Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * postinit.c
4 : * postgres initialization utilities
5 : *
6 : * Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group
7 : * Portions Copyright (c) 1994, Regents of the University of California
8 : *
9 : *
10 : * IDENTIFICATION
11 : * src/backend/utils/init/postinit.c
12 : *
13 : *
14 : *-------------------------------------------------------------------------
15 : */
16 : #include "postgres.h"
17 :
18 : #include <ctype.h>
19 : #include <fcntl.h>
20 : #include <unistd.h>
21 :
22 : #include "access/heapam.h"
23 : #include "access/htup_details.h"
24 : #include "access/sysattr.h"
25 : #include "access/xact.h"
26 : #include "access/xlog.h"
27 : #include "catalog/catalog.h"
28 : #include "catalog/indexing.h"
29 : #include "catalog/namespace.h"
30 : #include "catalog/pg_authid.h"
31 : #include "catalog/pg_database.h"
32 : #include "catalog/pg_db_role_setting.h"
33 : #include "catalog/pg_tablespace.h"
34 : #include "libpq/auth.h"
35 : #include "libpq/libpq-be.h"
36 : #include "mb/pg_wchar.h"
37 : #include "miscadmin.h"
38 : #include "pgstat.h"
39 : #include "postmaster/autovacuum.h"
40 : #include "postmaster/postmaster.h"
41 : #include "replication/walsender.h"
42 : #include "storage/bufmgr.h"
43 : #include "storage/fd.h"
44 : #include "storage/ipc.h"
45 : #include "storage/lmgr.h"
46 : #include "storage/procarray.h"
47 : #include "storage/procsignal.h"
48 : #include "storage/proc.h"
49 : #include "storage/sinvaladt.h"
50 : #include "storage/smgr.h"
51 : #include "tcop/tcopprot.h"
52 : #include "utils/acl.h"
53 : #include "utils/fmgroids.h"
54 : #include "utils/guc.h"
55 : #include "utils/memutils.h"
56 : #include "utils/pg_locale.h"
57 : #include "utils/portal.h"
58 : #include "utils/ps_status.h"
59 : #include "utils/snapmgr.h"
60 : #include "utils/syscache.h"
61 : #include "utils/timeout.h"
62 : #include "utils/tqual.h"
63 :
64 :
65 : static HeapTuple GetDatabaseTuple(const char *dbname);
66 : static HeapTuple GetDatabaseTupleByOid(Oid dboid);
67 : static void PerformAuthentication(Port *port);
68 : static void CheckMyDatabase(const char *name, bool am_superuser);
69 : static void InitCommunication(void);
70 : static void ShutdownPostgres(int code, Datum arg);
71 : static void StatementTimeoutHandler(void);
72 : static void LockTimeoutHandler(void);
73 : static void IdleInTransactionSessionTimeoutHandler(void);
74 : static bool ThereIsAtLeastOneRole(void);
75 : static void process_startup_options(Port *port, bool am_superuser);
76 : static void process_settings(Oid databaseid, Oid roleid);
77 :
78 :
79 : /*** InitPostgres support ***/
80 :
81 :
82 : /*
83 : * GetDatabaseTuple -- fetch the pg_database row for a database
84 : *
85 : * This is used during backend startup when we don't yet have any access to
86 : * system catalogs in general. In the worst case, we can seqscan pg_database
87 : * using nothing but the hard-wired descriptor that relcache.c creates for
88 : * pg_database. In more typical cases, relcache.c was able to load
89 : * descriptors for both pg_database and its indexes from the shared relcache
90 : * cache file, and so we can do an indexscan. criticalSharedRelcachesBuilt
91 : * tells whether we got the cached descriptors.
92 : */
93 : static HeapTuple
94 551 : GetDatabaseTuple(const char *dbname)
95 : {
96 : HeapTuple tuple;
97 : Relation relation;
98 : SysScanDesc scan;
99 : ScanKeyData key[1];
100 :
101 : /*
102 : * form a scan key
103 : */
104 551 : ScanKeyInit(&key[0],
105 : Anum_pg_database_datname,
106 : BTEqualStrategyNumber, F_NAMEEQ,
107 : CStringGetDatum(dbname));
108 :
109 : /*
110 : * Open pg_database and fetch a tuple. Force heap scan if we haven't yet
111 : * built the critical shared relcache entries (i.e., we're starting up
112 : * without a shared relcache cache file).
113 : */
114 551 : relation = heap_open(DatabaseRelationId, AccessShareLock);
115 551 : scan = systable_beginscan(relation, DatabaseNameIndexId,
116 : criticalSharedRelcachesBuilt,
117 : NULL,
118 : 1, key);
119 :
120 551 : tuple = systable_getnext(scan);
121 :
122 : /* Must copy tuple before releasing buffer */
123 551 : if (HeapTupleIsValid(tuple))
124 551 : tuple = heap_copytuple(tuple);
125 :
126 : /* all done */
127 551 : systable_endscan(scan);
128 551 : heap_close(relation, AccessShareLock);
129 :
130 551 : return tuple;
131 : }
132 :
133 : /*
134 : * GetDatabaseTupleByOid -- as above, but search by database OID
135 : */
136 : static HeapTuple
137 119 : GetDatabaseTupleByOid(Oid dboid)
138 : {
139 : HeapTuple tuple;
140 : Relation relation;
141 : SysScanDesc scan;
142 : ScanKeyData key[1];
143 :
144 : /*
145 : * form a scan key
146 : */
147 119 : ScanKeyInit(&key[0],
148 : ObjectIdAttributeNumber,
149 : BTEqualStrategyNumber, F_OIDEQ,
150 : ObjectIdGetDatum(dboid));
151 :
152 : /*
153 : * Open pg_database and fetch a tuple. Force heap scan if we haven't yet
154 : * built the critical shared relcache entries (i.e., we're starting up
155 : * without a shared relcache cache file).
