
write_var(pgStatSock, fp);
|
2003-12-20 18:31:21 +01:00
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
write_var(debug_flag, fp);
|
|
|
|
|
write_var(PostmasterPid, fp);
|
2004-05-30 05:50:15 +02:00
|
|
|
#ifdef WIN32
|
|
|
|
|
write_var(PostmasterHandle, fp);
|
|
|
|
|
#endif
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
StrNCpy(str_buf, my_exec_path, MAXPGPATH);
|
|
|
|
|
write_array_var(str_buf, fp);
|
2004-05-21 07:08:06 +02:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
write_array_var(ExtraOptions, fp);
|
2004-05-28 07:13:32 +02:00
|
|
|
|
|
|
|
|
StrNCpy(str_buf, setlocale(LC_COLLATE, NULL), MAXPGPATH);
|
2004-05-30 00:48:23 +02:00
|
|
|
write_array_var(str_buf, fp);
|
2004-05-28 07:13:32 +02:00
|
|
|
StrNCpy(str_buf, setlocale(LC_CTYPE, NULL), MAXPGPATH);
|
2004-05-30 00:48:23 +02:00
|
|
|
write_array_var(str_buf, fp);
|
2004-05-28 07:13:32 +02:00
|
|
|
|
2003-12-20 18:31:21 +01:00
|
|
|
/* Release file */
|
2004-01-26 23:35:32 +01:00
|
|
|
if (FreeFile(fp))
|
|
|
|
|
{
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode_for_file_access(),
|
|
|
|
|
errmsg("could not write to file \"%s\": %m", filename)));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2004-01-07 00:15:22 +01:00
|
|
|
return true;
|
2003-12-20 18:31:21 +01:00
|
|
|
}
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
static void
|
|
|
|
|
read_backend_variables(char *filename, Port *port)
|
2003-12-20 18:31:21 +01:00
|
|
|
{
|
2004-05-27 17:07:41 +02:00
|
|
|
FILE *fp;
|
2004-05-28 07:13:32 +02:00
|
|
|
char str_buf[MAXPGPATH];
|
2003-12-20 18:31:21 +01:00
|
|
|
|
|
|
|
|
/* Open file */
|
|
|
|
|
fp = AllocateFile(filename, PG_BINARY_R);
|
|
|
|
|
if (!fp)
|
2004-05-28 07:13:32 +02:00
|
|
|
ereport(FATAL,
|
2004-05-27 17:07:41 +02:00
|
|
|
(errcode_for_file_access(),
|
2004-05-28 07:13:32 +02:00
|
|
|
errmsg("could not read from backend variables file \"%s\": %m",
|
|
|
|
|
filename)));
|
2003-12-20 18:31:21 +01:00
|
|
|
|
|
|
|
|
/* Read vars */
|
2004-05-28 07:13:32 +02:00
|
|
|
read_var(port->sock, fp);
|
|
|
|
|
read_var(port->proto, fp);
|
|
|
|
|
read_var(port->laddr, fp);
|
|
|
|
|
read_var(port->raddr, fp);
|
|
|
|
|
read_var(port->canAcceptConnections, fp);
|
|
|
|
|
read_var(port->cryptSalt, fp);
|
|
|
|
|
read_var(port->md5Salt, fp);
|
2003-12-20 18:31:21 +01:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
read_array_var(str_buf, fp);
|
2004-05-28 07:13:32 +02:00
|
|
|
SetDataDir(str_buf);
|
|
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
read_array_var(ListenSocket, fp);
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
read_var(MyCancelKey, fp);
|
2003-12-20 18:31:21 +01:00
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
read_var(UsedShmemSegID, fp);
|
|
|
|
|
read_var(UsedShmemSegAddr, fp);
|
2003-12-20 18:31:21 +01:00
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
read_var(ShmemLock, fp);
|
|
|
|
|
read_var(ShmemIndexLock, fp);
|
|
|
|
|
read_var(ShmemVariableCache, fp);
|
|
|
|
|
read_var(ShmemIndexAlloc, fp);
|
|
|
|
|
read_var(ShmemBackendArray, fp);
|
2003-12-20 18:31:21 +01:00
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
read_var(LWLockArray, fp);
|
|
|
|
|
read_var(ProcStructLock, fp);
|
|
|
|
|
read_var(pgStatSock, fp);
|
2003-12-20 18:31:21 +01:00
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
read_var(debug_flag, fp);
|
|
|
