Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * miscinit.c
4 : * miscellaneous initialization support stuff
5 : *
6 : * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
7 : * Portions Copyright (c) 1994, Regents of the University of California
8 : *
9 : *
10 : * IDENTIFICATION
11 : * src/backend/utils/init/miscinit.c
12 : *
13 : *-------------------------------------------------------------------------
14 : */
15 : #include "postgres.h"
16 :
17 : #include <sys/param.h>
18 : #include <signal.h>
19 : #include <time.h>
20 : #include <sys/file.h>
21 : #include <sys/stat.h>
22 : #include <sys/time.h>
23 : #include <fcntl.h>
24 : #include <unistd.h>
25 : #include <grp.h>
26 : #include <pwd.h>
27 : #include <netinet/in.h>
28 : #include <arpa/inet.h>
29 : #include <utime.h>
30 :
31 : #include "access/htup_details.h"
32 : #include "access/parallel.h"
33 : #include "catalog/pg_authid.h"
34 : #include "common/file_perm.h"
35 : #include "libpq/libpq.h"
36 : #include "libpq/pqsignal.h"
37 : #include "mb/pg_wchar.h"
38 : #include "miscadmin.h"
39 : #include "pgstat.h"
40 : #include "postmaster/autovacuum.h"
41 : #include "postmaster/interrupt.h"
42 : #include "postmaster/postmaster.h"
43 : #include "replication/slotsync.h"
44 : #include "storage/fd.h"
45 : #include "storage/ipc.h"
46 : #include "storage/latch.h"
47 : #include "storage/pg_shmem.h"
48 : #include "storage/pmsignal.h"
49 : #include "storage/proc.h"
50 : #include "storage/procarray.h"
51 : #include "utils/builtins.h"
52 : #include "utils/guc.h"
53 : #include "utils/inval.h"
54 : #include "utils/memutils.h"
55 : #include "utils/pidfile.h"
56 : #include "utils/syscache.h"
57 : #include "utils/varlena.h"
58 :
59 :
60 : #define DIRECTORY_LOCK_FILE "postmaster.pid"
61 :
62 : ProcessingMode Mode = InitProcessing;
63 :
64 : BackendType MyBackendType;
65 :
66 : /* List of lock files to be removed at proc exit */
67 : static List *lock_files = NIL;
68 :
69 : static Latch LocalLatchData;
70 :
71 : /* ----------------------------------------------------------------
72 : * ignoring system indexes support stuff
73 : *
74 : * NOTE: "ignoring system indexes" means we do not use the system indexes
75 : * for lookups (either in hardwired catalog accesses or in planner-generated
76 : * plans). We do, however, still update the indexes when a catalog
77 : * modification is made.
78 : * ----------------------------------------------------------------
79 : */
80 :
81 : bool IgnoreSystemIndexes = false;
82 :
83 :
84 : /* ----------------------------------------------------------------
85 : * common process startup code
86 : * ----------------------------------------------------------------
87 : */
88 :
89 : /*
90 : * Initialize the basic environment for a postmaster child
91 : *
92 : * Should be called as early as possible after the child's startup. However,
93 : * on EXEC_BACKEND builds it does need to be after read_backend_variables().
94 : */
95 : void
96 41240 : InitPostmasterChild(void)
97 : {
98 41240 : IsUnderPostmaster = true; /* we are a postmaster subprocess now */
99 :
100 : /*
101 : * Start our win32 signal implementation. This has to be done after we
102 : * read the backend variables, because we need to pick up the signal pipe
103 : * from the parent process.
104 : */
105 : #ifdef WIN32
106 : pgwin32_signal_initialize();
107 : #endif
108 :
109 41240 : InitProcessGlobals();
110 :
111 : /*
112 : * make sure stderr is in binary mode before anything can possibly be
113 : * written to it, in case it's actually the syslogger pipe, so the pipe
114 : * chunking protocol isn't disturbed. Non-logpipe data gets translated on
115 : * redirection (e.g. via pg_ctl -l) anyway.