156 : */
157 119 : relation = heap_open(DatabaseRelationId, AccessShareLock);
158 119 : scan = systable_beginscan(relation, DatabaseOidIndexId,
159 : criticalSharedRelcachesBuilt,
160 : NULL,
161 : 1, key);
162 :
163 119 : tuple = systable_getnext(scan);
164 :
165 : /* Must copy tuple before releasing buffer */
166 119 : if (HeapTupleIsValid(tuple))
167 119 : tuple = heap_copytuple(tuple);
168 :
169 : /* all done */
170 119 : systable_endscan(scan);
171 119 : heap_close(relation, AccessShareLock);
172 :
173 119 : return tuple;
174 : }
175 :
176 :
177 : /*
178 : * PerformAuthentication -- authenticate a remote client
179 : *
180 : * returns: nothing. Will not return at all if there's any failure.
181 : */
182 : static void
183 215 : PerformAuthentication(Port *port)
184 : {
185 : /* This should be set already, but let's make sure */
186 215 : ClientAuthInProgress = true; /* limit visibility of log messages */
187 :
188 : /*
189 : * In EXEC_BACKEND case, we didn't inherit the contents of pg_hba.conf
190 : * etcetera from the postmaster, and have to load them ourselves.
191 : *
192 : * FIXME: [fork/exec] Ugh. Is there a way around this overhead?
193 : */
194 : #ifdef EXEC_BACKEND
195 :
196 : /*
197 : * load_hba() and load_ident() want to work within the PostmasterContext,
198 : * so create that if it doesn't exist (which it won't). We'll delete it
199 : * again later, in PostgresMain.
200 : */
201 : if (PostmasterContext == NULL)
202 : PostmasterContext = AllocSetContextCreate(TopMemoryContext,
203 : "Postmaster",
204 : ALLOCSET_DEFAULT_SIZES);
205 :
206 : if (!load_hba())
207 : {
208 : /*
209 : * It makes no sense to continue if we fail to load the HBA file,
210 : * since there is no way to connect to the database in this case.
211 : */
212 : ereport(FATAL,
213 : (errmsg("could not load pg_hba.conf")));
214 : }
215 :
216 : if (!load_ident())
217 : {
218 : /*
219 : * It is ok to continue if we fail to load the IDENT file, although it
220 : * means that you cannot log in using any of the authentication
221 : * methods that need a user name mapping. load_ident() already logged
222 : * the details of error to the log.
223 : */
224 : }
225 : #endif
226 :
227 : /*
228 : * Set up a timeout in case a buggy or malicious client fails to respond
229 : * during authentication. Since we're inside a transaction and might do
230 : * database access, we have to use the statement_timeout infrastructure.
231 : */
232 215 : enable_timeout_after(STATEMENT_TIMEOUT, AuthenticationTimeout * 1000);
233 :
234 : /*
235 : * Now perform authentication exchange.
236 : */
237 215 : ClientAuthentication(port); /* might not return, if failure */
238 :
239 : /*
240 : * Done with authentication. Disable the timeout, and log if needed.
241 : */
242 215 : disable_timeout(STATEMENT_TIMEOUT, false);
243 :
244 215 : if (Log_connections)
245 : {
246 0 : if (am_walsender)
247 : {
248 : #ifdef USE_OPENSSL
249 : if (port->ssl_in_use)
250 : ereport(LOG,
251 : (errmsg("replication connection authorized: user=%s SSL enabled (protocol=%s, cipher=%s, compression=%s)",
252 : port->user_name, SSL_get_version(port->ssl), SSL_get_cipher(port->ssl),
253 : SSL_get_current_compression(port->ssl) ? _("on") : _("off"))));
254 : else
255 : #endif
256 0 : ereport(LOG,
257 : (errmsg("replication connection authorized: user=%s",
258 : port->user_name)));
259 : }
260 : else
261 : {
262 : #ifdef USE_OPENSSL
263 : if (port->ssl_in_use)
264 : ereport(LOG,
265 : (errmsg("connection authorized: user=%s database=%s SSL enabled (protocol=%s, cipher=%s, compression=%s)",
266 : port->user_name, port->database_name, SSL_get_version(port->ssl), SSL_get_cipher(port->ssl),
267 : SSL_get_current_compression(port->ssl) ? _("on") : _("off"))));
268 : else
269 : #endif
270 0 : ereport(LOG,
271 : (errmsg("connection authorized: user=%s database=%s",
272 : port->user_name, port->database_name)));
273 : }
274 : }
275 :
276 215 : set_ps_display("startup", false);
277 :
278 215 : ClientAuthInProgress = false; /* client_min_messages is active now */
279 215 : }
280 :
281 :
282 : /*
283 : * CheckMyDatabase -- fetch information from the pg_database entry for our DB
284 : */
285 : static void
286 335 : CheckMyDatabase(const char *name, bool am_superuser)
287 : {
288 : HeapTuple tup;
289 : Form_pg_database dbform;
290 : char *collate;
291 : char *ctype;
292 :
293 : /* Fetch our pg_database row normally, via syscache */
294 335 : tup = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(MyDatabaseId));
295 335 : if (!HeapTupleIsValid(tup))
296 0 : elog(ERROR, "cache lookup failed for database %u", MyDatabaseId);
297 335 : dbform = (Form_pg_database) GETSTRUCT(tup);
298 :
299 : /* This recheck is strictly paranoia */
300 335 : if (strcmp(name, NameStr(dbform->datname)) != 0)
301 0 : ereport(FATAL,
302 : (errcode(ERRCODE_UNDEFINED_DATABASE),
303 : errmsg("database \"%s\" has disappeared from pg_database",
304 : name),
305 : errdetail("Database OID %u now seems to belong to \"%s\".",
306 : MyDatabaseId, NameStr(dbform->datname))));
307 :
308 : /*
309 : * Check permissions to connect to the database.