|
|
read_var(PostmasterPid, fp);
|
2004-05-30 05:50:15 +02:00
|
|
|
#ifdef WIN32
|
|
|
|
|
read_var(PostmasterHandle, fp);
|
|
|
|
|
#endif
|
2004-01-07 00:15:22 +01:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
read_array_var(str_buf, fp);
|
|
|
|
|
StrNCpy(my_exec_path, str_buf, MAXPGPATH);
|
2004-05-21 07:08:06 +02:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
read_array_var(ExtraOptions, fp);
|
2004-05-28 07:13:32 +02:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
read_array_var(str_buf, fp);
|
2004-05-28 07:13:32 +02:00
|
|
|
setlocale(LC_COLLATE, str_buf);
|
2004-05-30 00:48:23 +02:00
|
|
|
read_array_var(str_buf, fp);
|
2004-05-28 07:13:32 +02:00
|
|
|
setlocale(LC_CTYPE, str_buf);
|
|
|
|
|
|
2003-12-20 18:31:21 +01:00
|
|
|
/* Release file */
|
|
|
|
|
FreeFile(fp);
|
|
|
|
|
if (unlink(filename) != 0)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode_for_file_access(),
|
|
|
|
|
errmsg("could not remove file \"%s\": %m", filename)));
|
|
|
|
|
}
|
|
|
|
|
|
2004-01-26 23:59:54 +01:00
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
size_t
|
|
|
|
|
ShmemBackendArraySize(void)
|
2004-01-26 23:59:54 +01:00
|
|
|
{
|
2004-05-27 17:07:41 +02:00
|
|
|
return (NUM_BACKENDARRAY_ELEMS * sizeof(Backend));
|
2004-01-26 23:59:54 +01:00
|
|
|
}
|
|
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
void
|
|
|
|
|
ShmemBackendArrayAllocation(void)
|
2004-01-26 23:59:54 +01:00
|
|
|
{
|
2004-05-27 17:07:41 +02:00
|
|
|
size_t size = ShmemBackendArraySize();
|
|
|
|
|
|
|
|
|
|
ShmemBackendArray = (Backend *) ShmemAlloc(size);
|
2004-05-30 00:48:23 +02:00
|
|
|
/* Mark all slots as empty */
|
2004-01-26 23:59:54 +01:00
|
|
|
memset(ShmemBackendArray, 0, size);
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
static void
|
|
|
|
|
ShmemBackendArrayAdd(Backend *bn)
|
2004-01-26 23:59:54 +01:00
|
|
|
{
|
2004-05-27 17:07:41 +02:00
|
|
|
int i;
|
|
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
/* Find an empty slot */
|
2004-01-26 23:59:54 +01:00
|
|
|
for (i = 0; i < NUM_BACKENDARRAY_ELEMS; i++)
|
|
|
|
|
{
|
|
|
|
|
if (ShmemBackendArray[i].pid == 0)
|
|
|
|
|
{
|
|
|
|
|
ShmemBackendArray[i] = *bn;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2004-04-19 19:42:59 +02:00
|
|
|
ereport(FATAL,
|
2004-05-30 00:48:23 +02:00
|
|
|
(errmsg_internal("no free slots in shmem backend array")));
|
2004-01-26 23:59:54 +01:00
|
|
|
}
|
|
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
static void
|
|
|
|
|
ShmemBackendArrayRemove(pid_t pid)
|
2004-01-26 23:59:54 +01:00
|
|
|
{
|
2004-05-27 17:07:41 +02:00
|
|
|
int i;
|
|
|
|
|
|
2004-01-26 23:59:54 +01:00
|
|
|
for (i = 0; i < NUM_BACKENDARRAY_ELEMS; i++)
|
|
|
|
|
{
|
|
|
|
|
if (ShmemBackendArray[i].pid == pid)
|
|
|
|
|
{
|
|
|
|
|
/* Mark the slot as empty */
|
|
|
|
|
ShmemBackendArray[i].pid = 0;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ereport(WARNING,
|
2004-05-30 05:50:15 +02:00
|
|
|
(errmsg_internal("could not find backend entry with pid %d",
|
2004-05-28 17:14:03 +02:00
|
|
|
(int) pid)));
|
2004-01-26 23:59:54 +01:00
|
|
|
}
|
2004-05-28 07:13:32 +02:00
|
|
|
|
|
|
|
|
#endif /* EXEC_BACKEND */
|
|
|
|
|
|
2004-01-11 04:49:31 +01:00
|
|
|
|
|
|
|
|
#ifdef WIN32
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
static pid_t
|
2004-05-27 17:07:41 +02:00
|
|
|
win32_forkexec(const char *path, char *argv[])