116 : */
117 : #ifdef WIN32
118 : _setmode(fileno(stderr), _O_BINARY);
119 : #endif
120 :
121 : /* We don't want the postmaster's proc_exit() handlers */
122 41240 : on_exit_reset();
123 :
124 : /* In EXEC_BACKEND case we will not have inherited BlockSig etc values */
125 : #ifdef EXEC_BACKEND
126 : pqinitmask();
127 : #endif
128 :
129 : /* Initialize process-local latch support */
130 41240 : InitializeWaitEventSupport();
131 41240 : InitProcessLocalLatch();
132 41240 : InitializeLatchWaitSet();
133 :
134 : /*
135 : * If possible, make this process a group leader, so that the postmaster
136 : * can signal any child processes too. Not all processes will have
137 : * children, but for consistency we make all postmaster child processes do
138 : * this.
139 : */
140 : #ifdef HAVE_SETSID
141 41240 : if (setsid() < 0)
142 0 : elog(FATAL, "setsid() failed: %m");
143 : #endif
144 :
145 : /*
146 : * Every postmaster child process is expected to respond promptly to
147 : * SIGQUIT at all times. Therefore we centrally remove SIGQUIT from
148 : * BlockSig and install a suitable signal handler. (Client-facing
149 : * processes may choose to replace this default choice of handler with
150 : * quickdie().) All other blockable signals remain blocked for now.
151 : */
152 41240 : pqsignal(SIGQUIT, SignalHandlerForCrashExit);
153 :
154 41240 : sigdelset(&BlockSig, SIGQUIT);
155 41240 : sigprocmask(SIG_SETMASK, &BlockSig, NULL);
156 :
157 : /* Request a signal if the postmaster dies, if possible. */
158 41240 : PostmasterDeathSignalInit();
159 :
160 : /* Don't give the pipe to subprograms that we execute. */
161 : #ifndef WIN32
162 41240 : if (fcntl(postmaster_alive_fds[POSTMASTER_FD_WATCH], F_SETFD, FD_CLOEXEC) < 0)
163 0 : ereport(FATAL,
164 : (errcode_for_socket_access(),
165 : errmsg_internal("could not set postmaster death monitoring pipe to FD_CLOEXEC mode: %m")));
166 : #endif
167 41240 : }
168 :
169 : /*
170 : * Initialize the basic environment for a standalone process.
171 : *
172 : * argv0 has to be suitable to find the program's executable.
173 : */
174 : void
175 464 : InitStandaloneProcess(const char *argv0)
176 : {
177 : Assert(!IsPostmasterEnvironment);
178 :
179 464 : MyBackendType = B_STANDALONE_BACKEND;
180 :
181 : /*
182 : * Start our win32 signal implementation
183 : */
184 : #ifdef WIN32
185 : pgwin32_signal_initialize();
186 : #endif
187 :
188 464 : InitProcessGlobals();
189 :
190 : /* Initialize process-local latch support */
191 464 : InitializeWaitEventSupport();
192 464 : InitProcessLocalLatch();
193 464 : InitializeLatchWaitSet();
194 :
195 : /*
196 : * For consistency with InitPostmasterChild, initialize signal mask here.
197 : * But we don't unblock SIGQUIT or provide a default handler for it.
198 : */
199 464 : pqinitmask();
200 464 : sigprocmask(SIG_SETMASK, &BlockSig, NULL);
201 :
202 : /* Compute paths, no postmaster to inherit from */
203 464 : if (my_exec_path[0] == '\0')
204 : {
205 464 : if (find_my_exec(argv0, my_exec_path) < 0)
206 0 : elog(FATAL, "%s: could not locate my own executable path",
207 : argv0);
208 : }
209 :
210 464 : if (pkglib_path[0] == '\0')
211 464 : get_pkglib_path(my_exec_path, pkglib_path);
212 464 : }
213 :
214 : void
215 41034 : SwitchToSharedLatch(void)
216 : {
217 : Assert(MyLatch == &LocalLatchData);
218 : Assert(MyProc != NULL);
219 :
220 41034 : MyLatch = &MyProc->procLatch;
221 :
222 41034 : if (FeBeWaitSet)
223 25204 : ModifyWaitEvent(FeBeWaitSet, FeBeWaitSetLatchPos, WL_LATCH_SET,
224 : MyLatch);
225 :
226 : /*
227 : * Set the shared latch as the local one might have been set. This
228 : * shouldn't normally be necessary as code is supposed to check the
229 : * condition before waiting for the latch, but a bit care can't hurt.