310 : *
311 : * These checks are not enforced when in standalone mode, so that there is
312 : * a way to recover from disabling all access to all databases, for
313 : * example "UPDATE pg_database SET datallowconn = false;".
314 : *
315 : * We do not enforce them for autovacuum worker processes either.
316 : */
317 335 : if (IsUnderPostmaster && !IsAutoVacuumWorkerProcess())
318 : {
319 : /*
320 : * Check that the database is currently allowing connections.
321 : */
322 330 : if (!dbform->datallowconn)
323 0 : ereport(FATAL,
324 : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
325 : errmsg("database \"%s\" is not currently accepting connections",
326 : name)));
327 :
328 : /*
329 : * Check privilege to connect to the database. (The am_superuser test
330 : * is redundant, but since we have the flag, might as well check it
331 : * and save a few cycles.)
332 : */
333 330 : if (!am_superuser &&
334 0 : pg_database_aclcheck(MyDatabaseId, GetUserId(),
335 0 : ACL_CONNECT) != ACLCHECK_OK)
336 0 : ereport(FATAL,
337 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
338 : errmsg("permission denied for database \"%s\"", name),
339 : errdetail("User does not have CONNECT privilege.")));
340 :
341 : /*
342 : * Check connection limit for this database.
343 : *
344 : * There is a race condition here --- we create our PGPROC before
345 : * checking for other PGPROCs. If two backends did this at about the
346 : * same time, they might both think they were over the limit, while
347 : * ideally one should succeed and one fail. Getting that to work
348 : * exactly seems more trouble than it is worth, however; instead we
349 : * just document that the connection limit is approximate.
350 : */
351 330 : if (dbform->datconnlimit >= 0 &&
352 0 : !am_superuser &&
353 0 : CountDBConnections(MyDatabaseId) > dbform->datconnlimit)
354 0 : ereport(FATAL,
355 : (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
356 : errmsg("too many connections for database \"%s\"",
357 : name)));
358 : }
359 :
360 : /*
361 : * OK, we're golden. Next to-do item is to save the encoding info out of
362 : * the pg_database tuple.
363 : */
364 335 : SetDatabaseEncoding(dbform->encoding);
365 : /* Record it as a GUC internal option, too */
366 335 : SetConfigOption("server_encoding", GetDatabaseEncodingName(),
367 : PGC_INTERNAL, PGC_S_OVERRIDE);
368 : /* If we have no other source of client_encoding, use server encoding */
369 335 : SetConfigOption("client_encoding", GetDatabaseEncodingName(),
370 : PGC_BACKEND, PGC_S_DYNAMIC_DEFAULT);
371 :
372 : /* assign locale variables */
373 335 : collate = NameStr(dbform->datcollate);
374 335 : ctype = NameStr(dbform->datctype);
375 :
376 335 : if (pg_perm_setlocale(LC_COLLATE, collate) == NULL)
377 0 : ereport(FATAL,
378 : (errmsg("database locale is incompatible with operating system"),
379 : errdetail("The database was initialized with LC_COLLATE \"%s\", "
380 : " which is not recognized by setlocale().", collate),
381 : errhint("Recreate the database with another locale or install the missing locale.")));
382 :
383 335 : if (pg_perm_setlocale(LC_CTYPE, ctype) == NULL)
384 0 : ereport(FATAL,
385 : (errmsg("database locale is incompatible with operating system"),
386 : errdetail("The database was initialized with LC_CTYPE \"%s\", "
387 : " which is not recognized by setlocale().", ctype),
388 : errhint("Recreate the database with another locale or install the missing locale.")));
389 :
390 : /* Make the locale settings visible as GUC variables, too */
391 335 : SetConfigOption("lc_collate", collate, PGC_INTERNAL, PGC_S_OVERRIDE);
392 335 : SetConfigOption("lc_ctype", ctype, PGC_INTERNAL, PGC_S_OVERRIDE);
393 :
394 335 : check_strxfrm_bug();
395 :
396 335 : ReleaseSysCache(tup);
397 335 : }
398 :
399 :
400 :
401 : /* --------------------------------
402 : * InitCommunication
403 : *
404 : * This routine initializes stuff needed for ipc, locking, etc.
405 : * it should be called something more informative.
406 : * --------------------------------
407 : */
408 : static void
409 344 : InitCommunication(void)
410 : {
411 : /*
412 : * initialize shared memory and semaphores appropriately.
413 : */
414 344 : if (!IsUnderPostmaster) /* postmaster already did this */
415 : {
416 : /*
417 : * We're running a postgres bootstrap process or a standalone backend.
418 : * Create private "shmem" and semaphores.
419 : */
420 4 : CreateSharedMemoryAndSemaphores(true, 0);
421 : }
422 344 : }
423 :
424 :
425 : /*
426 : * pg_split_opts -- split a string of options and append it to an argv array
427 : *
428 : * The caller is responsible for ensuring the argv array is large enough. The
429 : * maximum possible number of arguments added by this routine is
430 : * (strlen(optstr) + 1) / 2.
431 : *
432 : * Because some option values can contain spaces we allow escaping using
433 : * backslashes, with \\ representing a literal backslash.
434 : */
435 : void
436 430 : pg_split_opts(char **argv, int *argcp, const char *optstr)
437 : {
438 : StringInfoData s;
439 :
440 430 : initStringInfo(&s);
441 :
442 1290 : while (*optstr)
443 : {
444 430 : bool last_was_escape = false;
445 :
446 430 : resetStringInfo(&s);
447 :
448 : /* skip over leading space */
449 1290 : while (isspace((unsigned char) *optstr))
450 430 : optstr++;
451 :
452 430 : if (*optstr == '\0')
453 0 : break;
454 :
455 : /*
456 : * Parse a single option, stopping at the first space, unless it's
457 : * escaped.
