LCOV - code coverage report
Current view: top level - src/backend/utils/init - miscinit.c (source / functions) Coverage Total Hit
Test: PostgreSQL 20devel Lines: 79.3 % 460 365
Test Date: 2026-07-03 19:57:34 Functions: 94.1 % 51 48
Legend: Lines:     hit not hit
Branches: + taken - not taken # not executed
Branches: 48.6 % 331 161

             Branch data     Line data    Source code
       1                 :             : /*-------------------------------------------------------------------------
       2                 :             :  *
       3                 :             :  * miscinit.c
       4                 :             :  *    miscellaneous initialization support stuff
       5                 :             :  *
       6                 :             :  * Portions Copyright (c) 1996-2026, PostgreSQL Global Development Group
       7                 :             :  * Portions Copyright (c) 1994, Regents of the University of California
       8                 :             :  *
       9                 :             :  *
      10                 :             :  * IDENTIFICATION
      11                 :             :  *    src/backend/utils/init/miscinit.c
      12                 :             :  *
      13                 :             :  *-------------------------------------------------------------------------
      14                 :             :  */
      15                 :             : #include "postgres.h"
      16                 :             : 
      17                 :             : #include <sys/param.h>
      18                 :             : #include <signal.h>
      19                 :             : #include <time.h>
      20                 :             : #include <sys/file.h>
      21                 :             : #include <sys/stat.h>
      22                 :             : #include <sys/time.h>
      23                 :             : #include <fcntl.h>
      24                 :             : #include <unistd.h>
      25                 :             : #include <grp.h>
      26                 :             : #include <pwd.h>
      27                 :             : #include <netinet/in.h>
      28                 :             : #include <arpa/inet.h>
      29                 :             : #include <utime.h>
      30                 :             : 
      31                 :             : #include "access/htup_details.h"
      32                 :             : #include "access/parallel.h"
      33                 :             : #include "catalog/pg_authid.h"
      34                 :             : #include "common/file_perm.h"
      35                 :             : #include "libpq/libpq.h"
      36                 :             : #include "libpq/pqsignal.h"
      37                 :             : #include "mb/pg_wchar.h"
      38                 :             : #include "miscadmin.h"
      39                 :             : #include "pgstat.h"
      40                 :             : #include "postmaster/autovacuum.h"
      41                 :             : #include "postmaster/interrupt.h"
      42                 :             : #include "postmaster/postmaster.h"
      43                 :             : #include "replication/slotsync.h"
      44                 :             : #include "storage/fd.h"
      45                 :             : #include "storage/ipc.h"
      46                 :             : #include "storage/latch.h"
      47                 :             : #include "storage/pg_shmem.h"
      48                 :             : #include "storage/pmsignal.h"
      49                 :             : #include "storage/proc.h"
      50                 :             : #include "storage/procarray.h"
      51                 :             : #include "utils/builtins.h"
      52                 :             : #include "utils/guc.h"
      53                 :             : #include "utils/inval.h"
      54                 :             : #include "utils/memutils.h"
      55                 :             : #include "utils/pidfile.h"
      56                 :             : #include "utils/syscache.h"
      57                 :             : #include "utils/varlena.h"
      58                 :             : #include "utils/wait_event.h"
      59                 :             : 
      60                 :             : 
      61                 :             : #define DIRECTORY_LOCK_FILE     "postmaster.pid"
      62                 :             : 
      63                 :             : ProcessingMode Mode = InitProcessing;
      64                 :             : 
      65                 :             : BackendType MyBackendType;
      66                 :             : 
      67                 :             : /* List of lock files to be removed at proc exit */
      68                 :             : static List *lock_files = NIL;
      69                 :             : 
      70                 :             : static Latch LocalLatchData;
      71                 :             : 
      72                 :             : /* ----------------------------------------------------------------
      73                 :             :  *      ignoring system indexes support stuff
      74                 :             :  *
      75                 :             :  * NOTE: "ignoring system indexes" means we do not use the system indexes
      76                 :             :  * for lookups (either in hardwired catalog accesses or in planner-generated
      77                 :             :  * plans).  We do, however, still update the indexes when a catalog
      78                 :             :  * modification is made.
      79                 :             :  * ----------------------------------------------------------------
      80                 :             :  */
      81                 :             : 
      82                 :             : bool        IgnoreSystemIndexes = false;
      83                 :             : 
      84                 :             : 
      85                 :             : /* ----------------------------------------------------------------
      86                 :             :  *  common process startup code
      87                 :             :  * ----------------------------------------------------------------
      88                 :             :  */
      89                 :             : 
      90                 :             : /*
      91                 :             :  * Initialize the basic environment for a postmaster child
      92                 :             :  *
      93                 :             :  * Should be called as early as possible after the child's startup. However,
      94                 :             :  * on EXEC_BACKEND builds it does need to be after read_backend_variables().
      95                 :             :  */
      96                 :             : void
      97                 :       25213 : InitPostmasterChild(void)
      98                 :             : {
      99                 :       25213 :     IsUnderPostmaster = true;   /* we are a postmaster subprocess now */
     100                 :             : 
     101                 :             :     /*
     102                 :             :      * Start our win32 signal implementation. This has to be done after we
     103                 :             :      * read the backend variables, because we need to pick up the signal pipe
     104                 :             :      * from the parent process.
     105                 :             :      */
     106                 :             : #ifdef WIN32
     107                 :             :     pgwin32_signal_initialize();
     108                 :             : #endif
     109                 :             : 
     110                 :       25213 :     InitProcessGlobals();
     111                 :             : 
     112                 :             :     /*
     113                 :             :      * make sure stderr is in binary mode before anything can possibly be
     114                 :             :      * written to it, in case it's actually the syslogger pipe, so the pipe
     115                 :             :      * chunking protocol isn't disturbed. Non-logpipe data gets translated on
     116                 :             :      * redirection (e.g. via pg_ctl -l) anyway.
     117                 :             :      */
     118                 :             : #ifdef WIN32
     119                 :             :     _setmode(fileno(stderr), _O_BINARY);
     120                 :             : #endif
     121                 :             : 
     122                 :             :     /* We don't want the postmaster's proc_exit() handlers */
     123                 :       25213 :     on_exit_reset();
     124                 :             : 
     125                 :             :     /* In EXEC_BACKEND case we will not have inherited BlockSig etc values */
     126                 :             : #ifdef EXEC_BACKEND
     127                 :             :     pqinitmask();
     128                 :             : #endif
     129                 :             : 
     130                 :             :     /* Initialize process-local latch support */
     131                 :       25213 :     InitializeWaitEventSupport();
     132                 :       25213 :     InitProcessLocalLatch();
     133                 :       25213 :     InitializeLatchWaitSet();
     134                 :             : 
     135                 :             :     /*
     136                 :             :      * If possible, make this process a group leader, so that the postmaster
     137                 :             :      * can signal any child processes too. Not all processes will have
     138                 :             :      * children, but for consistency we make all postmaster child processes do
     139                 :             :      * this.
     140                 :             :      */
     141                 :             : #ifdef HAVE_SETSID
     142         [ -  + ]:       25213 :     if (setsid() < 0)
     143         [ #  # ]:           0 :         elog(FATAL, "setsid() failed: %m");
     144                 :             : #endif
     145                 :             : 
     146                 :             :     /*
     147                 :             :      * Every postmaster child process is expected to respond promptly to
     148                 :             :      * SIGQUIT at all times.  Therefore we centrally remove SIGQUIT from
     149                 :             :      * BlockSig and install a suitable signal handler.  (Client-facing
     150                 :             :      * processes may choose to replace this default choice of handler with
     151                 :             :      * quickdie().)  All other blockable signals remain blocked for now.
     152                 :             :      */
     153                 :       25213 :     pqsignal(SIGQUIT, SignalHandlerForCrashExit);
     154                 :             : 
     155                 :       25213 :     sigdelset(&BlockSig, SIGQUIT);
     156                 :       25213 :     sigprocmask(SIG_SETMASK, &BlockSig, NULL);
     157                 :             : 
     158                 :             :     /* Request a signal if the postmaster dies, if possible. */
     159                 :       25213 :     PostmasterDeathSignalInit();
     160                 :             : 
     161                 :             :     /* Don't give the pipe to subprograms that we execute. */
     162                 :             : #ifndef WIN32
     163         [ -  + ]:       25213 :     if (fcntl(postmaster_alive_fds[POSTMASTER_FD_WATCH], F_SETFD, FD_CLOEXEC) < 0)
     164         [ #  # ]:           0 :         ereport(FATAL,
     165                 :             :                 (errcode_for_socket_access(),
     166                 :             :                  errmsg_internal("could not set postmaster death monitoring pipe to FD_CLOEXEC mode: %m")));
     167                 :             : #endif
     168                 :       25213 : }
     169                 :             : 
     170                 :             : /*
     171                 :             :  * Initialize the basic environment for a standalone process.
     172                 :             :  *
     173                 :             :  * argv0 has to be suitable to find the program's executable.
     174                 :             :  */
     175                 :             : void
     176                 :         274 : InitStandaloneProcess(const char *argv0)
     177                 :             : {
     178                 :             :     Assert(!IsPostmasterEnvironment);
     179                 :             : 
     180                 :         274 :     MyBackendType = B_STANDALONE_BACKEND;
     181                 :             : 
     182                 :             :     /*
     183                 :             :      * Start our win32 signal implementation
     184                 :             :      */
     185                 :             : #ifdef WIN32
     186                 :             :     pgwin32_signal_initialize();
     187                 :             : #endif
     188                 :             : 
     189                 :         274 :     InitProcessGlobals();
     190                 :             : 
     191                 :             :     /* Initialize process-local latch support */
     192                 :         274 :     InitializeWaitEventSupport();
     193                 :         274 :     InitProcessLocalLatch();
     194                 :         274 :     InitializeLatchWaitSet();
     195                 :             : 
     196                 :             :     /*
     197                 :             :      * For consistency with InitPostmasterChild, initialize signal mask here.
     198                 :             :      * But we don't unblock SIGQUIT or provide a default handler for it.
     199                 :             :      */
     200                 :         274 :     pqinitmask();
     201                 :         274 :     sigprocmask(SIG_SETMASK, &BlockSig, NULL);
     202                 :             : 
     203                 :             :     /* Compute paths, no postmaster to inherit from */
     204         [ +  - ]:         274 :     if (my_exec_path[0] == '\0')
     205                 :             :     {
     206         [ -  + ]:         274 :         if (find_my_exec(argv0, my_exec_path) < 0)
     207         [ #  # ]:           0 :             elog(FATAL, "%s: could not locate my own executable path",
     208                 :             :                  argv0);
     209                 :             :     }
     210                 :             : 
     211         [ +  - ]:         274 :     if (pkglib_path[0] == '\0')
     212                 :         274 :         get_pkglib_path(my_exec_path, pkglib_path);
     213                 :         274 : }
     214                 :             : 
     215                 :             : void
     216                 :       24899 : SwitchToSharedLatch(void)
     217                 :             : {
     218                 :             :     Assert(MyLatch == &LocalLatchData);
     219                 :             :     Assert(MyProc != NULL);
     220                 :             : 
     221                 :       24899 :     MyLatch = &MyProc->procLatch;
     222                 :             : 
     223         [ +  + ]:       24899 :     if (FeBeWaitSet)
     224                 :       15108 :         ModifyWaitEvent(FeBeWaitSet, FeBeWaitSetLatchPos, WL_LATCH_SET,
     225                 :             :                         MyLatch);
     226                 :             : 
     227                 :             :     /*
     228                 :             :      * Set the shared latch as the local one might have been set. This
     229                 :             :      * shouldn't normally be necessary as code is supposed to check the
     230                 :             :      * condition before waiting for the latch, but a bit care can't hurt.
     231                 :             :      */
     232                 :       24899 :     SetLatch(MyLatch);
     233                 :       24899 : }
     234                 :             : 
     235                 :             : void
     236                 :       26504 : InitProcessLocalLatch(void)
     237                 :             : {
     238                 :       26504 :     MyLatch = &LocalLatchData;
     239                 :       26504 :     InitLatch(MyLatch);
     240                 :       26504 : }
     241                 :             : 
     242                 :             : void
     243                 :       24899 : SwitchBackToLocalLatch(void)
     244                 :             : {
     245                 :             :     Assert(MyLatch != &LocalLatchData);
     246                 :             :     Assert(MyProc != NULL && MyLatch == &MyProc->procLatch);
     247                 :             : 
     248                 :       24899 :     MyLatch = &LocalLatchData;
     249                 :             : 
     250         [ +  + ]:       24899 :     if (FeBeWaitSet)
     251                 :       15108 :         ModifyWaitEvent(FeBeWaitSet, FeBeWaitSetLatchPos, WL_LATCH_SET,
     252                 :             :                         MyLatch);
     253                 :             : 
     254                 :       24899 :     SetLatch(MyLatch);
     255                 :       24899 : }
     256                 :             : 
     257                 :             : /*
     258                 :             :  * Return a human-readable string representation of a BackendType.