|
2004-01-11 04:49:31 +01:00
|
|
|
{
|
|
|
|
|
STARTUPINFO si;
|
|
|
|
|
PROCESS_INFORMATION pi;
|
2004-05-27 17:07:41 +02:00
|
|
|
int i;
|
2004-05-28 07:13:32 +02:00
|
|
|
int j;
|
|
|
|
|
char cmdLine[MAXPGPATH * 2];
|
2004-05-27 17:07:41 +02:00
|
|
|
HANDLE childHandleCopy;
|
|
|
|
|
HANDLE waiterThread;
|
2004-01-11 04:49:31 +01:00
|
|
|
|
|
|
|
|
/* Format the cmd line */
|
2004-05-28 17:14:03 +02:00
|
|
|
cmdLine[sizeof(cmdLine)-1] = '\0';
|
|
|
|
|
cmdLine[sizeof(cmdLine)-2] = '\0';
|
2004-05-28 07:13:32 +02:00
|
|
|
snprintf(cmdLine, sizeof(cmdLine)-1, "\"%s\"", path);
|
2004-01-11 04:49:31 +01:00
|
|
|
i = 0;
|
|
|
|
|
while (argv[++i] != NULL)
|
|
|
|
|
{
|
2004-05-28 07:13:32 +02:00
|
|
|
j = strlen(cmdLine);
|
|
|
|
|
snprintf(cmdLine+j, sizeof(cmdLine)-1-j, " \"%s\"", argv[i]);
|
|
|
|
|
}
|
2004-05-28 17:14:03 +02:00
|
|
|
if (cmdLine[sizeof(cmdLine)-2] != '\0')
|
2004-05-28 07:13:32 +02:00
|
|
|
{
|
|
|
|
|
elog(LOG, "subprocess command line too long");
|
|
|
|
|
return -1;
|
2004-01-11 04:49:31 +01:00
|
|
|
}
|
|
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
memset(&pi, 0, sizeof(pi));
|
|
|
|
|
memset(&si, 0, sizeof(si));
|
2004-01-11 04:49:31 +01:00
|
|
|
si.cb = sizeof(si);
|
2004-05-27 17:07:41 +02:00
|
|
|
if (!CreateProcess(NULL, cmdLine, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi))
|
2004-01-11 04:49:31 +01:00
|
|
|
{
|
2004-05-28 07:13:32 +02:00
|
|
|
elog(LOG, "CreateProcess call failed (%d): %m", (int) GetLastError());
|
2004-01-11 04:49:31 +01:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2004-01-26 23:59:54 +01:00
|
|
|
if (!IsUnderPostmaster)
|
2004-05-28 07:13:32 +02:00
|
|
|
{
|
2004-01-26 23:59:54 +01:00
|
|
|
/* We are the Postmaster creating a child... */
|
2004-05-27 17:07:41 +02:00
|
|
|
win32_AddChild(pi.dwProcessId, pi.hProcess);
|
2004-05-28 07:13:32 +02:00
|
|
|
}
|
2004-03-05 02:11:04 +01:00
|
|
|
|
2004-05-30 05:50:15 +02:00
|
|
|
if (DuplicateHandle(GetCurrentProcess(),
|
|
|
|
|
pi.hProcess,
|
|
|
|
|
GetCurrentProcess(),
|
|
|
|
|
&childHandleCopy,
|
|
|
|
|
0,
|
|
|
|
|
FALSE,
|
|
|
|
|
DUPLICATE_SAME_ACCESS) == 0)
|
2004-02-08 23:28:57 +01:00
|
|
|
ereport(FATAL,
|
2004-05-30 05:50:15 +02:00
|
|
|
(errmsg_internal("could not duplicate child handle: %d",
|
2004-05-28 07:13:32 +02:00
|
|
|
(int) GetLastError())));
|
|
|
|
|
|
|
|
|
|
waiterThread = CreateThread(NULL, 64 * 1024, win32_sigchld_waiter,
|
|
|
|
|
(LPVOID) childHandleCopy, 0, NULL);
|
2004-02-08 23:28:57 +01:00
|
|
|
if (!waiterThread)
|
|
|
|
|
ereport(FATAL,
|
2004-05-30 05:50:15 +02:00
|
|
|
(errmsg_internal("could not create sigchld waiter thread: %d",
|
2004-05-28 07:13:32 +02:00
|
|
|
(int) GetLastError())));
|
2004-03-05 02:11:04 +01:00
|
|
|
CloseHandle(waiterThread);
|
|
|
|
|
|
2004-02-08 23:28:57 +01:00
|
|
|
if (IsUnderPostmaster)
|
2004-01-26 23:59:54 +01:00
|
|
|
CloseHandle(pi.hProcess);
|
2004-01-11 04:49:31 +01:00
|
|
|
CloseHandle(pi.hThread);
|
|
|
|
|
|
|
|
|
|
return pi.dwProcessId;
|
|
|
|
|
}
|
|
|
|
|
|
2004-01-26 23:59:54 +01:00
|
|
|
/*
|
2004-05-30 00:48:23 +02:00
|
|
|
* Note: The following three functions must not be interrupted (eg. by
|
|
|
|
|
* signals). As the Postgres Win32 signalling architecture (currently)
|
|
|
|
|
* requires polling, or APC checking functions which aren't used here, this
|
|
|
|
|
* is not an issue.