230 : */
231 41034 : SetLatch(MyLatch);
232 41034 : }
233 :
234 : void
235 43408 : InitProcessLocalLatch(void)
236 : {
237 43408 : MyLatch = &LocalLatchData;
238 43408 : InitLatch(MyLatch);
239 43408 : }
240 :
241 : void
242 41034 : SwitchBackToLocalLatch(void)
243 : {
244 : Assert(MyLatch != &LocalLatchData);
245 : Assert(MyProc != NULL && MyLatch == &MyProc->procLatch);
246 :
247 41034 : MyLatch = &LocalLatchData;
248 :
249 41034 : if (FeBeWaitSet)
250 25204 : ModifyWaitEvent(FeBeWaitSet, FeBeWaitSetLatchPos, WL_LATCH_SET,
251 : MyLatch);
252 :
253 41034 : SetLatch(MyLatch);
254 41034 : }
255 :
256 : /*
257 : * Return a human-readable string representation of a BackendType.
258 : *
259 : * The string is not localized here, but we mark the strings for translation
260 : * so that callers can invoke _() on the result.
261 : */
262 : const char *
263 111956 : GetBackendTypeDesc(BackendType backendType)
264 : {
265 111956 : const char *backendDesc = gettext_noop("unknown process type");
266 :
267 111956 : switch (backendType)
268 : {
269 0 : case B_INVALID:
270 0 : backendDesc = gettext_noop("not initialized");
271 0 : break;
272 94 : case B_ARCHIVER:
273 94 : backendDesc = gettext_noop("archiver");
274 94 : break;
275 2574 : case B_AUTOVAC_LAUNCHER:
276 2574 : backendDesc = gettext_noop("autovacuum launcher");
277 2574 : break;
278 5210 : case B_AUTOVAC_WORKER:
279 5210 : backendDesc = gettext_noop("autovacuum worker");
280 5210 : break;
281 77310 : case B_BACKEND:
282 77310 : backendDesc = gettext_noop("client backend");
283 77310 : break;
284 398 : case B_DEAD_END_BACKEND:
285 398 : backendDesc = gettext_noop("dead-end client backend");
286 398 : break;
287 150 : case B_BG_WORKER:
288 150 : backendDesc = gettext_noop("background worker");
289 150 : break;
290 2984 : case B_BG_WRITER:
291 2984 : backendDesc = gettext_noop("background writer");
292 2984 : break;
293 3696 : case B_CHECKPOINTER:
294 3696 : backendDesc = gettext_noop("checkpointer");
295 3696 : break;
296 9314 : case B_IO_WORKER:
297 9314 : backendDesc = gettext_noop("io worker");
298 9314 : break;
299 2 : case B_LOGGER:
300 2 : backendDesc = gettext_noop("logger");
301 2 : break;
302 154 : case B_SLOTSYNC_WORKER:
303 154 : backendDesc = gettext_noop("slotsync worker");
304 154 : break;
305 146 : case B_STANDALONE_BACKEND:
306 146 : backendDesc = gettext_noop("standalone backend");
307 146 : break;
308 1958 : case B_STARTUP:
309 1958 : backendDesc = gettext_noop("startup");
310 1958 : break;
311 626 : case B_WAL_RECEIVER:
312 626 : backendDesc = gettext_noop("walreceiver");
313 626 : break;
314 4344 : case B_WAL_SENDER:
315 4344 : backendDesc = gettext_noop("walsender");
316 4344 : break;
317 148 : case B_WAL_SUMMARIZER:
318 148 : backendDesc = gettext_noop("walsummarizer");
319 148 : break;
320 2848 : case B_WAL_WRITER:
321 2848 : backendDesc = gettext_noop("walwriter");
322 2848 : break;
323 : }
324 :
325 111956 : return backendDesc;
326 : }
327 :
328 : /* ----------------------------------------------------------------
329 : * database path / name support stuff
330 : * ----------------------------------------------------------------
331 : */
332 :
333 : void
334 30314 : SetDatabasePath(const char *path)
335 : {
336 : /* This should happen only once per process */
337 : Assert(!DatabasePath);
338 30314 : DatabasePath = MemoryContextStrdup(TopMemoryContext, path);
339 30314 : }
340 :
341 : /*
342 : * Validate the proposed data directory.