458 : */
459 7740 : while (*optstr)
460 : {
461 7095 : if (isspace((unsigned char) *optstr) && !last_was_escape)
462 215 : break;
463 :
464 6880 : if (!last_was_escape && *optstr == '\\')
465 0 : last_was_escape = true;
466 : else
467 : {
468 6880 : last_was_escape = false;
469 6880 : appendStringInfoChar(&s, *optstr);
470 : }
471 :
472 6880 : optstr++;
473 : }
474 :
475 : /* now store the option in the next argv[] position */
476 430 : argv[(*argcp)++] = pstrdup(s.data);
477 : }
478 :
479 430 : pfree(s.data);
480 430 : }
481 :
482 : /*
483 : * Initialize MaxBackends value from config options.
484 : *
485 : * This must be called after modules have had the chance to register background
486 : * workers in shared_preload_libraries, and before shared memory size is
487 : * determined.
488 : *
489 : * Note that in EXEC_BACKEND environment, the value is passed down from
490 : * postmaster to subprocesses via BackendParameters in SubPostmasterMain; only
491 : * postmaster itself and processes not under postmaster control should call
492 : * this.
493 : */
494 : void
495 5 : InitializeMaxBackends(void)
496 : {
497 5 : Assert(MaxBackends == 0);
498 :
499 : /* the extra unit accounts for the autovacuum launcher */
500 5 : MaxBackends = MaxConnections + autovacuum_max_workers + 1 +
501 : max_worker_processes;
502 :
503 : /* internal error because the values were all checked previously */
504 5 : if (MaxBackends > MAX_BACKENDS)
505 0 : elog(ERROR, "too many backends configured");
506 5 : }
507 :
508 : /*
509 : * Early initialization of a backend (either standalone or under postmaster).
510 : * This happens even before InitPostgres.
511 : *
512 : * This is separate from InitPostgres because it is also called by auxiliary
513 : * processes, such as the background writer process, which may not call
514 : * InitPostgres at all.
515 : */
516 : void
517 344 : BaseInit(void)
518 : {
519 : /*
520 : * Attach to shared memory and semaphores, and initialize our
521 : * input/output/debugging file descriptors.
522 : */
523 344 : InitCommunication();
524 344 : DebugFileOpen();
525 :
526 : /* Do local initialization of file, storage and buffer managers */
527 344 : InitFileAccess();
528 344 : smgrinit();
529 344 : InitBufferPoolAccess();
530 344 : }
531 :
532 :
533 : /* --------------------------------
534 : * InitPostgres
535 : * Initialize POSTGRES.
536 : *
537 : * The database can be specified by name, using the in_dbname parameter, or by
538 : * OID, using the dboid parameter. In the latter case, the actual database
539 : * name can be returned to the caller in out_dbname. If out_dbname isn't
540 : * NULL, it must point to a buffer of size NAMEDATALEN.
541 : *
542 : * Similarly, the username can be passed by name, using the username parameter,
543 : * or by OID using the useroid parameter.
544 : *
545 : * In bootstrap mode no parameters are used. The autovacuum launcher process
546 : * doesn't use any parameters either, because it only goes far enough to be
547 : * able to read pg_database; it doesn't connect to any particular database.
548 : * In walsender mode only username is used.
549 : *
550 : * As of PostgreSQL 8.2, we expect InitProcess() was already called, so we
551 : * already have a PGPROC struct ... but it's not completely filled in yet.
552 : *
553 : * Note:
554 : * Be very careful with the order of calls in the InitPostgres function.
555 : * --------------------------------
556 : */
557 : void
558 338 : InitPostgres(const char *in_dbname, Oid dboid, const char *username,
559 : Oid useroid, char *out_dbname)
560 : {
561 338 : bool bootstrap = IsBootstrapProcessingMode();
562 : bool am_superuser;
563 : char *fullpath;
564 : char dbname[NAMEDATALEN];
565 :
566 338 : elog(DEBUG3, "InitPostgres");
567 :
568 : /*
569 : * Add my PGPROC struct to the ProcArray.
570 : *
571 : * Once I have done this, I am visible to other backends!
572 : */
573 338 : InitProcessPhase2();
574 :
575 : /*
576 : * Initialize my entry in the shared-invalidation manager's array of
577 : * per-backend data.
578 : *
579 : * Sets up MyBackendId, a unique backend identifier.
580 : */
581 338 : MyBackendId = InvalidBackendId;
582 :
583 338 : SharedInvalBackendInit(false);
584 :
585 338 : if (MyBackendId > MaxBackends || MyBackendId <= 0)
586 0 : elog(FATAL, "bad backend ID: %d", MyBackendId);
587 :
588 : /* Now that we have a BackendId, we can participate in ProcSignal */
589 338 : ProcSignalInit(MyBackendId);
590 :
591 : /*
592 : * Also set up timeout handlers needed for backend operation. We need
593 : * these in every case except bootstrap.
594 : */
595 338 : if (!bootstrap)
596 : {
597 337 : RegisterTimeout(DEADLOCK_TIMEOUT, CheckDeadLockAlert);
598 337 : RegisterTimeout(STATEMENT_TIMEOUT, StatementTimeoutHandler);
599 337 : RegisterTimeout(LOCK_TIMEOUT, LockTimeoutHandler);
600 337 : RegisterTimeout(IDLE_IN_TRANSACTION_SESSION_TIMEOUT,
601 : IdleInTransactionSessionTimeoutHandler);
602 : }
603 :
604 : /*
605 : * bufmgr needs another initialization call too
606 : */
607 338 : InitBufferPoolBackend();
608 :
609 : /*
610 : * Initialize local process's access to XLOG.
611 : */
612 338 : if (IsUnderPostmaster)
613 : {
614 : /*
615 : * The postmaster already started the XLOG machinery, but we need to
616 : * call InitXLOGAccess(), if the system isn't in hot-standby mode.
617 : * This is handled by calling RecoveryInProgress and ignoring the
618 : * result.