|
2004-01-26 23:59:54 +01:00
|
|
|
*
|
2004-05-30 00:48:23 +02:00
|
|
|
* We keep two separate arrays, instead of a single array of pid/HANDLE
|
|
|
|
|
* structs, to avoid having to re-create a handle array for
|
|
|
|
|
* WaitForMultipleObjects on each call to win32_waitpid.
|
2004-01-26 23:59:54 +01:00
|
|
|
*/
|
|
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
static void
|
|
|
|
|
win32_AddChild(pid_t pid, HANDLE handle)
|
2004-01-26 23:59:54 +01:00
|
|
|
{
|
|
|
|
|
Assert(win32_childPIDArray && win32_childHNDArray);
|
|
|
|
|
if (win32_numChildren < NUM_BACKENDARRAY_ELEMS)
|
|
|
|
|
{
|
|
|
|
|
win32_childPIDArray[win32_numChildren] = pid;
|
|
|
|
|
win32_childHNDArray[win32_numChildren] = handle;
|
|
|
|
|
++win32_numChildren;
|
|
|
|
|
}
|
|
|
|
|
else
|
2004-04-19 19:42:59 +02:00
|
|
|
ereport(FATAL,
|
2004-05-30 05:50:15 +02:00
|
|
|
(errmsg_internal("no room for child entry with pid %lu",
|
2004-05-28 07:13:32 +02:00
|
|
|
(unsigned long) pid)));
|
2004-01-26 23:59:54 +01:00
|
|
|
}
|
|
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
static void
|
|
|
|
|
win32_RemoveChild(pid_t pid)
|
2004-01-26 23:59:54 +01:00
|
|
|
{
|
2004-05-27 17:07:41 +02:00
|
|
|
int i;
|
|
|
|
|
|
2004-01-26 23:59:54 +01:00
|
|
|
Assert(win32_childPIDArray && win32_childHNDArray);
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < win32_numChildren; i++)
|
|
|
|
|
{
|
|
|
|
|
if (win32_childPIDArray[i] == pid)
|
|
|
|
|
{
|
|
|
|
|
CloseHandle(win32_childHNDArray[i]);
|
|
|
|
|
|
|
|
|
|
/* Swap last entry into the "removed" one */
|
|
|
|
|
--win32_numChildren;
|
2004-02-08 23:28:57 +01:00
|
|
|
win32_childPIDArray[i] = win32_childPIDArray[win32_numChildren];
|
|
|
|
|
win32_childHNDArray[i] = win32_childHNDArray[win32_numChildren];
|
2004-01-26 23:59:54 +01:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ereport(WARNING,
|
2004-05-30 05:50:15 +02:00
|
|
|
(errmsg_internal("could not find child entry with pid %lu",
|
2004-05-28 07:13:32 +02:00
|
|
|
(unsigned long) pid)));
|
2004-01-26 23:59:54 +01:00
|
|
|
}
|
|
|
|
|
|
2004-05-27 17:07:41 +02:00
|
|
|
static pid_t
|
|
|
|
|
win32_waitpid(int *exitstatus)
|
2004-01-26 23:59:54 +01:00
|
|
|
{
|
|
|
|
|
Assert(win32_childPIDArray && win32_childHNDArray);
|
2004-05-27 17:07:41 +02:00
|
|
|
elog(DEBUG3, "waiting on %lu children", win32_numChildren);
|
2004-01-26 23:59:54 +01:00
|
|
|
|
|
|
|
|
if (win32_numChildren > 0)
|
|
|
|
|
{
|
|
|
|
|
/*
|
2004-05-27 17:07:41 +02:00
|
|
|
* Note: Do NOT use WaitForMultipleObjectsEx, as we don't want to
|
|
|
|
|
* run queued APCs here.