343 : *
344 : * Also initialize file and directory create modes and mode mask.
345 : */
346 : void
347 2110 : checkDataDir(void)
348 : {
349 : struct stat stat_buf;
350 :
351 : Assert(DataDir);
352 :
353 2110 : if (stat(DataDir, &stat_buf) != 0)
354 : {
355 0 : if (errno == ENOENT)
356 0 : ereport(FATAL,
357 : (errcode_for_file_access(),
358 : errmsg("data directory \"%s\" does not exist",
359 : DataDir)));
360 : else
361 0 : ereport(FATAL,
362 : (errcode_for_file_access(),
363 : errmsg("could not read permissions of directory \"%s\": %m",
364 : DataDir)));
365 : }
366 :
367 : /* eventual chdir would fail anyway, but let's test ... */
368 2110 : if (!S_ISDIR(stat_buf.st_mode))
369 0 : ereport(FATAL,
370 : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
371 : errmsg("specified data directory \"%s\" is not a directory",
372 : DataDir)));
373 :
374 : /*
375 : * Check that the directory belongs to my userid; if not, reject.
376 : *
377 : * This check is an essential part of the interlock that prevents two
378 : * postmasters from starting in the same directory (see CreateLockFile()).
379 : * Do not remove or weaken it.
380 : *
381 : * XXX can we safely enable this check on Windows?
382 : */
383 : #if !defined(WIN32) && !defined(__CYGWIN__)
384 2110 : if (stat_buf.st_uid != geteuid())
385 0 : ereport(FATAL,
386 : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
387 : errmsg("data directory \"%s\" has wrong ownership",
388 : DataDir),
389 : errhint("The server must be started by the user that owns the data directory.")));
390 : #endif
391 :
392 : /*
393 : * Check if the directory has correct permissions. If not, reject.
394 : *
395 : * Only two possible modes are allowed, 0700 and 0750. The latter mode
396 : * indicates that group read/execute should be allowed on all newly
397 : * created files and directories.
398 : *
399 : * XXX temporarily suppress check when on Windows, because there may not
400 : * be proper support for Unix-y file permissions. Need to think of a
401 : * reasonable check to apply on Windows.
402 : */
403 : #if !defined(WIN32) && !defined(__CYGWIN__)
404 2110 : if (stat_buf.st_mode & PG_MODE_MASK_GROUP)
405 0 : ereport(FATAL,
406 : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
407 : errmsg("data directory \"%s\" has invalid permissions",
408 : DataDir),
409 : errdetail("Permissions should be u=rwx (0700) or u=rwx,g=rx (0750).")));
410 : #endif
411 :
412 : /*
413 : * Reset creation modes and mask based on the mode of the data directory.
414 : *
415 : * The mask was set earlier in startup to disallow group permissions on
416 : * newly created files and directories. However, if group read/execute
417 : * are present on the data directory then modify the create modes and mask
418 : * to allow group read/execute on newly created files and directories and
419 : * set the data_directory_mode GUC.
420 : *
421 : * Suppress when on Windows, because there may not be proper support for
422 : * Unix-y file permissions.
423 : */
424 : #if !defined(WIN32) && !defined(__CYGWIN__)
425 2110 : SetDataDirectoryCreatePerm(stat_buf.st_mode);
426 :
427 2110 : umask(pg_mode_mask);
428 2110 : data_directory_mode = pg_dir_create_mode;
429 : #endif
430 :
431 : /* Check for PG_VERSION */
432 2110 : ValidatePgVersion(DataDir);
433 2110 : }
434 :
435 : /*
436 : * Set data directory, but make sure it's an absolute path. Use this,
437 : * never set DataDir directly.
438 : */
439 : void
440 2116 : SetDataDir(const char *dir)
441 : {
442 : char *new;
443 :
444 : Assert(dir);
445 :
446 : /* If presented path is relative, convert to absolute */
447 2116 : new = make_absolute_path(dir);
448 :
449 2116 : free(DataDir);
450 2116 : DataDir = new;
451 2116 : }
452 :
453 : /*
454 : * Change working directory to DataDir. Most of the postmaster and backend
455 : * code assumes that we are in DataDir so it can use relative paths to access
456 : * stuff in and under the data directory. For convenience during path
457 : * setup, however, we don't force the chdir to occur during SetDataDir.