     259                 :             :  *
     260                 :             :  * The string is not localized here, but we mark the strings for translation
     261                 :             :  * so that callers can invoke _() on the result.
     262                 :             :  */
     263                 :             : const char *
     264                 :     1253642 : GetBackendTypeDesc(BackendType backendType)
     265                 :             : {
     266                 :     1253642 :     const char *backendDesc = gettext_noop("unknown process type");
     267                 :             : 
     268   [ +  +  +  +  :     1253642 :     switch (backendType)
          +  +  +  +  +  
          +  -  +  +  +  
          +  +  +  +  +  
                   +  - ]
     269                 :             :     {
     270                 :             : #define PG_PROCTYPE(bktype, bkcategory, description, main_func, shmem_attach)   \
     271                 :             :         case bktype: backendDesc = description; break;
     272                 :             : #include "postmaster/proctypelist.h"
     273                 :             : #undef PG_PROCTYPE
     274                 :             :     }
     275                 :     1253642 :     return backendDesc;
     276                 :             : }
     277                 :             : 
     278                 :             : /* ----------------------------------------------------------------
     279                 :             :  *              database path / name support stuff
     280                 :             :  * ----------------------------------------------------------------
     281                 :             :  */
     282                 :             : 
     283                 :             : void
     284                 :       18873 : SetDatabasePath(const char *path)
     285                 :             : {
     286                 :             :     /* This should happen only once per process */
     287                 :             :     Assert(!DatabasePath);
     288                 :       18873 :     DatabasePath = MemoryContextStrdup(TopMemoryContext, path);
     289                 :       18873 : }
     290                 :             : 
     291                 :             : /*
     292                 :             :  * Validate the proposed data directory.
     293                 :             :  *
     294                 :             :  * Also initialize file and directory create modes and mode mask.
     295                 :             :  */
     296                 :             : void
     297                 :        1260 : checkDataDir(void)
     298                 :             : {
     299                 :             :     struct stat stat_buf;
     300                 :             : 
     301                 :             :     Assert(DataDir);
     302                 :             : 
     303         [ -  + ]:        1260 :     if (stat(DataDir, &stat_buf) != 0)
     304                 :             :     {
     305         [ #  # ]:           0 :         if (errno == ENOENT)
     306         [ #  # ]:           0 :             ereport(FATAL,
     307                 :             :                     (errcode_for_file_access(),
     308                 :             :                      errmsg("data directory \"%s\" does not exist",
     309                 :             :                             DataDir)));
     310                 :             :         else
     311         [ #  # ]:           0 :             ereport(FATAL,
     312                 :             :                     (errcode_for_file_access(),
     313                 :             :                      errmsg("could not read permissions of directory \"%s\": %m",
     314                 :             :                             DataDir)));
     315                 :             :     }
     316                 :             : 
     317                 :             :     /* eventual chdir would fail anyway, but let's test ... */
     318         [ -  + ]:        1260 :     if (!S_ISDIR(stat_buf.st_mode))
     319         [ #  # ]:           0 :         ereport(FATAL,
     320                 :             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
     321                 :             :                  errmsg("specified data directory \"%s\" is not a directory",
     322                 :             :                         DataDir)));
     323                 :             : 
     324                 :             :     /*
     325                 :             :      * Check that the directory belongs to my userid; if not, reject.
     326                 :             :      *
     327                 :             :      * This check is an essential part of the interlock that prevents two
     328                 :             :      * postmasters from starting in the same directory (see CreateLockFile()).
     329                 :             :      * Do not remove or weaken it.
     330                 :             :      *
     331                 :             :      * XXX can we safely enable this check on Windows?
     332                 :             :      */
     333                 :             : #if !defined(WIN32) && !defined(__CYGWIN__)
     334         [ -  + ]:        1260 :     if (stat_buf.st_uid != geteuid())
     335         [ #  # ]:           0 :         ereport(FATAL,
     336                 :             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
     337                 :             :                  errmsg("data directory \"%s\" has wrong ownership",
     338                 :             :                         DataDir),
     339                 :             :                  errhint("The server must be started by the user that owns the data directory.")));
     340                 :             : #endif
     341                 :             : 
     342                 :             :     /*
     343                 :             :      * Check if the directory has correct permissions.  If not, reject.
     344                 :             :      *
     345                 :             :      * Only two possible modes are allowed, 0700 and 0750.  The latter mode
     346                 :             :      * indicates that group read/execute should be allowed on all newly
     347                 :             :      * created files and directories.
     348                 :             :      *
     349                 :             :      * XXX temporarily suppress check when on Windows, because there may not
     350                 :             :      * be proper support for Unix-y file permissions.  Need to think of a
     351                 :             :      * reasonable check to apply on Windows.
     352                 :             :      */
     353                 :             : #if !defined(WIN32) && !defined(__CYGWIN__)
     354         [ -  + ]:        1260 :     if (stat_buf.st_mode & PG_MODE_MASK_GROUP)
     355         [ #  # ]:           0 :         ereport(FATAL,
     356                 :             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
     357                 :             :                  errmsg("data directory \"%s\" has invalid permissions",
     358                 :             :                         DataDir),
     359                 :             :                  errdetail("Permissions should be u=rwx (0700) or u=rwx,g=rx (0750).")));
     360                 :             : #endif
     361                 :             : 
     362                 :             :     /*
     363                 :             :      * Reset creation modes and mask based on the mode of the data directory.
     364                 :             :      *
     365                 :             :      * The mask was set earlier in startup to disallow group permissions on
     366                 :             :      * newly created files and directories.  However, if group read/execute
     367                 :             :      * are present on the data directory then modify the create modes and mask
     368                 :             :      * to allow group read/execute on newly created files and directories and
     369                 :             :      * set the data_directory_mode GUC.
     370                 :             :      *
     371                 :             :      * Suppress when on Windows, because there may not be proper support for
     372                 :             :      * Unix-y file permissions.
     373                 :             :      */
     374                 :             : #if !defined(WIN32) && !defined(__CYGWIN__)
     375                 :        1260 :     SetDataDirectoryCreatePerm(stat_buf.st_mode);
     376                 :             : 
     377                 :        1260 :     umask(pg_mode_mask);
     378                 :        1260 :     data_directory_mode = pg_dir_create_mode;
     379                 :             : #endif
     380                 :             : 
     381                 :             :     /* Check for PG_VERSION */
     382                 :        1260 :     ValidatePgVersion(DataDir);
     383                 :        1260 : }
     384                 :             : 
     385                 :             : /*
     386                 :             :  * Set data directory, but make sure it's an absolute path.  Use this,
     387                 :             :  * never set DataDir directly.
     388                 :             :  */
     389                 :             : void
     390                 :        1263 : SetDataDir(const char *dir)
     391                 :             : {
     392                 :             :     char       *new;
     393                 :             : 
     394                 :             :     Assert(dir);
     395                 :             : 
     396                 :             :     /* If presented path is relative, convert to absolute */
     397                 :        1263 :     new = make_absolute_path(dir);
     398                 :             : 
     399                 :        1263 :     free(DataDir);
     400                 :        1263 :     DataDir = new;
     401                 :        1263 : }
     402                 :             : 
     403                 :             : /*
     404                 :             :  * Change working directory to DataDir.  Most of the postmaster and backend
     405                 :             :  * code assumes that we are in DataDir so it can use relative paths to access
     406                 :             :  * stuff in and under the data directory.  For convenience during path
     407                 :             :  * setup, however, we don't force the chdir to occur during SetDataDir.
     408                 :             :  */
     409                 :             : void
     410                 :        1260 : ChangeToDataDir(void)
     411                 :             : {
     412                 :             :     Assert(DataDir);
     413                 :             : 
     414         [ -  + ]:        1260 :     if (chdir(DataDir) < 0)
     415         [ #  # ]:           0 :         ereport(FATAL,
     416                 :             :                 (errcode_for_file_access(),
     417                 :             :                  errmsg("could not change directory to \"%s\": %m",
     418                 :             :                         DataDir)));
     419                 :        1260 : }
     420                 :             : 
     421                 :             : 
     422                 :             : /* ----------------------------------------------------------------
     423                 :             :  *  User ID state
     424                 :             :  *
     425                 :             :  * We have to track several different values associated with the concept
     426                 :             :  * of "user ID".
     427                 :             :  *
     428                 :             :  * AuthenticatedUserId is determined at connection start and never changes.
     429                 :             :  *
     430                 :             :  * SessionUserId is initially the same as AuthenticatedUserId, but can be
     431                 :             :  * changed by SET SESSION AUTHORIZATION (if AuthenticatedUserId is a
     432                 :             :  * superuser).  This is the ID reported by the SESSION_USER SQL function.
     433                 :             :  *
     434                 :             :  * OuterUserId is the current user ID in effect at the "outer level" (outside
     435                 :             :  * any transaction or function).  This is initially the same as SessionUserId,
     436                 :             :  * but can be changed by SET ROLE to any role that SessionUserId is a
     437                 :             :  * member of.  (XXX rename to something like CurrentRoleId?)
     438                 :             :  *
     439                 :             :  * CurrentUserId is the current effective user ID; this is the one to use
     440                 :             :  * for all normal permissions-checking purposes.  At outer level this will
     441                 :             :  * be the same as OuterUserId, but it changes during calls to SECURITY
     442                 :             :  * DEFINER functions, as well as locally in some specialized commands.
     443                 :             :  *
     444                 :             :  * SecurityRestrictionContext holds flags indicating reason(s) for changing
     445                 :             :  * CurrentUserId.  In some cases we need to lock down operations that are
     446                 :             :  * not directly controlled by privilege settings, and this provides a
     447                 :             :  * convenient way to do it.
     448                 :             :  * ----------------------------------------------------------------
     449                 :             :  */
     450                 :             : static Oid  AuthenticatedUserId = InvalidOid;
     451                 :             : static Oid  SessionUserId = InvalidOid;
     452                 :             : static Oid  OuterUserId = InvalidOid;
     453                 :             : static Oid  CurrentUserId = InvalidOid;
     454                 :             : static const char *SystemUser = NULL;
     455                 :             : 
     456                 :             : /* We also have to remember the superuser state of the session user */
     457                 :             : static bool SessionUserIsSuperuser = false;
     458                 :             : 
     459                 :             : static int  SecurityRestrictionContext = 0;
     460                 :             : 
     461                 :             : /* We also remember if a SET ROLE is currently active */
     462                 :             : static bool SetRoleIsActive = false;
     463                 :             : 
     464                 :             : /*
     465                 :             :  * GetUserId - get the current effective user ID.
     466                 :             :  *
     467                 :             :  * Note: there's no SetUserId() anymore; use SetUserIdAndSecContext().
     468                 :             :  */
     469                 :             : Oid
     470                 :     9397866 : GetUserId(void)
     471                 :             : {
     472                 :             :     Assert(OidIsValid(CurrentUserId));
     473                 :     9397866 :     return CurrentUserId;
     474                 :             : }
     475                 :             : 
     476                 :             : 
     477                 :             : /*
     478                 :             :  * GetOuterUserId/SetOuterUserId - get/set the outer-level user ID.
     479                 :             :  */
     480                 :             : Oid
     481                 :        1123 : GetOuterUserId(void)
     482                 :             : {
     483                 :             :     Assert(OidIsValid(OuterUserId));
     484                 :        1123 :     return OuterUserId;
     485                 :             : }
     486                 :             : 
     487                 :             : 
     488                 :             : static void
     489                 :       50514 : SetOuterUserId(Oid userid, bool is_superuser)
     490                 :             : {
     491                 :             :     Assert(SecurityRestrictionContext == 0);
     492                 :             :     Assert(OidIsValid(userid));
     493                 :       50514 :     OuterUserId = userid;
     494                 :             : 
     495                 :             :     /* We force the effective user ID to match, too */
     496                 :       50514 :     CurrentUserId = userid;
     497                 :             : 
     498                 :             :     /* Also update the is_superuser GUC to match OuterUserId's property */
     499         [ +  + ]:       50514 :     SetConfigOption("is_superuser",
     500                 :             :                     is_superuser ? "on" : "off",
     501                 :             :                     PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT);
     502                 :       50514 : }
     503                 :             : 
     504                 :             : 
     505                 :             : /*
     506                 :             :  * GetSessionUserId/SetSessionUserId - get/set the session user ID.