|
2004-01-26 23:59:54 +01:00
|
|
|
*/
|
2004-05-27 17:07:41 +02:00
|
|
|
int index;
|
|
|
|
|
DWORD exitCode;
|
2004-05-30 00:48:23 +02:00
|
|
|
DWORD ret;
|
2004-01-26 23:59:54 +01:00
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
ret = WaitForMultipleObjects(win32_numChildren, win32_childHNDArray,
|
|
|
|
|
FALSE, 0);
|
2004-01-26 23:59:54 +01:00
|
|
|
switch (ret)
|
|
|
|
|
{
|
|
|
|
|
case WAIT_FAILED:
|
2004-05-30 00:48:23 +02:00
|
|
|
ereport(LOG,
|
|
|
|
|
(errmsg_internal("failed to wait on %lu children: %d",
|
2004-05-27 17:07:41 +02:00
|
|
|
win32_numChildren, (int) GetLastError())));
|
2004-05-30 00:48:23 +02:00
|
|
|
return -1;
|
2004-01-26 23:59:54 +01:00
|
|
|
|
|
|
|
|
case WAIT_TIMEOUT:
|
|
|
|
|
/* No children have finished */
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
default:
|
2004-05-27 17:07:41 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get the exit code, and return the PID of, the
|
|
|
|
|
* respective process
|
|
|
|
|
*/
|
|
|
|
|
index = ret - WAIT_OBJECT_0;
|
2004-01-26 23:59:54 +01:00
|
|
|
Assert(index >= 0 && index < win32_numChildren);
|
2004-05-27 17:07:41 +02:00
|
|
|
if (!GetExitCodeProcess(win32_childHNDArray[index], &exitCode))
|
2004-05-30 00:48:23 +02:00
|
|
|
{
|
2004-01-26 23:59:54 +01:00
|
|
|
/*
|
2004-05-27 17:07:41 +02:00
|
|
|
* If we get this far, this should never happen, but,
|
|
|
|
|
* then again... No choice other than to assume a
|
|
|
|
|
* catastrophic failure.
|
2004-01-26 23:59:54 +01:00
|
|
|
*/
|
|
|
|
|
ereport(FATAL,
|
2004-03-05 02:11:04 +01:00
|
|
|
(errmsg_internal("failed to get exit code for child %lu",
|
2004-05-27 17:07:41 +02:00
|
|
|
win32_childPIDArray[index])));
|
2004-05-30 00:48:23 +02:00
|
|
|
}
|
2004-05-27 17:07:41 +02:00
|
|
|
*exitstatus = (int) exitCode;
|
2004-01-26 23:59:54 +01:00
|
|
|
return win32_childPIDArray[index];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* No children */
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-30 00:48:23 +02:00
|
|
|
/*
|
|
|
|
|
* Note! Code below executes on separate threads, one for
|
|
|
|
|
* each child process created
|
|
|
|
|
*/
|
2004-05-27 17:07:41 +02:00
|
|
|
static DWORD WINAPI
|
|
|
|
|
win32_sigchld_waiter(LPVOID param)
|
|
|
|
|
{
|
|
|
|
|
HANDLE procHandle = (HANDLE) param;
|
|
|
|
|
|
|
|
|
|
DWORD r = WaitForSingleObject(procHandle, INFINITE);
|
2004-02-08 23:28:57 +01:00
|
|
|
|
|
|
|
|
if (r == WAIT_OBJECT_0)
|
|
|
|
|
pg_queue_signal(SIGCHLD);
|
|
|
|
|
else
|
2004-07-21 22:34:50 +02:00
|
|
|
write_stderr("ERROR: failed to wait on child process handle: %d\n",
|
2004-05-28 07:13:32 +02:00
|
|
|
(int) GetLastError());
|
2004-02-08 23:28:57 +01:00
|
|
|
CloseHandle(procHandle);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-28 07:13:32 +02:00
|
|
|
#endif /* WIN32 */
|