458 : */
459 : void
460 2110 : ChangeToDataDir(void)
461 : {
462 : Assert(DataDir);
463 :
464 2110 : if (chdir(DataDir) < 0)
465 0 : ereport(FATAL,
466 : (errcode_for_file_access(),
467 : errmsg("could not change directory to \"%s\": %m",
468 : DataDir)));
469 2110 : }
470 :
471 :
472 : /* ----------------------------------------------------------------
473 : * User ID state
474 : *
475 : * We have to track several different values associated with the concept
476 : * of "user ID".
477 : *
478 : * AuthenticatedUserId is determined at connection start and never changes.
479 : *
480 : * SessionUserId is initially the same as AuthenticatedUserId, but can be
481 : * changed by SET SESSION AUTHORIZATION (if AuthenticatedUserId is a
482 : * superuser). This is the ID reported by the SESSION_USER SQL function.
483 : *
484 : * OuterUserId is the current user ID in effect at the "outer level" (outside
485 : * any transaction or function). This is initially the same as SessionUserId,
486 : * but can be changed by SET ROLE to any role that SessionUserId is a
487 : * member of. (XXX rename to something like CurrentRoleId?)
488 : *
489 : * CurrentUserId is the current effective user ID; this is the one to use
490 : * for all normal permissions-checking purposes. At outer level this will
491 : * be the same as OuterUserId, but it changes during calls to SECURITY
492 : * DEFINER functions, as well as locally in some specialized commands.
493 : *
494 : * SecurityRestrictionContext holds flags indicating reason(s) for changing
495 : * CurrentUserId. In some cases we need to lock down operations that are
496 : * not directly controlled by privilege settings, and this provides a
497 : * convenient way to do it.
498 : * ----------------------------------------------------------------
499 : */
500 : static Oid AuthenticatedUserId = InvalidOid;
501 : static Oid SessionUserId = InvalidOid;
502 : static Oid OuterUserId = InvalidOid;
503 : static Oid CurrentUserId = InvalidOid;
504 : static const char *SystemUser = NULL;
505 :
506 : /* We also have to remember the superuser state of the session user */
507 : static bool SessionUserIsSuperuser = false;
508 :
509 : static int SecurityRestrictionContext = 0;
510 :
511 : /* We also remember if a SET ROLE is currently active */
512 : static bool SetRoleIsActive = false;
513 :
514 : /*
515 : * GetUserId - get the current effective user ID.
516 : *
517 : * Note: there's no SetUserId() anymore; use SetUserIdAndSecContext().
518 : */
519 : Oid
520 13338620 : GetUserId(void)
521 : {
522 : Assert(OidIsValid(CurrentUserId));
523 13338620 : return CurrentUserId;
524 : }
525 :
526 :
527 : /*
528 : * GetOuterUserId/SetOuterUserId - get/set the outer-level user ID.
529 : */
530 : Oid
531 1552 : GetOuterUserId(void)
532 : {
533 : Assert(OidIsValid(OuterUserId));
534 1552 : return OuterUserId;
535 : }
536 :
537 :
538 : static void
539 78154 : SetOuterUserId(Oid userid, bool is_superuser)
540 : {
541 : Assert(SecurityRestrictionContext == 0);
542 : Assert(OidIsValid(userid));
543 78154 : OuterUserId = userid;
544 :
545 : /* We force the effective user ID to match, too */
546 78154 : CurrentUserId = userid;
547 :
548 : /* Also update the is_superuser GUC to match OuterUserId's property */
549 78154 : SetConfigOption("is_superuser",
550 : is_superuser ? "on" : "off",
551 : PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT);
552 78154 : }
553 :
554 :
555 : /*
556 : * GetSessionUserId/SetSessionUserId - get/set the session user ID.