     507                 :             :  */
     508                 :             : Oid
     509                 :       41902 : GetSessionUserId(void)
     510                 :             : {
     511                 :             :     Assert(OidIsValid(SessionUserId));
     512                 :       41902 :     return SessionUserId;
     513                 :             : }
     514                 :             : 
     515                 :             : bool
     516                 :        2683 : GetSessionUserIsSuperuser(void)
     517                 :             : {
     518                 :             :     Assert(OidIsValid(SessionUserId));
     519                 :        2683 :     return SessionUserIsSuperuser;
     520                 :             : }
     521                 :             : 
     522                 :             : static void
     523                 :       24658 : SetSessionUserId(Oid userid, bool is_superuser)
     524                 :             : {
     525                 :             :     Assert(SecurityRestrictionContext == 0);
     526                 :             :     Assert(OidIsValid(userid));
     527                 :       24658 :     SessionUserId = userid;
     528                 :       24658 :     SessionUserIsSuperuser = is_superuser;
     529                 :       24658 : }
     530                 :             : 
     531                 :             : /*
     532                 :             :  * Return the system user representing the authenticated identity.
     533                 :             :  * It is defined in InitializeSystemUser() as auth_method:authn_id.
     534                 :             :  */
     535                 :             : const char *
     536                 :          22 : GetSystemUser(void)
     537                 :             : {
     538                 :          22 :     return SystemUser;
     539                 :             : }
     540                 :             : 
     541                 :             : /*
     542                 :             :  * GetAuthenticatedUserId/SetAuthenticatedUserId - get/set the authenticated
     543                 :             :  * user ID
     544                 :             :  */
     545                 :             : Oid
     546                 :       20362 : GetAuthenticatedUserId(void)
     547                 :             : {
     548                 :             :     Assert(OidIsValid(AuthenticatedUserId));
     549                 :       20362 :     return AuthenticatedUserId;
     550                 :             : }
     551                 :             : 
     552                 :             : void
     553                 :       17658 : SetAuthenticatedUserId(Oid userid)
     554                 :             : {
     555                 :             :     Assert(OidIsValid(userid));
     556                 :             : 
     557                 :             :     /* call only once */
     558                 :             :     Assert(!OidIsValid(AuthenticatedUserId));
     559                 :             : 
     560                 :       17658 :     AuthenticatedUserId = userid;
     561                 :             : 
     562                 :             :     /* Also mark our PGPROC entry with the authenticated user id */
     563                 :             :     /* (We assume this is an atomic store so no lock is needed) */
     564                 :       17658 :     MyProc->roleId = userid;
     565                 :       17658 : }
     566                 :             : 
     567                 :             : 
     568                 :             : /*
     569                 :             :  * GetUserIdAndSecContext/SetUserIdAndSecContext - get/set the current user ID
     570                 :             :  * and the SecurityRestrictionContext flags.
     571                 :             :  *
     572                 :             :  * Currently there are three valid bits in SecurityRestrictionContext:
     573                 :             :  *
     574                 :             :  * SECURITY_LOCAL_USERID_CHANGE indicates that we are inside an operation
     575                 :             :  * that is temporarily changing CurrentUserId via these functions.  This is
     576                 :             :  * needed to indicate that the actual value of CurrentUserId is not in sync
     577                 :             :  * with guc.c's internal state, so SET ROLE has to be disallowed.
     578                 :             :  *
     579                 :             :  * SECURITY_RESTRICTED_OPERATION indicates that we are inside an operation
     580                 :             :  * that does not wish to trust called user-defined functions at all.  The
     581                 :             :  * policy is to use this before operations, e.g. autovacuum and REINDEX, that
     582                 :             :  * enumerate relations of a database or schema and run functions associated
     583                 :             :  * with each found relation.  The relation owner is the new user ID.  Set this
     584                 :             :  * as soon as possible after locking the relation.  Restore the old user ID as
     585                 :             :  * late as possible before closing the relation; restoring it shortly after
     586                 :             :  * close is also tolerable.  If a command has both relation-enumerating and
     587                 :             :  * non-enumerating modes, e.g. ANALYZE, both modes set this bit.  This bit
     588                 :             :  * prevents not only SET ROLE, but various other changes of session state that
     589                 :             :  * normally is unprotected but might possibly be used to subvert the calling
     590                 :             :  * session later.  An example is replacing an existing prepared statement with
     591                 :             :  * new code, which will then be executed with the outer session's permissions
     592                 :             :  * when the prepared statement is next used.  These restrictions are fairly
     593                 :             :  * draconian, but the functions called in relation-enumerating operations are
     594                 :             :  * really supposed to be side-effect-free anyway.
     595                 :             :  *
     596                 :             :  * SECURITY_NOFORCE_RLS indicates that we are inside an operation which should
     597                 :             :  * ignore the FORCE ROW LEVEL SECURITY per-table indication.  This is used to
     598                 :             :  * ensure that FORCE RLS does not mistakenly break referential integrity
     599                 :             :  * checks.  Note that this is intentionally only checked when running as the
     600                 :             :  * owner of the table (which should always be the case for referential
     601                 :             :  * integrity checks).
     602                 :             :  *
     603                 :             :  * Unlike GetUserId, GetUserIdAndSecContext does *not* Assert that the current
     604                 :             :  * value of CurrentUserId is valid; nor does SetUserIdAndSecContext require
     605                 :             :  * the new value to be valid.  In fact, these routines had better not
     606                 :             :  * ever throw any kind of error.  This is because they are used by
     607                 :             :  * StartTransaction and AbortTransaction to save/restore the settings,
     608                 :             :  * and during the first transaction within a backend, the value to be saved
     609                 :             :  * and perhaps restored is indeed invalid.  We have to be able to get
     610                 :             :  * through AbortTransaction without asserting in case InitPostgres fails.
     611                 :             :  */
     612                 :             : void
     613                 :     1687195 : GetUserIdAndSecContext(Oid *userid, int *sec_context)
     614                 :             : {
     615                 :     1687195 :     *userid = CurrentUserId;
     616                 :     1687195 :     *sec_context = SecurityRestrictionContext;
     617                 :     1687195 : }
     618                 :             : 
     619                 :             : void
     620                 :      877687 : SetUserIdAndSecContext(Oid userid, int sec_context)
     621                 :             : {
     622                 :      877687 :     CurrentUserId = userid;
     623                 :      877687 :     SecurityRestrictionContext = sec_context;
     624                 :      877687 : }
     625                 :             : 
     626                 :             : 
     627                 :             : /*
     628                 :             :  * InLocalUserIdChange - are we inside a local change of CurrentUserId?
     629                 :             :  */
     630                 :             : bool
     631                 :       41808 : InLocalUserIdChange(void)
     632                 :             : {
     633                 :       41808 :     return (SecurityRestrictionContext & SECURITY_LOCAL_USERID_CHANGE) != 0;
     634                 :             : }
     635                 :             : 
     636                 :             : /*
     637                 :             :  * InSecurityRestrictedOperation - are we inside a security-restricted command?
     638                 :             :  */
     639                 :             : bool
     640                 :       49160 : InSecurityRestrictedOperation(void)
     641                 :             : {
     642                 :       49160 :     return (SecurityRestrictionContext & SECURITY_RESTRICTED_OPERATION) != 0;
     643                 :             : }
     644                 :             : 
     645                 :             : /*
     646                 :             :  * InNoForceRLSOperation - are we ignoring FORCE ROW LEVEL SECURITY ?
     647                 :             :  */
     648                 :             : bool
     649                 :         180 : InNoForceRLSOperation(void)
     650                 :             : {
     651                 :         180 :     return (SecurityRestrictionContext & SECURITY_NOFORCE_RLS) != 0;
     652                 :             : }
     653                 :             : 
     654                 :             : 
     655                 :             : /*
     656                 :             :  * These are obsolete versions of Get/SetUserIdAndSecContext that are
     657                 :             :  * only provided for bug-compatibility with some rather dubious code in
     658                 :             :  * pljava.  We allow the userid to be set, but only when not inside a
     659                 :             :  * security restriction context.
     660                 :             :  */
     661                 :             : void
     662                 :           0 : GetUserIdAndContext(Oid *userid, bool *sec_def_context)
     663                 :             : {
     664                 :           0 :     *userid = CurrentUserId;
     665                 :           0 :     *sec_def_context = InLocalUserIdChange();
     666                 :           0 : }
     667                 :             : 
     668                 :             : void
     669                 :           0 : SetUserIdAndContext(Oid userid, bool sec_def_context)
     670                 :             : {
     671                 :             :     /* We throw the same error SET ROLE would. */
     672         [ #  # ]:           0 :     if (InSecurityRestrictedOperation())
     673         [ #  # ]:           0 :         ereport(ERROR,
     674                 :             :                 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
     675                 :             :                  errmsg("cannot set parameter \"%s\" within security-restricted operation",
     676                 :             :                         "role")));
     677                 :           0 :     CurrentUserId = userid;
     678         [ #  # ]:           0 :     if (sec_def_context)
     679                 :           0 :         SecurityRestrictionContext |= SECURITY_LOCAL_USERID_CHANGE;
     680                 :             :     else
     681                 :           0 :         SecurityRestrictionContext &= ~SECURITY_LOCAL_USERID_CHANGE;
     682                 :           0 : }
     683                 :             : 
     684                 :             : 
     685                 :             : /*
     686                 :             :  * Check whether specified role has explicit REPLICATION privilege
     687                 :             :  */
     688                 :             : bool
     689                 :        1927 : has_rolreplication(Oid roleid)
     690                 :             : {
     691                 :        1927 :     bool        result = false;
     692                 :             :     HeapTuple   utup;
     693                 :             : 
     694                 :             :     /* Superusers bypass all permission checking. */
     695         [ +  + ]:        1927 :     if (superuser_arg(roleid))
     696                 :        1862 :         return true;
     697                 :             : 
     698                 :          65 :     utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
     699         [ +  - ]:          65 :     if (HeapTupleIsValid(utup))
     700                 :             :     {
     701                 :          65 :         result = ((Form_pg_authid) GETSTRUCT(utup))->rolreplication;
     702                 :          65 :         ReleaseSysCache(utup);
     703                 :             :     }
     704                 :          65 :     return result;
     705                 :             : }
     706                 :             : 
     707                 :             : /*
     708                 :             :  * Initialize user identity during normal backend startup
     709                 :             :  */
     710                 :             : void
     711                 :       17661 : InitializeSessionUserId(const char *rolename, Oid roleid,
     712                 :             :                         bool bypass_login_check)
     713                 :             : {
     714                 :             :     HeapTuple   roleTup;
     715                 :             :     Form_pg_authid rform;
     716                 :             :     char       *rname;
     717                 :             :     bool        is_superuser;
     718                 :             : 
     719                 :             :     /*
     720                 :             :      * In a parallel worker, we don't have to do anything here.
     721                 :             :      * ParallelWorkerMain already set our output variables, and we aren't
     722                 :             :      * going to enforce either rolcanlogin or rolconnlimit.  Furthermore, we
     723                 :             :      * don't really want to perform a catalog lookup for the role: we don't
     724                 :             :      * want to fail if it's been dropped.
     725                 :             :      */
     726         [ +  + ]:       17661 :     if (InitializingParallelWorker)
     727                 :             :     {
     728                 :             :         Assert(bypass_login_check);
     729                 :        2007 :         return;
     730                 :             :     }
     731                 :             : 
     732                 :             :     /*
     733                 :             :      * Don't do scans if we're bootstrapping, none of the system catalogs
     734                 :             :      * exist yet, and they should be owned by postgres anyway.
     735                 :             :      */
     736                 :             :     Assert(!IsBootstrapProcessingMode());
     737                 :             : 
     738                 :             :     /*
     739                 :             :      * Make sure syscache entries are flushed for recent catalog changes. This
     740                 :             :      * allows us to find roles that were created on-the-fly during
     741                 :             :      * authentication.
     742                 :             :      */
     743                 :       15654 :     AcceptInvalidationMessages();
     744                 :             : 
     745                 :             :     /*
     746                 :             :      * Look up the role, either by name if that's given or by OID if not.