619 : */
620 336 : (void) RecoveryInProgress();
621 : }
622 : else
623 : {
624 : /*
625 : * We are either a bootstrap process or a standalone backend. Either
626 : * way, start up the XLOG machinery, and register to have it closed
627 : * down at exit.
628 : */
629 2 : StartupXLOG();
630 2 : on_shmem_exit(ShutdownXLOG, 0);
631 : }
632 :
633 : /*
634 : * Initialize the relation cache and the system catalog caches. Note that
635 : * no catalog access happens here; we only set up the hashtable structure.
636 : * We must do this before starting a transaction because transaction abort
637 : * would try to touch these hashtables.
638 : */
639 338 : RelationCacheInitialize();
640 338 : InitCatalogCache();
641 338 : InitPlanCache();
642 :
643 : /* Initialize portal manager */
644 338 : EnablePortalManager();
645 :
646 : /* Initialize stats collection --- must happen before first xact */
647 338 : if (!bootstrap)
648 337 : pgstat_initialize();
649 :
650 : /*
651 : * Load relcache entries for the shared system catalogs. This must create
652 : * at least entries for pg_database and catalogs used for authentication.
653 : */
654 338 : RelationCacheInitializePhase2();
655 :
656 : /*
657 : * Set up process-exit callback to do pre-shutdown cleanup. This is the
658 : * first before_shmem_exit callback we register; thus, this will be the
659 : * last thing we do before low-level modules like the buffer manager begin
660 : * to close down. We need to have this in place before we begin our first
661 : * transaction --- if we fail during the initialization transaction, as is
662 : * entirely possible, we need the AbortTransaction call to clean up.
663 : */
664 338 : before_shmem_exit(ShutdownPostgres, 0);
665 :
666 : /* The autovacuum launcher is done here */
667 338 : if (IsAutoVacuumLauncherProcess())
668 : {
669 : /* report this backend in the PgBackendStatus array */
670 1 : pgstat_bestart();
671 :
672 1 : return;
673 : }
674 :
675 : /*
676 : * Start a new transaction here before first access to db, and get a
677 : * snapshot. We don't have a use for the snapshot itself, but we're
678 : * interested in the secondary effect that it sets RecentGlobalXmin. (This
679 : * is critical for anything that reads heap pages, because HOT may decide
680 : * to prune them even if the process doesn't attempt to modify any
681 : * tuples.)
682 : */
683 337 : if (!bootstrap)
684 : {
685 : /* statement_timestamp must be set for timeouts to work correctly */
686 336 : SetCurrentStatementStartTimestamp();
687 336 : StartTransactionCommand();
688 :
689 : /*
690 : * transaction_isolation will have been set to the default by the
691 : * above. If the default is "serializable", and we are in hot
692 : * standby, we will fail if we don't change it to something lower.
693 : * Fortunately, "read committed" is plenty good enough.
694 : */
695 336 : XactIsoLevel = XACT_READ_COMMITTED;
696 :
697 336 : (void) GetTransactionSnapshot();
698 : }
699 :
700 : /*
701 : * Perform client authentication if necessary, then figure out our
702 : * postgres user ID, and see if we are a superuser.
703 : *
704 : * In standalone mode and in autovacuum worker processes, we use a fixed
705 : * ID, otherwise we figure it out from the authenticated user name.
706 : */
707 337 : if (bootstrap || IsAutoVacuumWorkerProcess())
708 : {
709 5 : InitializeSessionUserIdStandalone();
710 5 : am_superuser = true;
711 : }
712 332 : else if (!IsUnderPostmaster)
713 : {
714 1 : InitializeSessionUserIdStandalone();
715 1 : am_superuser = true;
716 1 : if (!ThereIsAtLeastOneRole())
717 0 : ereport(WARNING,
718 : (errcode(ERRCODE_UNDEFINED_OBJECT),
719 : errmsg("no roles are defined in this database system"),
720 : errhint("You should immediately run CREATE USER \"%s\" SUPERUSER;.",
721 : username != NULL ? username : "postgres")));
722 : }
723 331 : else if (IsBackgroundWorker)
724 : {
725 116 : if (username == NULL && !OidIsValid(useroid))
726 : {
727 1 : InitializeSessionUserIdStandalone();
728 1 : am_superuser = true;
729 : }
730 : else
731 : {
732 115 : InitializeSessionUserId(username, useroid);
733 115 : am_superuser = superuser();
734 : }
735 : }
736 : else
737 : {
738 : /* normal multiuser case */
739 215 : Assert(MyProcPort != NULL);
740 215 : PerformAuthentication(MyProcPort);
741 215 : InitializeSessionUserId(username, useroid);
742 215 : am_superuser = superuser();
743 : }
744 :
745 : /*
746 : * If we're trying to shut down, only superusers can connect, and new
747 : * replication connections are not allowed.
748 : */
749 337 : if ((!am_superuser || am_walsender) &&
750 0 : MyProcPort != NULL &&
751 0 : MyProcPort->canAcceptConnections == CAC_WAITBACKUP)
752 : {
753 0 : if (am_walsender)
754 0 : ereport(FATAL,
755 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
756 : errmsg("new replication connections are not allowed during database shutdown")));
757 : else
758 0 : ereport(FATAL,
759 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
760 : errmsg("must be superuser to connect during database shutdown")));
761 : }
762 :
763 : /*
764 : * Binary upgrades only allowed super-user connections
765 : */
766 337 : if (IsBinaryUpgrade && !am_superuser)
767 : {
768 0 : ereport(FATAL,
769 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
770 : errmsg("must be superuser to connect in binary upgrade mode")));
771 : }
772 :
773 : /*
774 : * The last few connections slots are reserved for superusers. Although
775 : * replication connections currently require superuser privileges, we
776 : * don't allow them to consume the reserved slots, which are intended for
777 : * interactive use.