557 : */
558 : Oid
559 66554 : GetSessionUserId(void)
560 : {
561 : Assert(OidIsValid(SessionUserId));
562 66554 : return SessionUserId;
563 : }
564 :
565 : bool
566 3646 : GetSessionUserIsSuperuser(void)
567 : {
568 : Assert(OidIsValid(SessionUserId));
569 3646 : return SessionUserIsSuperuser;
570 : }
571 :
572 : static void
573 38244 : SetSessionUserId(Oid userid, bool is_superuser)
574 : {
575 : Assert(SecurityRestrictionContext == 0);
576 : Assert(OidIsValid(userid));
577 38244 : SessionUserId = userid;
578 38244 : SessionUserIsSuperuser = is_superuser;
579 38244 : }
580 :
581 : /*
582 : * Return the system user representing the authenticated identity.
583 : * It is defined in InitializeSystemUser() as auth_method:authn_id.
584 : */
585 : const char *
586 44 : GetSystemUser(void)
587 : {
588 44 : return SystemUser;
589 : }
590 :
591 : /*
592 : * GetAuthenticatedUserId/SetAuthenticatedUserId - get/set the authenticated
593 : * user ID
594 : */
595 : Oid
596 31952 : GetAuthenticatedUserId(void)
597 : {
598 : Assert(OidIsValid(AuthenticatedUserId));
599 31952 : return AuthenticatedUserId;
600 : }
601 :
602 : void
603 28658 : SetAuthenticatedUserId(Oid userid)
604 : {
605 : Assert(OidIsValid(userid));
606 :
607 : /* call only once */
608 : Assert(!OidIsValid(AuthenticatedUserId));
609 :
610 28658 : AuthenticatedUserId = userid;
611 :
612 : /* Also mark our PGPROC entry with the authenticated user id */
613 : /* (We assume this is an atomic store so no lock is needed) */
614 28658 : MyProc->roleId = userid;
615 28658 : }
616 :
617 :
618 : /*
619 : * GetUserIdAndSecContext/SetUserIdAndSecContext - get/set the current user ID
620 : * and the SecurityRestrictionContext flags.
621 : *
622 : * Currently there are three valid bits in SecurityRestrictionContext:
623 : *
624 : * SECURITY_LOCAL_USERID_CHANGE indicates that we are inside an operation
625 : * that is temporarily changing CurrentUserId via these functions. This is
626 : * needed to indicate that the actual value of CurrentUserId is not in sync
627 : * with guc.c's internal state, so SET ROLE has to be disallowed.
628 : *
629 : * SECURITY_RESTRICTED_OPERATION indicates that we are inside an operation
630 : * that does not wish to trust called user-defined functions at all. The
631 : * policy is to use this before operations, e.g. autovacuum and REINDEX, that
632 : * enumerate relations of a database or schema and run functions associated
633 : * with each found relation. The relation owner is the new user ID. Set this
634 : * as soon as possible after locking the relation. Restore the old user ID as
635 : * late as possible before closing the relation; restoring it shortly after
636 : * close is also tolerable. If a command has both relation-enumerating and
637 : * non-enumerating modes, e.g. ANALYZE, both modes set this bit. This bit
638 : * prevents not only SET ROLE, but various other changes of session state that
639 : * normally is unprotected but might possibly be used to subvert the calling
640 : * session later. An example is replacing an existing prepared statement with
641 : * new code, which will then be executed with the outer session's permissions
642 : * when the prepared statement is next used. These restrictions are fairly
643 : * draconian, but the functions called in relation-enumerating operations are
644 : * really supposed to be side-effect-free anyway.
645 : *
646 : * SECURITY_NOFORCE_RLS indicates that we are inside an operation which should
647 : * ignore the FORCE ROW LEVEL SECURITY per-table indication. This is used to
648 : * ensure that FORCE RLS does not mistakenly break referential integrity
649 : * checks. Note that this is intentionally only checked when running as the
650 : * owner of the table (which should always be the case for referential
651 : * integrity checks).
652 : *
653 : * Unlike GetUserId, GetUserIdAndSecContext does *not* Assert that the current
654 : * value of CurrentUserId is valid; nor does SetUserIdAndSecContext require
655 : * the new value to be valid. In fact, these routines had better not
656 : * ever throw any kind of error. This is because they are used by
657 : * StartTransaction and AbortTransaction to save/restore the settings,
658 : * and during the first transaction within a backend, the value to be saved
659 : * and perhaps restored is indeed invalid. We have to be able to get
660 : * through AbortTransaction without asserting in case InitPostgres fails.