     747                 :             :      */
     748         [ +  + ]:       15654 :     if (rolename != NULL)
     749                 :             :     {
     750                 :       15035 :         roleTup = SearchSysCache1(AUTHNAME, PointerGetDatum(rolename));
     751         [ +  + ]:       15035 :         if (!HeapTupleIsValid(roleTup))
     752         [ +  - ]:           2 :             ereport(FATAL,
     753                 :             :                     (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
     754                 :             :                      errmsg("role \"%s\" does not exist", rolename)));
     755                 :             :     }
     756                 :             :     else
     757                 :             :     {
     758                 :         619 :         roleTup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
     759         [ -  + ]:         618 :         if (!HeapTupleIsValid(roleTup))
     760         [ #  # ]:           0 :             ereport(FATAL,
     761                 :             :                     (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
     762                 :             :                      errmsg("role with OID %u does not exist", roleid)));
     763                 :             :     }
     764                 :             : 
     765                 :       15651 :     rform = (Form_pg_authid) GETSTRUCT(roleTup);
     766                 :       15651 :     roleid = rform->oid;
     767                 :       15651 :     rname = NameStr(rform->rolname);
     768                 :       15651 :     is_superuser = rform->rolsuper;
     769                 :             : 
     770                 :       15651 :     SetAuthenticatedUserId(roleid);
     771                 :             : 
     772                 :             :     /*
     773                 :             :      * Set SessionUserId and related variables, including "role", via the GUC
     774                 :             :      * mechanisms.
     775                 :             :      *
     776                 :             :      * Note: ideally we would use PGC_S_DYNAMIC_DEFAULT here, so that
     777                 :             :      * session_authorization could subsequently be changed from
     778                 :             :      * pg_db_role_setting entries.  Instead, session_authorization in
     779                 :             :      * pg_db_role_setting has no effect.  Changing that would require solving
     780                 :             :      * two problems:
     781                 :             :      *
     782                 :             :      * 1. If pg_db_role_setting has values for both session_authorization and
     783                 :             :      * role, we could not be sure which order those would be applied in, and
     784                 :             :      * it would matter.
     785                 :             :      *
     786                 :             :      * 2. Sites may have years-old session_authorization entries.  There's not
     787                 :             :      * been any particular reason to remove them.  Ending the dormancy of
     788                 :             :      * those entries could seriously change application behavior, so only a
     789                 :             :      * major release should do that.
     790                 :             :      */
     791                 :       15651 :     SetConfigOption("session_authorization", rname,
     792                 :             :                     PGC_BACKEND, PGC_S_OVERRIDE);
     793                 :             : 
     794                 :             :     /*
     795                 :             :      * These next checks are not enforced when in standalone mode, so that
     796                 :             :      * there is a way to recover from sillinesses like "UPDATE pg_authid SET
     797                 :             :      * rolcanlogin = false;".
     798                 :             :      */
     799         [ +  - ]:       15651 :     if (IsUnderPostmaster)
     800                 :             :     {
     801                 :             :         /*
     802                 :             :          * Is role allowed to login at all?  (But background workers can
     803                 :             :          * override this by setting bypass_login_check.)
     804                 :             :          */
     805   [ +  +  +  + ]:       15651 :         if (!bypass_login_check && !rform->rolcanlogin)
     806         [ +  - ]:           3 :             ereport(FATAL,
     807                 :             :                     (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
     808                 :             :                      errmsg("role \"%s\" is not permitted to log in",
     809                 :             :                             rname)));
     810                 :             : 
     811                 :             :         /*
     812                 :             :          * Check connection limit for this role.  We enforce the limit only
     813                 :             :          * for regular backends, since other process types have their own
     814                 :             :          * PGPROC pools.
     815                 :             :          *
     816                 :             :          * There is a race condition here --- we create our PGPROC before
     817                 :             :          * checking for other PGPROCs.  If two backends did this at about the
     818                 :             :          * same time, they might both think they were over the limit, while
     819                 :             :          * ideally one should succeed and one fail.  Getting that to work
     820                 :             :          * exactly seems more trouble than it is worth, however; instead we
     821                 :             :          * just document that the connection limit is approximate.
     822                 :             :          */
     823         [ -  + ]:       15648 :         if (rform->rolconnlimit >= 0 &&
     824         [ #  # ]:           0 :             AmRegularBackendProcess() &&
     825         [ #  # ]:           0 :             !is_superuser &&
     826         [ #  # ]:           0 :             CountUserBackends(roleid) > rform->rolconnlimit)
     827         [ #  # ]:           0 :             ereport(FATAL,
     828                 :             :                     (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
     829                 :             :                      errmsg("too many connections for role \"%s\"",
     830                 :             :                             rname)));
     831                 :             :     }
     832                 :             : 
     833                 :       15648 :     ReleaseSysCache(roleTup);
     834                 :             : }
     835                 :             : 
     836                 :             : 
     837                 :             : /*
     838                 :             :  * Initialize user identity during special backend startup
     839                 :             :  */
     840                 :             : void
     841                 :        2267 : InitializeSessionUserIdStandalone(void)
     842                 :             : {
     843                 :             :     /*
     844                 :             :      * This function should only be called in single-user mode, in autovacuum
     845                 :             :      * workers, in slot sync worker and in background workers.
     846                 :             :      */
     847                 :             :     Assert(!IsUnderPostmaster || AmAutoVacuumWorkerProcess() ||
     848                 :             :            AmLogicalSlotSyncWorkerProcess() || AmBackgroundWorkerProcess() ||
     849                 :             :            AmDataChecksumsWorkerProcess());
     850                 :             : 
     851                 :             :     /* call only once */
     852                 :             :     Assert(!OidIsValid(AuthenticatedUserId));
     853                 :             : 
     854                 :        2267 :     AuthenticatedUserId = BOOTSTRAP_SUPERUSERID;
     855                 :             : 
     856                 :             :     /*
     857                 :             :      * XXX Ideally we'd do this via SetConfigOption("session_authorization"),
     858                 :             :      * but we lack the role name needed to do that, and we can't fetch it
     859                 :             :      * because one reason for this special case is to be able to start up even
     860                 :             :      * if something's happened to the BOOTSTRAP_SUPERUSERID's pg_authid row.
     861                 :             :      * Since we don't set the GUC itself, C code will see the value as NULL,
     862                 :             :      * and current_setting() will report an empty string within this session.
     863                 :             :      */
     864                 :        2267 :     SetSessionAuthorization(BOOTSTRAP_SUPERUSERID, true);
     865                 :             : 
     866                 :             :     /* We could do SetConfigOption("role"), but let's be consistent */
     867                 :        2267 :     SetCurrentRoleId(InvalidOid, false);
     868                 :        2267 : }
     869                 :             : 
     870                 :             : /*
     871                 :             :  * Initialize the system user.
     872                 :             :  *
     873                 :             :  * This is built as auth_method:authn_id.
     874                 :             :  */
     875                 :             : void
     876                 :         137 : InitializeSystemUser(const char *authn_id, const char *auth_method)
     877                 :             : {
     878                 :             :     char       *system_user;
     879                 :             : 
     880                 :             :     /* call only once */
     881                 :             :     Assert(SystemUser == NULL);
     882                 :             : 
     883                 :             :     /*
     884                 :             :      * InitializeSystemUser should be called only when authn_id is not NULL,
     885                 :             :      * meaning that auth_method is valid.
     886                 :             :      */
     887                 :             :     Assert(authn_id != NULL);
     888                 :             : 
     889                 :         137 :     system_user = psprintf("%s:%s", auth_method, authn_id);
     890                 :             : 
     891                 :             :     /* Store SystemUser in long-lived storage */
     892                 :         137 :     SystemUser = MemoryContextStrdup(TopMemoryContext, system_user);
     893                 :         137 :     pfree(system_user);
     894                 :         137 : }
     895                 :             : 
     896                 :             : /*
     897                 :             :  * SQL-function SYSTEM_USER
     898                 :             :  */
     899                 :             : Datum
     900                 :          22 : system_user(PG_FUNCTION_ARGS)
     901                 :             : {
     902                 :          22 :     const char *sysuser = GetSystemUser();
     903                 :             : 
     904         [ +  + ]:          22 :     if (sysuser)
     905                 :          11 :         PG_RETURN_DATUM(CStringGetTextDatum(sysuser));
     906                 :             :     else
     907                 :          11 :         PG_RETURN_NULL();
     908                 :             : }
     909                 :             : 
     910                 :             : /*
     911                 :             :  * Change session auth ID while running
     912                 :             :  *
     913                 :             :  * The SQL standard says that SET SESSION AUTHORIZATION implies SET ROLE NONE.
     914                 :             :  * We mechanize that at higher levels not here, because this is the GUC
     915                 :             :  * assign hook for "session_authorization", and it must be commutative with
     916                 :             :  * SetCurrentRoleId (the hook for "role") because guc.c provides no guarantees
     917                 :             :  * which will run first during cases such as transaction rollback.  Therefore,
     918                 :             :  * we update derived state (OuterUserId/CurrentUserId/is_superuser) only if
     919                 :             :  * !SetRoleIsActive.
     920                 :             :  */
     921                 :             : void
     922                 :       24658 : SetSessionAuthorization(Oid userid, bool is_superuser)
     923                 :             : {
     924                 :       24658 :     SetSessionUserId(userid, is_superuser);
     925                 :             : 
     926         [ +  + ]:       24658 :     if (!SetRoleIsActive)
     927                 :       24613 :         SetOuterUserId(userid, is_superuser);
     928                 :       24658 : }
     929                 :             : 
     930                 :             : /*
     931                 :             :  * Report current role id
     932                 :             :  *      This follows the semantics of SET ROLE, ie return the outer-level ID
     933                 :             :  *      not the current effective ID, and return InvalidOid when the setting
     934                 :             :  *      is logically SET ROLE NONE.
     935                 :             :  */
     936                 :             : Oid
     937                 :         729 : GetCurrentRoleId(void)
     938                 :             : {
     939         [ +  + ]:         729 :     if (SetRoleIsActive)
     940                 :          40 :         return OuterUserId;
     941                 :             :     else
     942                 :         689 :         return InvalidOid;
     943                 :             : }
     944                 :             : 
     945                 :             : /*
     946                 :             :  * Change Role ID while running (SET ROLE)
     947                 :             :  *
     948                 :             :  * If roleid is InvalidOid, we are doing SET ROLE NONE: revert to the
     949                 :             :  * session user authorization.  In this case the is_superuser argument
     950                 :             :  * is ignored.
     951                 :             :  *
     952                 :             :  * When roleid is not InvalidOid, the caller must have checked whether
     953                 :             :  * the session user has permission to become that role.  (We cannot check
     954                 :             :  * here because this routine must be able to execute in a failed transaction
     955                 :             :  * to restore a prior value of the ROLE GUC variable.)
     956                 :             :  */
     957                 :             : void
     958                 :       27192 : SetCurrentRoleId(Oid roleid, bool is_superuser)
     959                 :             : {
     960                 :             :     /*
     961                 :             :      * Get correct info if it's SET ROLE NONE
     962                 :             :      *
     963                 :             :      * If SessionUserId hasn't been set yet, do nothing beyond updating
     964                 :             :      * SetRoleIsActive --- the eventual SetSessionAuthorization call will
     965                 :             :      * update the derived state.  This is needed since we will get called
     966                 :             :      * during GUC initialization.
     967                 :             :      */
     968         [ +  + ]:       27192 :     if (!OidIsValid(roleid))
     969                 :             :     {
     970                 :       26442 :         SetRoleIsActive = false;
     971                 :             : 
     972         [ +  + ]:       26442 :         if (!OidIsValid(SessionUserId))
     973                 :        1291 :             return;
     974                 :             : 
     975                 :       25151 :         roleid = SessionUserId;
     976                 :       25151 :         is_superuser = SessionUserIsSuperuser;
     977                 :             :     }
     978                 :             :     else
     979                 :         750 :         SetRoleIsActive = true;
     980                 :             : 
     981                 :       25901 :     SetOuterUserId(roleid, is_superuser);
     982                 :             : }
     983                 :             : 
     984                 :             : 
     985                 :             : /*
     986                 :             :  * Get user name from user oid, returns NULL for nonexistent roleid if noerr
     987                 :             :  * is true.