778 : */
779 337 : if ((!am_superuser || am_walsender) &&
780 0 : ReservedBackends > 0 &&
781 0 : !HaveNFreeProcs(ReservedBackends))
782 0 : ereport(FATAL,
783 : (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
784 : errmsg("remaining connection slots are reserved for non-replication superuser connections")));
785 :
786 : /* Check replication permissions needed for walsender processes. */
787 337 : if (am_walsender)
788 : {
789 0 : Assert(!bootstrap);
790 :
791 0 : if (!superuser() && !has_rolreplication(GetUserId()))
792 0 : ereport(FATAL,
793 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
794 : errmsg("must be superuser or replication role to start walsender")));
795 : }
796 :
797 : /*
798 : * If this is a plain walsender only supporting physical replication, we
799 : * don't want to connect to any particular database. Just finish the
800 : * backend startup by processing any options from the startup packet, and
801 : * we're done.
802 : */
803 337 : if (am_walsender && !am_db_walsender)
804 : {
805 : /* process any options passed in the startup packet */
806 0 : if (MyProcPort != NULL)
807 0 : process_startup_options(MyProcPort, am_superuser);
808 :
809 : /* Apply PostAuthDelay as soon as we've read all options */
810 0 : if (PostAuthDelay > 0)
811 0 : pg_usleep(PostAuthDelay * 1000000L);
812 :
813 : /* initialize client encoding */
814 0 : InitializeClientEncoding();
815 :
816 : /* report this backend in the PgBackendStatus array */
817 0 : pgstat_bestart();
818 :
819 : /* close the transaction we started above */
820 0 : CommitTransactionCommand();
821 :
822 0 : return;
823 : }
824 :
825 : /*
826 : * Set up the global variables holding database id and default tablespace.
827 : * But note we won't actually try to touch the database just yet.
828 : *
829 : * We take a shortcut in the bootstrap case, otherwise we have to look up
830 : * the db's entry in pg_database.
831 : */
832 337 : if (bootstrap)
833 : {
834 1 : MyDatabaseId = TemplateDbOid;
835 1 : MyDatabaseTableSpace = DEFAULTTABLESPACE_OID;
836 : }
837 336 : else if (in_dbname != NULL)
838 : {
839 : HeapTuple tuple;
840 : Form_pg_database dbform;
841 :
842 216 : tuple = GetDatabaseTuple(in_dbname);
843 216 : if (!HeapTupleIsValid(tuple))
844 0 : ereport(FATAL,
845 : (errcode(ERRCODE_UNDEFINED_DATABASE),
846 : errmsg("database \"%s\" does not exist", in_dbname)));
847 216 : dbform = (Form_pg_database) GETSTRUCT(tuple);
848 216 : MyDatabaseId = HeapTupleGetOid(tuple);
849 216 : MyDatabaseTableSpace = dbform->dattablespace;
850 : /* take database name from the caller, just for paranoia */
851 216 : strlcpy(dbname, in_dbname, sizeof(dbname));
852 : }
853 120 : else if (OidIsValid(dboid))
854 : {
855 : /* caller specified database by OID */
856 : HeapTuple tuple;
857 : Form_pg_database dbform;
858 :
859 119 : tuple = GetDatabaseTupleByOid(dboid);
860 119 : if (!HeapTupleIsValid(tuple))
861 0 : ereport(FATAL,
862 : (errcode(ERRCODE_UNDEFINED_DATABASE),
863 : errmsg("database %u does not exist", dboid)));
864 119 : dbform = (Form_pg_database) GETSTRUCT(tuple);
865 119 : MyDatabaseId = HeapTupleGetOid(tuple);
866 119 : MyDatabaseTableSpace = dbform->dattablespace;
867 119 : Assert(MyDatabaseId == dboid);
868 119 : strlcpy(dbname, NameStr(dbform->datname), sizeof(dbname));
869 : /* pass the database name back to the caller */
870 119 : if (out_dbname)
871 4 : strcpy(out_dbname, dbname);
872 : }
873 : else
874 : {
875 : /*
876 : * If this is a background worker not bound to any particular
877 : * database, we're done now. Everything that follows only makes sense
878 : * if we are bound to a specific database. We do need to close the
879 : * transaction we started before returning.
880 : */
881 1 : if (!bootstrap)
882 : {
883 1 : pgstat_bestart();
884 1 : CommitTransactionCommand();
885 : }
886 1 : return;
887 : }
888 :
889 : /*
890 : * Now, take a writer's lock on the database we are trying to connect to.
891 : * If there is a concurrently running DROP DATABASE on that database, this
892 : * will block us until it finishes (and has committed its update of
893 : * pg_database).
894 : *
895 : * Note that the lock is not held long, only until the end of this startup
896 : * transaction. This is OK since we will advertise our use of the
897 : * database in the ProcArray before dropping the lock (in fact, that's the
898 : * next thing to do). Anyone trying a DROP DATABASE after this point will
899 : * see us in the array once they have the lock. Ordering is important for
900 : * this because we don't want to advertise ourselves as being in this
901 : * database until we have the lock; otherwise we create what amounts to a
902 : * deadlock with CountOtherDBBackends().
903 : *
904 : * Note: use of RowExclusiveLock here is reasonable because we envision
905 : * our session as being a concurrent writer of the database. If we had a
906 : * way of declaring a session as being guaranteed-read-only, we could use
907 : * AccessShareLock for such sessions and thereby not conflict against
908 : * CREATE DATABASE.
909 : */
910 336 : if (!bootstrap)
911 335 : LockSharedObject(DatabaseRelationId, MyDatabaseId, 0,
912 : RowExclusiveLock);
913 :
914 : /*
915 : * Now we can mark our PGPROC entry with the database ID.