     988                 :             :  */
     989                 :             : char *
     990                 :       12556 : GetUserNameFromId(Oid roleid, bool noerr)
     991                 :             : {
     992                 :             :     HeapTuple   tuple;
     993                 :             :     char       *result;
     994                 :             : 
     995                 :       12556 :     tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
     996         [ +  + ]:       12556 :     if (!HeapTupleIsValid(tuple))
     997                 :             :     {
     998         [ -  + ]:          12 :         if (!noerr)
     999         [ #  # ]:           0 :             ereport(ERROR,
    1000                 :             :                     (errcode(ERRCODE_UNDEFINED_OBJECT),
    1001                 :             :                      errmsg("invalid role OID: %u", roleid)));
    1002                 :          12 :         result = NULL;
    1003                 :             :     }
    1004                 :             :     else
    1005                 :             :     {
    1006                 :       12544 :         result = pstrdup(NameStr(((Form_pg_authid) GETSTRUCT(tuple))->rolname));
    1007                 :       12544 :         ReleaseSysCache(tuple);
    1008                 :             :     }
    1009                 :       12556 :     return result;
    1010                 :             : }
    1011                 :             : 
    1012                 :             : /* ------------------------------------------------------------------------
    1013                 :             :  *              Client connection state shared with parallel workers
    1014                 :             :  *
    1015                 :             :  * ClientConnectionInfo contains pieces of information about the client that
    1016                 :             :  * need to be synced to parallel workers when they initialize.
    1017                 :             :  *-------------------------------------------------------------------------
    1018                 :             :  */
    1019                 :             : 
    1020                 :             : ClientConnectionInfo MyClientConnectionInfo;
    1021                 :             : 
    1022                 :             : /*
    1023                 :             :  * Intermediate representation of ClientConnectionInfo for easier
    1024                 :             :  * serialization.  Variable-length fields are allocated right after this
    1025                 :             :  * header.
    1026                 :             :  */
    1027                 :             : typedef struct SerializedClientConnectionInfo
    1028                 :             : {
    1029                 :             :     int32       authn_id_len;   /* strlen(authn_id), or -1 if NULL */
    1030                 :             :     UserAuth    auth_method;
    1031                 :             : } SerializedClientConnectionInfo;
    1032                 :             : 
    1033                 :             : /*
    1034                 :             :  * Calculate the space needed to serialize MyClientConnectionInfo.
    1035                 :             :  */
    1036                 :             : Size
    1037                 :         681 : EstimateClientConnectionInfoSpace(void)
    1038                 :             : {
    1039                 :         681 :     Size        size = 0;
    1040                 :             : 
    1041                 :         681 :     size = add_size(size, sizeof(SerializedClientConnectionInfo));
    1042                 :             : 
    1043         [ +  + ]:         681 :     if (MyClientConnectionInfo.authn_id)
    1044                 :           1 :         size = add_size(size, strlen(MyClientConnectionInfo.authn_id) + 1);
    1045                 :             : 
    1046                 :         681 :     return size;
    1047                 :             : }
    1048                 :             : 
    1049                 :             : /*
    1050                 :             :  * Serialize MyClientConnectionInfo for use by parallel workers.
    1051                 :             :  */
    1052                 :             : void
    1053                 :         681 : SerializeClientConnectionInfo(Size maxsize PG_USED_FOR_ASSERTS_ONLY,
    1054                 :             :                               char *start_address)
    1055                 :             : {
    1056                 :         681 :     SerializedClientConnectionInfo serialized = {0};
    1057                 :             : 
    1058                 :         681 :     serialized.authn_id_len = -1;
    1059                 :         681 :     serialized.auth_method = MyClientConnectionInfo.auth_method;
    1060                 :             : 
    1061         [ +  + ]:         681 :     if (MyClientConnectionInfo.authn_id)
    1062                 :           1 :         serialized.authn_id_len = strlen(MyClientConnectionInfo.authn_id);
    1063                 :             : 
    1064                 :             :     /* Copy serialized representation to buffer */
    1065                 :             :     Assert(maxsize >= sizeof(serialized));
    1066                 :         681 :     memcpy(start_address, &serialized, sizeof(serialized));
    1067                 :             : 
    1068                 :         681 :     maxsize -= sizeof(serialized);
    1069                 :         681 :     start_address += sizeof(serialized);
    1070                 :             : 
    1071                 :             :     /* Copy authn_id into the space after the struct */
    1072         [ +  + ]:         681 :     if (serialized.authn_id_len >= 0)
    1073                 :             :     {
    1074                 :             :         Assert(maxsize >= (serialized.authn_id_len + 1));
    1075                 :           1 :         memcpy(start_address,
    1076                 :           1 :                MyClientConnectionInfo.authn_id,
    1077                 :             :         /* include the NULL terminator to ease deserialization */
    1078                 :           1 :                serialized.authn_id_len + 1);
    1079                 :             :     }
    1080                 :         681 : }
    1081                 :             : 
    1082                 :             : /*
    1083                 :             :  * Restore MyClientConnectionInfo from its serialized representation.
    1084                 :             :  */
    1085                 :             : void
    1086                 :        2007 : RestoreClientConnectionInfo(char *conninfo)
    1087                 :             : {
    1088                 :             :     SerializedClientConnectionInfo serialized;
    1089                 :             : 
    1090                 :        2007 :     memcpy(&serialized, conninfo, sizeof(serialized));
    1091                 :             : 
    1092                 :             :     /* Copy the fields back into place */
    1093                 :        2007 :     MyClientConnectionInfo.authn_id = NULL;
    1094                 :        2007 :     MyClientConnectionInfo.auth_method = serialized.auth_method;
    1095                 :             : 
    1096         [ +  + ]:        2007 :     if (serialized.authn_id_len >= 0)
    1097                 :             :     {
    1098                 :             :         char       *authn_id;
    1099                 :             : 
    1100                 :           2 :         authn_id = conninfo + sizeof(serialized);
    1101                 :           2 :         MyClientConnectionInfo.authn_id = MemoryContextStrdup(TopMemoryContext,
    1102                 :             :                                                               authn_id);
    1103                 :             :     }
    1104                 :        2007 : }
    1105                 :             : 
    1106                 :             : 
    1107                 :             : /*-------------------------------------------------------------------------
    1108                 :             :  *              Interlock-file support
    1109                 :             :  *
    1110                 :             :  * These routines are used to create both a data-directory lockfile
    1111                 :             :  * ($DATADIR/postmaster.pid) and Unix-socket-file lockfiles ($SOCKFILE.lock).
    1112                 :             :  * Both kinds of files contain the same info initially, although we can add
    1113                 :             :  * more information to a data-directory lockfile after it's created, using
    1114                 :             :  * AddToDataDirLockFile().  See pidfile.h for documentation of the contents
    1115                 :             :  * of these lockfiles.
    1116                 :             :  *
    1117                 :             :  * On successful lockfile creation, a proc_exit callback to remove the
    1118                 :             :  * lockfile is automatically created.
    1119                 :             :  *-------------------------------------------------------------------------
    1120                 :             :  */
    1121                 :             : 
    1122                 :             : /*
    1123                 :             :  * proc_exit callback to remove lockfiles.
    1124                 :             :  */
    1125                 :             : static void
    1126                 :        1257 : UnlinkLockFiles(int status, Datum arg)
    1127                 :             : {
    1128                 :             :     ListCell   *l;
    1129                 :             : 
    1130   [ +  -  +  +  :        3507 :     foreach(l, lock_files)
                   +  + ]
    1131                 :             :     {
    1132                 :        2250 :         char       *curfile = (char *) lfirst(l);
    1133                 :             : 
    1134                 :        2250 :         unlink(curfile);
    1135                 :             :         /* Should we complain if the unlink fails? */
    1136                 :             :     }
    1137                 :             :     /* Since we're about to exit, no need to reclaim storage */
    1138                 :             : 
    1139                 :             :     /*
    1140                 :             :      * Lock file removal should always be the last externally visible action
    1141                 :             :      * of a postmaster or standalone backend, while we won't come here at all
    1142                 :             :      * when exiting postmaster child processes.  Therefore, this is a good
    1143                 :             :      * place to log completion of shutdown.  We could alternatively teach
    1144                 :             :      * proc_exit() to do it, but that seems uglier.  In a standalone backend,
    1145                 :             :      * use NOTICE elevel to be less chatty.
    1146                 :             :      */
    1147   [ +  +  +  + ]:        1257 :     ereport(IsPostmasterEnvironment ? LOG : NOTICE,
    1148                 :             :             (errmsg("database system is shut down")));
    1149                 :        1257 : }
    1150                 :             : 
    1151                 :             : /*
    1152                 :             :  * Create a lockfile.
    1153                 :             :  *
    1154                 :             :  * filename is the path name of the lockfile to create.
    1155                 :             :  * amPostmaster is used to determine how to encode the output PID.
    1156                 :             :  * socketDir is the Unix socket directory path to include (possibly empty).
    1157                 :             :  * isDDLock and refName are used to determine what error message to produce.
    1158                 :             :  */
    1159                 :             : static void
    1160                 :        2253 : CreateLockFile(const char *filename, bool amPostmaster,
    1161                 :             :                const char *socketDir,
    1162                 :             :                bool isDDLock, const char *refName)
    1163                 :             : {
    1164                 :             :     int         fd;
    1165                 :             :     char        buffer[MAXPGPATH * 2 + 256];
    1166                 :             :     int         ntries;
    1167                 :             :     int         len;
    1168                 :             :     int         encoded_pid;
    1169                 :             :     pid_t       other_pid;
    1170                 :             :     pid_t       my_pid,
    1171                 :             :                 my_p_pid,
    1172                 :             :                 my_gp_pid;
    1173                 :             :     const char *envvar;
    1174                 :             : 
    1175                 :             :     /*
    1176                 :             :      * If the PID in the lockfile is our own PID or our parent's or
    1177                 :             :      * grandparent's PID, then the file must be stale (probably left over from
    1178                 :             :      * a previous system boot cycle).  We need to check this because of the
    1179                 :             :      * likelihood that a reboot will assign exactly the same PID as we had in
    1180                 :             :      * the previous reboot, or one that's only one or two counts larger and
    1181                 :             :      * hence the lockfile's PID now refers to an ancestor shell process.  We
    1182                 :             :      * allow pg_ctl to pass down its parent shell PID (our grandparent PID)
    1183                 :             :      * via the environment variable PG_GRANDPARENT_PID; this is so that
    1184                 :             :      * launching the postmaster via pg_ctl can be just as reliable as
    1185                 :             :      * launching it directly.  There is no provision for detecting
    1186                 :             :      * further-removed ancestor processes, but if the init script is written
    1187                 :             :      * carefully then all but the immediate parent shell will be root-owned
    1188                 :             :      * processes and so the kill test will fail with EPERM.  Note that we
    1189                 :             :      * cannot get a false negative this way, because an existing postmaster
    1190                 :             :      * would surely never launch a competing postmaster or pg_ctl process
    1191                 :             :      * directly.
    1192                 :             :      */
    1193                 :        2253 :     my_pid = getpid();
    1194                 :             : 
    1195                 :             : #ifndef WIN32
    1196                 :        2253 :     my_p_pid = getppid();
    1197                 :             : #else
    1198                 :             : 
    1199                 :             :     /*
    1200                 :             :      * Windows hasn't got getppid(), but doesn't need it since it's not using
    1201                 :             :      * real kill() either...
    1202                 :             :      */
    1203                 :             :     my_p_pid = 0;
    1204                 :             : #endif
    1205                 :             : 
    1206                 :        2253 :     envvar = getenv("PG_GRANDPARENT_PID");
    1207         [ +  + ]:        2253 :     if (envvar)
    1208                 :        1799 :         my_gp_pid = atoi(envvar);
    1209                 :             :     else
    1210                 :         454 :         my_gp_pid = 0;
    1211                 :             : 
    1212                 :             :     /*
    1213                 :             :      * We need a loop here because of race conditions.  But don't loop forever
    1214                 :             :      * (for example, a non-writable $PGDATA directory might cause a failure
    1215                 :             :      * that won't go away).  100 tries seems like plenty.
    1216                 :             :      */
    1217                 :        2253 :     for (ntries = 0;; ntries++)
    1218                 :             :     {
    1219                 :             :         /*
    1220                 :             :          * Try to create the lock file --- O_EXCL makes this atomic.
    1221                 :             :          *
    1222                 :             :          * Think not to make the file protection weaker than 0600/0640.  See
    1223                 :             :          * comments below.
    1224                 :             :          */
    1225                 :        2256 :         fd = open(filename, O_RDWR | O_CREAT | O_EXCL, pg_file_create_mode);
    1226         [ +  + ]:        2256 :         if (fd >= 0)
    1227                 :        2250 :             break;              /* Success; exit the retry loop */
    1228                 :             : 
    1229                 :             :         /*
    1230                 :             :          * Couldn't create the pid file. Probably it already exists.
    1231                 :             :          */
    1232   [ -  +  -  -  :           6 :         if ((errno != EEXIST && errno != EACCES) || ntries > 100)
                   -  + ]
    1233         [ #  # ]:           0 :             ereport(FATAL,
    1234                 :             :                     (errcode_for_file_access(),
    1235                 :             :                      errmsg("could not create lock file \"%s\": %m",
    1236                 :             :                             filename)));
    1237                 :             : 
    1238                 :             :         /*
    1239                 :             :          * Read the file to get the old owner's PID.  Note race condition
    1240                 :             :          * here: file might have been deleted since we tried to create it.
    1241                 :             :          */
    1242                 :           6 :         fd = open(filename, O_RDONLY, pg_file_create_mode);
    1243         [ -  + ]:           6 :         if (fd < 0)
    1244                 :             :         {
    1245         [ #  # ]:           0 :             if (errno == ENOENT)
    1246                 :           0 :                 continue;       /* race condition; try again */
    1247         [ #  # ]:           0 :             ereport(FATAL,
    1248                 :             :                     (errcode_for_file_access(),
    1249                 :             :                      errmsg("could not open lock file \"%s\": %m",
    1250                 :             :                             filename)));
    1251                 :             :         }
    1252                 :           6 :         pgstat_report_wait_start(WAIT_EVENT_LOCK_FILE_CREATE_READ);
    1253         [ -  + ]:           6 :         if ((len = read(fd, buffer, sizeof(buffer) - 1)) < 0)
    1254         [ #  # ]:           0 :             ereport(FATAL,
    1255                 :             :                     (errcode_for_file_access(),
    1256                 :             :                      errmsg("could not read lock file \"%s\": %m",
    1257                 :             :                             filename)));
    1258                 :           6 :         pgstat_report_wait_end();
    1259                 :           6 :         close(fd);
    1260                 :             : 
    1261         [ -  + ]:           6 :         if (len == 0)
    1262                 :             :         {
    1263         [ #  # ]:           0 :             ereport(FATAL,
    1264                 :             :                     (errcode(ERRCODE_LOCK_FILE_EXISTS),
    1265                 :             :                      errmsg("lock file \"%s\" is empty", filename),
    1266                 :             :                      errhint("Either another server is starting, or the lock file is the remnant of a previous server startup crash.")));
    1267                 :             :         }
    1268                 :             : 
    1269                 :           6 :         buffer[len] = '\0';
    1270                 :           6 :         encoded_pid = atoi(buffer);
    1271                 :             : 
    1272                 :             :         /* if pid < 0, the pid is for postgres, not postmaster */
    1273                 :           6 :         other_pid = (pid_t) (encoded_pid < 0 ? -encoded_pid : encoded_pid);
    1274                 :             : 
    1275         [ -  + ]:           6 :         if (other_pid <= 0)
    1276         [ #  # ]:           0 :             elog(FATAL, "bogus data in lock file \"%s\": \"%s\"",
    1277                 :             :                  filename, buffer);
    1278                 :             : 
    1279                 :             :         /*
    1280                 :             :          * Check to see if the other process still exists
    1281                 :             :          *
    1282                 :             :          * Per discussion above, my_pid, my_p_pid, and my_gp_pid can be
    1283                 :             :          * ignored as false matches.
    1284                 :             :          *
    1285                 :             :          * Normally kill() will fail with ESRCH if the given PID doesn't
    1286                 :             :          * exist.
    1287                 :             :          *
    1288                 :             :          * We can treat the EPERM-error case as okay because that error
    1289                 :             :          * implies that the existing process has a different userid than we
    1290                 :             :          * do, which means it cannot be a competing postmaster.  A postmaster
    1291                 :             :          * cannot successfully attach to a data directory owned by a userid
    1292                 :             :          * other than its own, as enforced in checkDataDir(). Also, since we
    1293                 :             :          * create the lockfiles mode 0600/0640, we'd have failed above if the
    1294                 :             :          * lockfile belonged to another userid --- which means that whatever
    1295                 :             :          * process kill() is reporting about isn't the one that made the
    1296                 :             :          * lockfile.  (NOTE: this last consideration is the only one that
    1297                 :             :          * keeps us from blowing away a Unix socket file belonging to an
    1298                 :             :          * instance of Postgres being run by someone else, at least on
    1299                 :             :          * machines where /tmp hasn't got a stickybit.)
    1300                 :             :          */
    1301   [ +  -  +  -  :           6 :         if (other_pid != my_pid && other_pid != my_p_pid &&
                   +  - ]
    1302                 :             :             other_pid != my_gp_pid)
    1303                 :             :         {
    1304         [ +  + ]:           6 :             if (kill(other_pid, 0) == 0 ||
    1305   [ -  +  -  - ]:           4 :                 (errno != ESRCH && errno != EPERM))
    1306                 :             :             {
    1307                 :             :                 /* lockfile belongs to a live process */
    1308   [ +  -  +  -  :           2 :                 ereport(FATAL,
             -  +  -  - ]
    1309                 :             :                         (errcode(ERRCODE_LOCK_FILE_EXISTS),
    1310                 :             :                          errmsg("lock file \"%s\" already exists",
    1311                 :             :                                 filename),
    1312                 :             :                          isDDLock ?
    1313                 :             :                          (encoded_pid < 0 ?
    1314                 :             :                           errhint("Is another postgres (PID %d) running in data directory \"%s\"?",
    1315                 :             :                                   (int) other_pid, refName) :
    1316                 :             :                           errhint("Is another postmaster (PID %d) running in data directory \"%s\"?",
    1317                 :             :                                   (int) other_pid, refName)) :
    1318                 :             :                          (encoded_pid < 0 ?
    1319                 :             :                           errhint("Is another postgres (PID %d) using socket file \"%s\"?",
    1320                 :             :                                   (int) other_pid, refName) :
    1321                 :             :                           errhint("Is another postmaster (PID %d) using socket file \"%s\"?",
    1322                 :             :                                   (int) other_pid, refName))));
    1323                 :             :             }
    1324                 :             :         }
    1325                 :             : 
    1326                 :             :         /*
    1327                 :             :          * No, the creating process did not exist.  However, it could be that
    1328                 :             :          * the postmaster crashed (or more likely was kill -9'd by a clueless
    1329                 :             :          * admin) but has left orphan backends behind.  Check for this by
    1330                 :             :          * looking to see if there is an associated shmem segment that is
    1331                 :             :          * still in use.
    1332                 :             :          *
    1333                 :             :          * Note: because postmaster.pid is written in multiple steps, we might
    1334                 :             :          * not find the shmem ID values in it; we can't treat that as an
    1335                 :             :          * error.
    1336                 :             :          */
    1337         [ +  + ]:           4 :         if (isDDLock)
    1338                 :             :         {
    1339                 :           2 :             char       *ptr = buffer;
    1340                 :             :             unsigned long id1,
    1341                 :             :                         id2;
    1342                 :             :             int         lineno;
    1343                 :             : 
    1344         [ +  + ]:          14 :             for (lineno = 1; lineno < LOCK_FILE_LINE_SHMEM_KEY; lineno++)
    1345                 :             :             {
    1346         [ -  + ]:          12 :                 if ((ptr = strchr(ptr, '\n')) == NULL)
    1347                 :           0 :                     break;
    1348                 :          12 :                 ptr++;
    1349                 :             :             }
    1350                 :             : 
    1351         [ +  - ]:           2 :             if (ptr != NULL &&
    1352         [ +  - ]:           2 :                 sscanf(ptr, "%lu %lu", &id1, &id2) == 2)
    1353                 :             :             {
    1354         [ +  + ]:           2 :                 if (PGSharedMemoryIsInUse(id1, id2))
    1355         [ +  - ]:           1 :                     ereport(FATAL,
    1356                 :             :                             (errcode(ERRCODE_LOCK_FILE_EXISTS),
    1357                 :             :                              errmsg("pre-existing shared memory block (key %lu, ID %lu) is still in use",
    1358                 :             :                                     id1, id2),
    1359                 :             :                              errhint("Terminate any old server processes associated with data directory \"%s\".",
    1360                 :             :                                      refName)));
    1361                 :             :             }
    1362                 :             :         }
    1363                 :             : 
    1364                 :             :         /*
    1365                 :             :          * Looks like nobody's home.  Unlink the file and try again to create
    1366                 :             :          * it.  Need a loop because of possible race condition against other
    1367                 :             :          * would-be creators.
    1368                 :             :          */
    1369         [ -  + ]:           3 :         if (unlink(filename) < 0)
    1370         [ #  # ]:           0 :             ereport(FATAL,
    1371                 :             :                     (errcode_for_file_access(),
    1372                 :             :                      errmsg("could not remove old lock file \"%s\": %m",
    1373                 :             :                             filename),
    1374                 :             :                      errhint("The file seems accidentally left over, but "
    1375                 :             :                              "it could not be removed. Please remove the file "
    1376                 :             :                              "by hand and try again.")));
    1377                 :             :     }
    1378                 :             : 
    1379                 :             :     /*
    1380                 :             :      * Successfully created the file, now fill it.  See comment in pidfile.h
    1381                 :             :      * about the contents.  Note that we write the same first five lines into
    1382                 :             :      * both datadir and socket lockfiles; although more stuff may get added to
    1383                 :             :      * the datadir lockfile later.
    1384                 :             :      */
    1385         [ +  + ]:        2250 :     snprintf(buffer, sizeof(buffer), "%d\n%s\n" INT64_FORMAT "\n%d\n%s\n",
    1386                 :             :              amPostmaster ? (int) my_pid : -((int) my_pid),
    1387                 :             :              DataDir,
    1388                 :             :              MyStartTime,
    1389                 :             :              PostPortNumber,
    1390                 :             :              socketDir);
    1391                 :             : 
    1392                 :             :     /*
    1393                 :             :      * In a standalone backend, the next line (LOCK_FILE_LINE_LISTEN_ADDR)
    1394                 :             :      * will never receive data, so fill it in as empty now.
    1395                 :             :      */
    1396   [ +  +  +  + ]:        2250 :     if (isDDLock && !amPostmaster)
    1397                 :         248 :         strlcat(buffer, "\n", sizeof(buffer));
    1398                 :             : 
    1399                 :        2250 :     errno = 0;
    1400                 :        2250 :     pgstat_report_wait_start(WAIT_EVENT_LOCK_FILE_CREATE_WRITE);
    1401         [ -  + ]:        2250 :     if (write(fd, buffer, strlen(buffer)) != strlen(buffer))
    1402                 :             :     {
    1403                 :           0 :         int         save_errno = errno;
    1404                 :             : 
    1405                 :           0 :         close(fd);
    1406                 :           0 :         unlink(filename);
    1407                 :             :         /* if write didn't set errno, assume problem is no disk space */
    1408         [ #  # ]:           0 :         errno = save_errno ? save_errno : ENOSPC;
    1409         [ #  # ]:           0 :         ereport(FATAL,
    1410                 :             :                 (errcode_for_file_access(),
    1411                 :             :                  errmsg("could not write lock file \"%s\": %m", filename)));
    1412                 :             :     }
    1413                 :        2250 :     pgstat_report_wait_end();
    1414                 :             : 
    1415                 :        2250 :     pgstat_report_wait_start(WAIT_EVENT_LOCK_FILE_CREATE_SYNC);
    1416         [ -  + ]:        2250 :     if (pg_fsync(fd) != 0)
    1417                 :             :     {
    1418                 :           0 :         int         save_errno = errno;
    1419                 :             : 
    1420                 :           0 :         close(fd);
    1421                 :           0 :         unlink(filename);
    1422                 :           0 :         errno = save_errno;
    1423         [ #  # ]:           0 :         ereport(FATAL,
    1424                 :             :                 (errcode_for_file_access(),
    1425                 :             :                  errmsg("could not write lock file \"%s\": %m", filename)));
    1426                 :             :     }
    1427                 :        2250 :     pgstat_report_wait_end();
    1428         [ -  + ]:        2250 :     if (close(fd) != 0)
    1429                 :             :     {
    1430                 :           0 :         int         save_errno = errno;
    1431                 :             : 
    1432                 :           0 :         unlink(filename);
    1433                 :           0 :         errno = save_errno;
    1434         [ #  # ]:           0 :         ereport(FATAL,
    1435                 :             :                 (errcode_for_file_access(),
    1436                 :             :                  errmsg("could not write lock file \"%s\": %m", filename)));
    1437                 :             :     }
    1438                 :             : 
    1439                 :             :     /*
    1440                 :             :      * Arrange to unlink the lock file(s) at proc_exit.  If this is the first
    1441                 :             :      * one, set up the on_proc_exit function to do it; then add this lock file
    1442                 :             :      * to the list of files to unlink.