916 : *
917 : * We assume this is an atomic store so no lock is needed; though actually
918 : * things would work fine even if it weren't atomic. Anyone searching the
919 : * ProcArray for this database's ID should hold the database lock, so they
920 : * would not be executing concurrently with this store. A process looking
921 : * for another database's ID could in theory see a chance match if it read
922 : * a partially-updated databaseId value; but as long as all such searches
923 : * wait and retry, as in CountOtherDBBackends(), they will certainly see
924 : * the correct value on their next try.
925 : */
926 336 : MyProc->databaseId = MyDatabaseId;
927 :
928 : /*
929 : * We established a catalog snapshot while reading pg_authid and/or
930 : * pg_database; but until we have set up MyDatabaseId, we won't react to
931 : * incoming sinval messages for unshared catalogs, so we won't realize it
932 : * if the snapshot has been invalidated. Assume it's no good anymore.
933 : */
934 336 : InvalidateCatalogSnapshot();
935 :
936 : /*
937 : * Recheck pg_database to make sure the target database hasn't gone away.
938 : * If there was a concurrent DROP DATABASE, this ensures we will die
939 : * cleanly without creating a mess.
940 : */
941 336 : if (!bootstrap)
942 : {
943 : HeapTuple tuple;
944 :
945 335 : tuple = GetDatabaseTuple(dbname);
946 670 : if (!HeapTupleIsValid(tuple) ||
947 670 : MyDatabaseId != HeapTupleGetOid(tuple) ||
948 335 : MyDatabaseTableSpace != ((Form_pg_database) GETSTRUCT(tuple))->dattablespace)
949 0 : ereport(FATAL,
950 : (errcode(ERRCODE_UNDEFINED_DATABASE),
951 : errmsg("database \"%s\" does not exist", dbname),
952 : errdetail("It seems to have just been dropped or renamed.")));
953 : }
954 :
955 : /*
956 : * Now we should be able to access the database directory safely. Verify
957 : * it's there and looks reasonable.
958 : */
959 336 : fullpath = GetDatabasePath(MyDatabaseId, MyDatabaseTableSpace);
960 :
961 336 : if (!bootstrap)
962 : {
963 335 : if (access(fullpath, F_OK) == -1)
964 : {
965 0 : if (errno == ENOENT)
966 0 : ereport(FATAL,
967 : (errcode(ERRCODE_UNDEFINED_DATABASE),
968 : errmsg("database \"%s\" does not exist",
969 : dbname),
970 : errdetail("The database subdirectory \"%s\" is missing.",
971 : fullpath)));
972 : else
973 0 : ereport(FATAL,
974 : (errcode_for_file_access(),
975 : errmsg("could not access directory \"%s\": %m",
976 : fullpath)));
977 : }
978 :
979 335 : ValidatePgVersion(fullpath);
980 : }
981 :
982 336 : SetDatabasePath(fullpath);
983 :
984 : /*
985 : * It's now possible to do real access to the system catalogs.
986 : *
987 : * Load relcache entries for the system catalogs. This must create at
988 : * least the minimum set of "nailed-in" cache entries.
989 : */
990 336 : RelationCacheInitializePhase3();
991 :
992 : /* set up ACL framework (so CheckMyDatabase can check permissions) */
993 336 : initialize_acl();
994 :
995 : /*
996 : * Re-read the pg_database row for our database, check permissions and set
997 : * up database-specific GUC settings. We can't do this until all the
998 : * database-access infrastructure is up. (Also, it wants to know if the
999 : * user is a superuser, so the above stuff has to happen first.)
1000 : */
1001 336 : if (!bootstrap)
1002 335 : CheckMyDatabase(dbname, am_superuser);
1003 :
1004 : /*
1005 : * Now process any command-line switches and any additional GUC variable
1006 : * settings passed in the startup packet. We couldn't do this before
1007 : * because we didn't know if client is a superuser.
1008 : */
1009 336 : if (MyProcPort != NULL)
1010 215 : process_startup_options(MyProcPort, am_superuser);
1011 :
1012 : /* Process pg_db_role_setting options */
1013 336 : process_settings(MyDatabaseId, GetSessionUserId());
1014 :
1015 : /* Apply PostAuthDelay as soon as we've read all options */
1016 336 : if (PostAuthDelay > 0)
1017 0 : pg_usleep(PostAuthDelay * 1000000L);
1018 :
1019 : /*
1020 : * Initialize various default states that can't be set up until we've
1021 : * selected the active user and gotten the right GUC settings.
1022 : */
1023 :
1024 : /* set default namespace search path */
1025 336 : InitializeSearchPath();
1026 :
1027 : /* initialize client encoding */
1028 336 : InitializeClientEncoding();
1029 :
1030 : /* report this backend in the PgBackendStatus array */
1031 336 : if (!bootstrap)
1032 335 : pgstat_bestart();
1033 :
1034 : /* close the transaction we started above */
1035 336 : if (!bootstrap)
1036 335 : CommitTransactionCommand();
1037 : }
1038 :
1039 : /*
1040 : * Process any command-line switches and any additional GUC variable
1041 : * settings passed in the startup packet.
1042 : */
1043 : static void
1044 215 : process_startup_options(Port *port, bool am_superuser)
1045 : {
1046 : GucContext gucctx;
1047 : ListCell *gucopts;
1048 :
1049 215 : gucctx = am_superuser ? PGC_SU_BACKEND : PGC_BACKEND;
1050 :
1051 : /*
1052 : * First process any command-line switches that were included in the
1053 : * startup packet, if we are in a regular backend.
1054 : */
1055 215 : if (port->cmdline_options != NULL)
1056 : {
1057 : /*
1058 : * The maximum possible number of commandline arguments that could
1059 : * come from port->cmdline_options is (strlen + 1) / 2; see
1060 : * pg_split_opts().