    1443                 :             :      */
    1444         [ +  + ]:        2250 :     if (lock_files == NIL)
    1445                 :        1257 :         on_proc_exit(UnlinkLockFiles, 0);
    1446                 :             : 
    1447                 :             :     /*
    1448                 :             :      * Use lcons so that the lock files are unlinked in reverse order of
    1449                 :             :      * creation; this is critical!
    1450                 :             :      */
    1451                 :        2250 :     lock_files = lcons(pstrdup(filename), lock_files);
    1452                 :        2250 : }
    1453                 :             : 
    1454                 :             : /*
    1455                 :             :  * Create the data directory lockfile.
    1456                 :             :  *
    1457                 :             :  * When this is called, we must have already switched the working
    1458                 :             :  * directory to DataDir, so we can just use a relative path.  This
    1459                 :             :  * helps ensure that we are locking the directory we should be.
    1460                 :             :  *
    1461                 :             :  * Note that the socket directory path line is initially written as empty.
    1462                 :             :  * postmaster.c will rewrite it upon creating the first Unix socket.
    1463                 :             :  */
    1464                 :             : void
    1465                 :        1260 : CreateDataDirLockFile(bool amPostmaster)
    1466                 :             : {
    1467                 :        1260 :     CreateLockFile(DIRECTORY_LOCK_FILE, amPostmaster, "", true, DataDir);
    1468                 :        1257 : }
    1469                 :             : 
    1470                 :             : /*
    1471                 :             :  * Create a lockfile for the specified Unix socket file.
    1472                 :             :  */
    1473                 :             : void
    1474                 :         993 : CreateSocketLockFile(const char *socketfile, bool amPostmaster,
    1475                 :             :                      const char *socketDir)
    1476                 :             : {
    1477                 :             :     char        lockfile[MAXPGPATH];
    1478                 :             : 
    1479                 :         993 :     snprintf(lockfile, sizeof(lockfile), "%s.lock", socketfile);
    1480                 :         993 :     CreateLockFile(lockfile, amPostmaster, socketDir, false, socketfile);
    1481                 :         993 : }
    1482                 :             : 
    1483                 :             : /*
    1484                 :             :  * TouchSocketLockFiles -- mark socket lock files as recently accessed
    1485                 :             :  *
    1486                 :             :  * This routine should be called every so often to ensure that the socket
    1487                 :             :  * lock files have a recent mod or access date.  That saves them
    1488                 :             :  * from being removed by overenthusiastic /tmp-directory-cleaner daemons.
    1489                 :             :  * (Another reason we should never have put the socket file in /tmp...)
    1490                 :             :  */
    1491                 :             : void
    1492                 :           0 : TouchSocketLockFiles(void)
    1493                 :             : {
    1494                 :             :     ListCell   *l;
    1495                 :             : 
    1496   [ #  #  #  #  :           0 :     foreach(l, lock_files)
                   #  # ]
    1497                 :             :     {
    1498                 :           0 :         char       *socketLockFile = (char *) lfirst(l);
    1499                 :             : 
    1500                 :             :         /* No need to touch the data directory lock file, we trust */
    1501         [ #  # ]:           0 :         if (strcmp(socketLockFile, DIRECTORY_LOCK_FILE) == 0)
    1502                 :           0 :             continue;
    1503                 :             : 
    1504                 :             :         /* we just ignore any error here */
    1505                 :           0 :         (void) utime(socketLockFile, NULL);
    1506                 :             :     }
    1507                 :           0 : }
    1508                 :             : 
    1509                 :             : 
    1510                 :             : /*
    1511                 :             :  * Add (or replace) a line in the data directory lock file.
    1512                 :             :  * The given string should not include a trailing newline.
    1513                 :             :  *
    1514                 :             :  * Note: because we don't truncate the file, if we were to rewrite a line
    1515                 :             :  * with less data than it had before, there would be garbage after the last
    1516                 :             :  * line.  While we could fix that by adding a truncate call, that would make
    1517                 :             :  * the file update non-atomic, which we'd rather avoid.  Therefore, callers
    1518                 :             :  * should endeavor never to shorten a line once it's been written.
    1519                 :             :  */
    1520                 :             : void
    1521                 :        6257 : AddToDataDirLockFile(int target_line, const char *str)
    1522                 :             : {
    1523                 :             :     int         fd;
    1524                 :             :     int         len;
    1525                 :             :     int         lineno;
    1526                 :             :     char       *srcptr;
    1527                 :             :     char       *destptr;
    1528                 :             :     char        srcbuffer[BLCKSZ];
    1529                 :             :     char        destbuffer[BLCKSZ];
    1530                 :             : 
    1531                 :        6257 :     fd = open(DIRECTORY_LOCK_FILE, O_RDWR | PG_BINARY, 0);
    1532         [ -  + ]:        6257 :     if (fd < 0)
    1533                 :             :     {
    1534         [ #  # ]:           0 :         ereport(LOG,
    1535                 :             :                 (errcode_for_file_access(),
    1536                 :             :                  errmsg("could not open file \"%s\": %m",
    1537                 :             :                         DIRECTORY_LOCK_FILE)));
    1538                 :           0 :         return;
    1539                 :             :     }
    1540                 :        6257 :     pgstat_report_wait_start(WAIT_EVENT_LOCK_FILE_ADDTODATADIR_READ);
    1541                 :        6257 :     len = read(fd, srcbuffer, sizeof(srcbuffer) - 1);
    1542                 :        6257 :     pgstat_report_wait_end();
    1543         [ -  + ]:        6257 :     if (len < 0)
    1544                 :             :     {
    1545         [ #  # ]:           0 :         ereport(LOG,
    1546                 :             :                 (errcode_for_file_access(),
    1547                 :             :                  errmsg("could not read from file \"%s\": %m",
    1548                 :             :                         DIRECTORY_LOCK_FILE)));
    1549                 :           0 :         close(fd);
    1550                 :           0 :         return;
    1551                 :             :     }
    1552                 :        6257 :     srcbuffer[len] = '\0';
    1553                 :             : 
    1554                 :             :     /*
    1555                 :             :      * Advance over lines we are not supposed to rewrite, then copy them to
    1556                 :             :      * destbuffer.
    1557                 :             :      */
    1558                 :        6257 :     srcptr = srcbuffer;
    1559         [ +  + ]:       42849 :     for (lineno = 1; lineno < target_line; lineno++)
    1560                 :             :     {
    1561                 :       37586 :         char       *eol = strchr(srcptr, '\n');
    1562                 :             : 
    1563         [ +  + ]:       37586 :         if (eol == NULL)
    1564                 :         994 :             break;              /* not enough lines in file yet */
    1565                 :       36592 :         srcptr = eol + 1;
    1566                 :             :     }
    1567                 :        6257 :     memcpy(destbuffer, srcbuffer, srcptr - srcbuffer);
    1568                 :        6257 :     destptr = destbuffer + (srcptr - srcbuffer);
    1569                 :             : 
    1570                 :             :     /*
    1571                 :             :      * Fill in any missing lines before the target line, in case lines are
    1572                 :             :      * added to the file out of order.
    1573                 :             :      */
    1574         [ +  + ]:        7251 :     for (; lineno < target_line; lineno++)
    1575                 :             :     {
    1576         [ +  - ]:         994 :         if (destptr < destbuffer + sizeof(destbuffer))
    1577                 :         994 :             *destptr++ = '\n';
    1578                 :             :     }
    1579                 :             : 
    1580                 :             :     /*
    1581                 :             :      * Write or rewrite the target line.
    1582                 :             :      */
    1583                 :        6257 :     snprintf(destptr, destbuffer + sizeof(destbuffer) - destptr, "%s\n", str);
    1584                 :        6257 :     destptr += strlen(destptr);
    1585                 :             : 
    1586                 :             :     /*
    1587                 :             :      * If there are more lines in the old file, append them to destbuffer.
    1588                 :             :      */
    1589         [ +  + ]:        6257 :     if ((srcptr = strchr(srcptr, '\n')) != NULL)
    1590                 :             :     {
    1591                 :        4022 :         srcptr++;
    1592                 :        4022 :         snprintf(destptr, destbuffer + sizeof(destbuffer) - destptr, "%s",
    1593                 :             :                  srcptr);
    1594                 :             :     }
    1595                 :             : 
    1596                 :             :     /*
    1597                 :             :      * And rewrite the data.  Since we write in a single kernel call, this
    1598                 :             :      * update should appear atomic to onlookers.
    1599                 :             :      */
    1600                 :        6257 :     len = strlen(destbuffer);
    1601                 :        6257 :     errno = 0;
    1602                 :        6257 :     pgstat_report_wait_start(WAIT_EVENT_LOCK_FILE_ADDTODATADIR_WRITE);
    1603         [ -  + ]:        6257 :     if (pg_pwrite(fd, destbuffer, len, 0) != len)
    1604                 :             :     {
    1605                 :           0 :         pgstat_report_wait_end();
    1606                 :             :         /* if write didn't set errno, assume problem is no disk space */
    1607         [ #  # ]:           0 :         if (errno == 0)
    1608                 :           0 :             errno = ENOSPC;
    1609         [ #  # ]:           0 :         ereport(LOG,
    1610                 :             :                 (errcode_for_file_access(),
    1611                 :             :                  errmsg("could not write to file \"%s\": %m",
    1612                 :             :                         DIRECTORY_LOCK_FILE)));
    1613                 :           0 :         close(fd);
    1614                 :           0 :         return;
    1615                 :             :     }
    1616                 :        6257 :     pgstat_report_wait_end();
    1617                 :        6257 :     pgstat_report_wait_start(WAIT_EVENT_LOCK_FILE_ADDTODATADIR_SYNC);
    1618         [ -  + ]:        6257 :     if (pg_fsync(fd) != 0)
    1619                 :             :     {
    1620         [ #  # ]:           0 :         ereport(LOG,
    1621                 :             :                 (errcode_for_file_access(),
    1622                 :             :                  errmsg("could not write to file \"%s\": %m",
    1623                 :             :                         DIRECTORY_LOCK_FILE)));
    1624                 :             :     }
    1625                 :        6257 :     pgstat_report_wait_end();
    1626         [ -  + ]:        6257 :     if (close(fd) != 0)
    1627                 :             :     {
    1628         [ #  # ]:           0 :         ereport(LOG,
    1629                 :             :                 (errcode_for_file_access(),
    1630                 :             :                  errmsg("could not write to file \"%s\": %m",
    1631                 :             :                         DIRECTORY_LOCK_FILE)));
    1632                 :             :     }
    1633                 :             : }
    1634                 :             : 
    1635                 :             : 
    1636                 :             : /*
    1637                 :             :  * Recheck that the data directory lock file still exists with expected
    1638                 :             :  * content.  Return true if the lock file appears OK, false if it isn't.
    1639                 :             :  *
    1640                 :             :  * We call this periodically in the postmaster.  The idea is that if the
    1641                 :             :  * lock file has been removed or replaced by another postmaster, we should
    1642                 :             :  * do a panic database shutdown.  Therefore, we should return true if there
    1643                 :             :  * is any doubt: we do not want to cause a panic shutdown unnecessarily.
    1644                 :             :  * Transient failures like EINTR or ENFILE should not cause us to fail.
    1645                 :             :  * (If there really is something wrong, we'll detect it on a future recheck.)
    1646                 :             :  */
    1647                 :             : bool
    1648                 :          28 : RecheckDataDirLockFile(void)
    1649                 :             : {
    1650                 :             :     int         fd;
    1651                 :             :     int         len;
    1652                 :             :     long        file_pid;
    1653                 :             :     char        buffer[BLCKSZ];
    1654                 :             : 
    1655                 :          28 :     fd = open(DIRECTORY_LOCK_FILE, O_RDWR | PG_BINARY, 0);
    1656         [ -  + ]:          28 :     if (fd < 0)
    1657                 :             :     {
    1658                 :             :         /*
    1659                 :             :          * There are many foreseeable false-positive error conditions.  For
    1660                 :             :          * safety, fail only on enumerated clearly-something-is-wrong
    1661                 :             :          * conditions.