1061 : */
1062 : char **av;
1063 : int maxac;
1064 : int ac;
1065 :
1066 215 : maxac = 2 + (strlen(port->cmdline_options) + 1) / 2;
1067 :
1068 215 : av = (char **) palloc(maxac * sizeof(char *));
1069 215 : ac = 0;
1070 :
1071 215 : av[ac++] = "postgres";
1072 :
1073 215 : pg_split_opts(av, &ac, port->cmdline_options);
1074 :
1075 215 : av[ac] = NULL;
1076 :
1077 215 : Assert(ac < maxac);
1078 :
1079 215 : (void) process_postgres_switches(ac, av, gucctx, NULL);
1080 : }
1081 :
1082 : /*
1083 : * Process any additional GUC variable settings passed in startup packet.
1084 : * These are handled exactly like command-line variables.
1085 : */
1086 215 : gucopts = list_head(port->guc_options);
1087 1077 : while (gucopts)
1088 : {
1089 : char *name;
1090 : char *value;
1091 :
1092 647 : name = lfirst(gucopts);
1093 647 : gucopts = lnext(gucopts);
1094 :
1095 647 : value = lfirst(gucopts);
1096 647 : gucopts = lnext(gucopts);
1097 :
1098 647 : SetConfigOption(name, value, gucctx, PGC_S_CLIENT);
1099 : }
1100 215 : }
1101 :
1102 : /*
1103 : * Load GUC settings from pg_db_role_setting.
1104 : *
1105 : * We try specific settings for the database/role combination, as well as
1106 : * general for this database and for this user.
1107 : */
1108 : static void
1109 336 : process_settings(Oid databaseid, Oid roleid)
1110 : {
1111 : Relation relsetting;
1112 : Snapshot snapshot;
1113 :
1114 336 : if (!IsUnderPostmaster)
1115 338 : return;
1116 :
1117 334 : relsetting = heap_open(DbRoleSettingRelationId, AccessShareLock);
1118 :
1119 : /* read all the settings under the same snapshot for efficiency */
1120 334 : snapshot = RegisterSnapshot(GetCatalogSnapshot(DbRoleSettingRelationId));
1121 :
1122 : /* Later settings are ignored if set earlier. */
1123 334 : ApplySetting(snapshot, databaseid, roleid, relsetting, PGC_S_DATABASE_USER);
1124 334 : ApplySetting(snapshot, InvalidOid, roleid, relsetting, PGC_S_USER);
1125 334 : ApplySetting(snapshot, databaseid, InvalidOid, relsetting, PGC_S_DATABASE);
1126 334 : ApplySetting(snapshot, InvalidOid, InvalidOid, relsetting, PGC_S_GLOBAL);
1127 :
1128 334 : UnregisterSnapshot(snapshot);
1129 334 : heap_close(relsetting, AccessShareLock);
1130 : }
1131 :
1132 : /*
1133 : * Backend-shutdown callback. Do cleanup that we want to be sure happens
1134 : * before all the supporting modules begin to nail their doors shut via
1135 : * their own callbacks.
1136 : *
1137 : * User-level cleanup, such as temp-relation removal and UNLISTEN, happens
1138 : * via separate callbacks that execute before this one. We don't combine the
1139 : * callbacks because we still want this one to happen if the user-level
1140 : * cleanup fails.
1141 : */
1142 : static void
1143 338 : ShutdownPostgres(int code, Datum arg)
1144 : {
1145 : /* Make sure we've killed any active transaction */
1146 338 : AbortOutOfAnyTransaction();
1147 :
1148 : /*
1149 : * User locks are not released by transaction end, so be sure to release
1150 : * them explicitly.
1151 : */
1152 338 : LockReleaseAll(USER_LOCKMETHOD, true);
1153 338 : }
1154 :
1155 :
1156 : /*
1157 : * STATEMENT_TIMEOUT handler: trigger a query-cancel interrupt.
1158 : */
1159 : static void
1160 1 : StatementTimeoutHandler(void)
1161 : {
1162 1 : int sig = SIGINT;
1163 :
1164 : /*
1165 : * During authentication the timeout is used to deal with
1166 : * authentication_timeout - we want to quit in response to such timeouts.
1167 : */
1168 1 : if (ClientAuthInProgress)
1169 0 : sig = SIGTERM;
1170 :
1171 : #ifdef HAVE_SETSID
1172 : /* try to signal whole process group */
1173 1 : kill(-MyProcPid, sig);
1174 : #endif
1175 1 : kill(MyProcPid, sig);
1176 1 : }
1177 :
1178 : /*
1179 : * LOCK_TIMEOUT handler: trigger a query-cancel interrupt.
1180 : */
1181 : static void
1182 0 : LockTimeoutHandler(void)
1183 : {
1184 : #ifdef HAVE_SETSID
1185 : /* try to signal whole process group */
1186 0 : kill(-MyProcPid, SIGINT);
1187 : #endif
1188 0 : kill(MyProcPid, SIGINT);
1189 0 : }
1190 :
1191 : static void
1192 0 : IdleInTransactionSessionTimeoutHandler(void)
1193 : {
1194 0 : IdleInTransactionSessionTimeoutPending = true;
1195 0 : InterruptPending = true;
1196 0 : SetLatch(MyLatch);
1197 0 : }
1198 :
1199 : /*
1200 : * Returns true if at least one role is defined in this database cluster.
1201 : */
1202 : static bool
1203 1 : ThereIsAtLeastOneRole(void)
1204 : {
1205 : Relation pg_authid_rel;
1206 : HeapScanDesc scan;
1207 : bool result;
1208 :
1209 1 : pg_authid_rel = heap_open(AuthIdRelationId, AccessShareLock);
1210 :
1211 1 : scan = heap_beginscan_catalog(pg_authid_rel, 0, NULL);
1212 1 : result = (heap_getnext(scan, ForwardScanDirection) != NULL);
1213 :
1214 1 : heap_endscan(scan);
1215 1 : heap_close(pg_authid_rel, AccessShareLock);
1216 :
1217 1 : return result;
1218 : }
|