    1662                 :             :          */
    1663         [ #  # ]:           0 :         switch (errno)
    1664                 :             :         {
    1665                 :           0 :             case ENOENT:
    1666                 :             :             case ENOTDIR:
    1667                 :             :                 /* disaster */
    1668         [ #  # ]:           0 :                 ereport(LOG,
    1669                 :             :                         (errcode_for_file_access(),
    1670                 :             :                          errmsg("could not open file \"%s\": %m",
    1671                 :             :                                 DIRECTORY_LOCK_FILE)));
    1672                 :           0 :                 return false;
    1673                 :           0 :             default:
    1674                 :             :                 /* non-fatal, at least for now */
    1675         [ #  # ]:           0 :                 ereport(LOG,
    1676                 :             :                         (errcode_for_file_access(),
    1677                 :             :                          errmsg("could not open file \"%s\": %m; continuing anyway",
    1678                 :             :                                 DIRECTORY_LOCK_FILE)));
    1679                 :           0 :                 return true;
    1680                 :             :         }
    1681                 :             :     }
    1682                 :          28 :     pgstat_report_wait_start(WAIT_EVENT_LOCK_FILE_RECHECKDATADIR_READ);
    1683                 :          28 :     len = read(fd, buffer, sizeof(buffer) - 1);
    1684                 :          28 :     pgstat_report_wait_end();
    1685         [ -  + ]:          28 :     if (len < 0)
    1686                 :             :     {
    1687         [ #  # ]:           0 :         ereport(LOG,
    1688                 :             :                 (errcode_for_file_access(),
    1689                 :             :                  errmsg("could not read from file \"%s\": %m",
    1690                 :             :                         DIRECTORY_LOCK_FILE)));
    1691                 :           0 :         close(fd);
    1692                 :           0 :         return true;            /* treat read failure as nonfatal */
    1693                 :             :     }
    1694                 :          28 :     buffer[len] = '\0';
    1695                 :          28 :     close(fd);
    1696                 :          28 :     file_pid = atol(buffer);
    1697         [ +  - ]:          28 :     if (file_pid == getpid())
    1698                 :          28 :         return true;            /* all is well */
    1699                 :             : 
    1700                 :             :     /* Trouble: someone's overwritten the lock file */
    1701         [ #  # ]:           0 :     ereport(LOG,
    1702                 :             :             (errmsg("lock file \"%s\" contains wrong PID: %ld instead of %ld",
    1703                 :             :                     DIRECTORY_LOCK_FILE, file_pid, (long) getpid())));
    1704                 :           0 :     return false;
    1705                 :             : }
    1706                 :             : 
    1707                 :             : 
    1708                 :             : /*-------------------------------------------------------------------------
    1709                 :             :  *              Version checking support
    1710                 :             :  *-------------------------------------------------------------------------
    1711                 :             :  */
    1712                 :             : 
    1713                 :             : /*
    1714                 :             :  * Determine whether the PG_VERSION file in directory `path' indicates
    1715                 :             :  * a data version compatible with the version of this program.
    1716                 :             :  *
    1717                 :             :  * If compatible, return. Otherwise, ereport(FATAL).
    1718                 :             :  */
    1719                 :             : void
    1720                 :       20076 : ValidatePgVersion(const char *path)
    1721                 :             : {
    1722                 :             :     char        full_path[MAXPGPATH];
    1723                 :             :     FILE       *file;
    1724                 :             :     int         ret;
    1725                 :             :     long        file_major;
    1726                 :             :     long        my_major;
    1727                 :             :     char       *endptr;
    1728                 :             :     char        file_version_string[64];
    1729                 :       20076 :     const char *my_version_string = PG_VERSION;
    1730                 :             : 
    1731                 :       20076 :     my_major = strtol(my_version_string, &endptr, 10);
    1732                 :             : 
    1733                 :       20076 :     snprintf(full_path, sizeof(full_path), "%s/PG_VERSION", path);
    1734                 :             : 
    1735                 :       20076 :     file = AllocateFile(full_path, "r");
    1736         [ -  + ]:       20076 :     if (!file)
    1737                 :             :     {
    1738         [ #  # ]:           0 :         if (errno == ENOENT)
    1739         [ #  # ]:           0 :             ereport(FATAL,
    1740                 :             :                     (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    1741                 :             :                      errmsg("\"%s\" is not a valid data directory",
    1742                 :             :                             path),
    1743                 :             :                      errdetail("File \"%s\" is missing.", full_path)));
    1744                 :             :         else
    1745         [ #  # ]:           0 :             ereport(FATAL,
    1746                 :             :                     (errcode_for_file_access(),
    1747                 :             :                      errmsg("could not open file \"%s\": %m", full_path)));
    1748                 :             :     }
    1749                 :             : 
    1750                 :       20076 :     file_version_string[0] = '\0';
    1751                 :       20076 :     ret = fscanf(file, "%63s", file_version_string);
    1752                 :       20076 :     file_major = strtol(file_version_string, &endptr, 10);
    1753                 :             : 
    1754   [ +  -  -  + ]:       20076 :     if (ret != 1 || endptr == file_version_string)
    1755         [ #  # ]:           0 :         ereport(FATAL,
    1756                 :             :                 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    1757                 :             :                  errmsg("\"%s\" is not a valid data directory",
    1758                 :             :                         path),
    1759                 :             :                  errdetail("File \"%s\" does not contain valid data.",
    1760                 :             :                            full_path),
    1761                 :             :                  errhint("You might need to initdb.")));
    1762                 :             : 
    1763                 :       20076 :     FreeFile(file);
    1764                 :             : 
    1765         [ -  + ]:       20076 :     if (my_major != file_major)
    1766         [ #  # ]:           0 :         ereport(FATAL,
    1767                 :             :                 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    1768                 :             :                  errmsg("database files are incompatible with server"),
    1769                 :             :                  errdetail("The data directory was initialized by PostgreSQL version %s, "
    1770                 :             :                            "which is not compatible with this version %s.",
    1771                 :             :                            file_version_string, my_version_string)));
    1772                 :       20076 : }
    1773                 :             : 
    1774                 :             : /*-------------------------------------------------------------------------
    1775                 :             :  *              Library preload support
    1776                 :             :  *-------------------------------------------------------------------------
    1777                 :             :  */
    1778                 :             : 
    1779                 :             : /*
    1780                 :             :  * GUC variables: lists of library names to be preloaded at postmaster
    1781                 :             :  * start and at backend start
    1782                 :             :  */
    1783                 :             : char       *session_preload_libraries_string = NULL;
    1784                 :             : char       *shared_preload_libraries_string = NULL;
    1785                 :             : char       *local_preload_libraries_string = NULL;
    1786                 :             : 
    1787                 :             : /* Flag telling that we are loading shared_preload_libraries */
    1788                 :             : bool        process_shared_preload_libraries_in_progress = false;
    1789                 :             : bool        process_shared_preload_libraries_done = false;
    1790                 :             : 
    1791                 :             : shmem_request_hook_type shmem_request_hook = NULL;
    1792                 :             : bool        process_shmem_requests_in_progress = false;
    1793                 :             : 
    1794                 :             : /*
    1795                 :             :  * load the shared libraries listed in 'libraries'
    1796                 :             :  *
    1797                 :             :  * 'gucname': name of GUC variable, for error reports
    1798                 :             :  * 'restricted': if true, force libraries to be in $libdir/plugins/
    1799                 :             :  */
    1800                 :             : static void
    1801                 :       28682 : load_libraries(const char *libraries, const char *gucname, bool restricted)
    1802                 :             : {
    1803                 :             :     char       *rawstring;
    1804                 :             :     List       *elemlist;
    1805                 :             :     ListCell   *l;
    1806                 :             : 
    1807   [ +  -  +  + ]:       28682 :     if (libraries == NULL || libraries[0] == '\0')
    1808                 :       28621 :         return;                 /* nothing to do */
    1809                 :             : 
    1810                 :             :     /* Need a modifiable copy of string */
    1811                 :          61 :     rawstring = pstrdup(libraries);
    1812                 :             : 
    1813                 :             :     /* Parse string into list of filename paths */
    1814         [ -  + ]:          61 :     if (!SplitDirectoriesString(rawstring, ',', &elemlist))
    1815                 :             :     {
    1816                 :             :         /* syntax error in list */
    1817                 :           0 :         list_free_deep(elemlist);
    1818                 :           0 :         pfree(rawstring);
    1819         [ #  # ]:           0 :         ereport(LOG,
    1820                 :             :                 (errcode(ERRCODE_SYNTAX_ERROR),
    1821                 :             :                  errmsg("invalid list syntax in parameter \"%s\"",
    1822                 :             :                         gucname)));
    1823                 :           0 :         return;
    1824                 :             :     }
    1825                 :             : 
    1826   [ +  -  +  +  :         145 :     foreach(l, elemlist)
                   +  + ]
    1827                 :             :     {
    1828                 :             :         /* Note that filename was already canonicalized */
    1829                 :          84 :         char       *filename = (char *) lfirst(l);
    1830                 :          84 :         char       *expanded = NULL;
    1831                 :             : 
    1832                 :             :         /* If restricting, insert $libdir/plugins if not mentioned already */
    1833   [ -  +  -  - ]:          84 :         if (restricted && first_dir_separator(filename) == NULL)
    1834                 :             :         {
    1835                 :           0 :             expanded = psprintf("$libdir/plugins/%s", filename);
    1836                 :           0 :             filename = expanded;
    1837                 :             :         }
    1838                 :          84 :         load_file(filename, restricted);
    1839         [ +  + ]:          84 :         ereport(DEBUG1,
    1840                 :             :                 (errmsg_internal("loaded library \"%s\"", filename)));
    1841         [ -  + ]:          84 :         if (expanded)
    1842                 :           0 :             pfree(expanded);
    1843                 :             :     }
    1844                 :             : 
    1845                 :          61 :     list_free_deep(elemlist);
    1846                 :          61 :     pfree(rawstring);
    1847                 :             : }
    1848                 :             : 
    1849                 :             : /*
    1850                 :             :  * process any libraries that should be preloaded at postmaster start
    1851                 :             :  */
    1852                 :             : void
    1853                 :        1086 : process_shared_preload_libraries(void)
    1854                 :             : {
    1855                 :        1086 :     process_shared_preload_libraries_in_progress = true;
    1856                 :        1086 :     load_libraries(shared_preload_libraries_string,
    1857                 :             :                    "shared_preload_libraries",
    1858                 :             :                    false);
    1859                 :        1086 :     process_shared_preload_libraries_in_progress = false;
    1860                 :        1086 :     process_shared_preload_libraries_done = true;
    1861                 :        1086 : }
    1862                 :             : 
    1863                 :             : /*
    1864                 :             :  * process any libraries that should be preloaded at backend start
    1865                 :             :  */
    1866                 :             : void
    1867                 :       13798 : process_session_preload_libraries(void)
    1868                 :             : {
    1869                 :       13798 :     load_libraries(session_preload_libraries_string,
    1870                 :             :                    "session_preload_libraries",
    1871                 :             :                    false);
    1872                 :       13798 :     load_libraries(local_preload_libraries_string,
    1873                 :             :                    "local_preload_libraries",
    1874                 :             :                    true);
    1875                 :       13798 : }
    1876                 :             : 
    1877                 :             : /*
    1878                 :             :  * process any shared memory requests from preloaded libraries
    1879                 :             :  */
    1880                 :             : void
    1881                 :        1073 : process_shmem_requests(void)
    1882                 :             : {
    1883                 :        1073 :     process_shmem_requests_in_progress = true;
    1884         [ +  + ]:        1073 :     if (shmem_request_hook)
    1885                 :           1 :         shmem_request_hook();
    1886                 :        1073 :     process_shmem_requests_in_progress = false;
    1887                 :        1073 : }
    1888                 :             : 
    1889                 :             : void
    1890                 :        2411 : pg_bindtextdomain(const char *domain)
    1891                 :             : {
    1892                 :             : #ifdef ENABLE_NLS
    1893         [ +  - ]:        2411 :     if (my_exec_path[0] != '\0')
    1894                 :             :     {
    1895                 :             :         char        locale_path[MAXPGPATH];
    1896                 :             : 
    1897                 :        2411 :         get_locale_path(my_exec_path, locale_path);
    1898                 :        2411 :         bindtextdomain(domain, locale_path);
    1899                 :        2411 :         pg_bind_textdomain_codeset(domain);
    1900                 :             :     }
    1901                 :             : #endif
    1902                 :        2411 : }
        

Generated by: LCOV version 2.0-1