661 : */
662 : void
663 1490560 : GetUserIdAndSecContext(Oid *userid, int *sec_context)
664 : {
665 1490560 : *userid = CurrentUserId;
666 1490560 : *sec_context = SecurityRestrictionContext;
667 1490560 : }
668 :
669 : void
670 1268860 : SetUserIdAndSecContext(Oid userid, int sec_context)
671 : {
672 1268860 : CurrentUserId = userid;
673 1268860 : SecurityRestrictionContext = sec_context;
674 1268860 : }
675 :
676 :
677 : /*
678 : * InLocalUserIdChange - are we inside a local change of CurrentUserId?
679 : */
680 : bool
681 65656 : InLocalUserIdChange(void)
682 : {
683 65656 : return (SecurityRestrictionContext & SECURITY_LOCAL_USERID_CHANGE) != 0;
684 : }
685 :
686 : /*
687 : * InSecurityRestrictedOperation - are we inside a security-restricted command?
688 : */
689 : bool
690 78090 : InSecurityRestrictedOperation(void)
691 : {
692 78090 : return (SecurityRestrictionContext & SECURITY_RESTRICTED_OPERATION) != 0;
693 : }
694 :
695 : /*
696 : * InNoForceRLSOperation - are we ignoring FORCE ROW LEVEL SECURITY ?
697 : */
698 : bool
699 240 : InNoForceRLSOperation(void)
700 : {
701 240 : return (SecurityRestrictionContext & SECURITY_NOFORCE_RLS) != 0;
702 : }
703 :
704 :
705 : /*
706 : * These are obsolete versions of Get/SetUserIdAndSecContext that are
707 : * only provided for bug-compatibility with some rather dubious code in
708 : * pljava. We allow the userid to be set, but only when not inside a
709 : * security restriction context.
710 : */
711 : void
712 0 : GetUserIdAndContext(Oid *userid, bool *sec_def_context)
713 : {
714 0 : *userid = CurrentUserId;
715 0 : *sec_def_context = InLocalUserIdChange();
716 0 : }
717 :
718 : void
719 0 : SetUserIdAndContext(Oid userid, bool sec_def_context)
720 : {
721 : /* We throw the same error SET ROLE would. */
722 0 : if (InSecurityRestrictedOperation())
723 0 : ereport(ERROR,
724 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
725 : errmsg("cannot set parameter \"%s\" within security-restricted operation",
726 : "role")));
727 0 : CurrentUserId = userid;
728 0 : if (sec_def_context)
729 0 : SecurityRestrictionContext |= SECURITY_LOCAL_USERID_CHANGE;
730 : else
731 0 : SecurityRestrictionContext &= ~SECURITY_LOCAL_USERID_CHANGE;
732 0 : }
733 :
734 :
735 : /*
736 : * Check whether specified role has explicit REPLICATION privilege
737 : */
738 : bool
739 3316 : has_rolreplication(Oid roleid)
740 : {
741 3316 : bool result = false;
742 : HeapTuple utup;
743 :
744 : /* Superusers bypass all permission checking. */
745 3316 : if (superuser_arg(roleid))
746 3208 : return true;
747 :
748 108 : utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
749 108 : if (HeapTupleIsValid(utup))
750 : {
751 108 : result = ((Form_pg_authid) GETSTRUCT(utup))->rolreplication;
752 108 : ReleaseSysCache(utup);
753 : }
754 108 : return result;
755 : }
756 :
757 : /*
758 : * Initialize user identity during normal backend startup
759 : */
760 : void
761 28662 : InitializeSessionUserId(const char *rolename, Oid roleid,
762 : bool bypass_login_check)
763 : {
764 : HeapTuple roleTup;
765 : Form_pg_authid rform;
766 : char *rname;
767 : bool is_superuser;
768 :
769 : /*
770 : * In a parallel worker, we don't have to do anything here.
771 : * ParallelWorkerMain already set our output variables, and we aren't
772 : * going to enforce either rolcanlogin or rolconnlimit. Furthermore, we
773 : * don't really want to perform a catalog lookup for the role: we don't
774 : * want to fail if it's been dropped.
775 : */
776 28662 : if (InitializingParallelWorker)
777 : {
778 : Assert(bypass_login_check);
779 2736 : return;
780 : }
781 :
782 : /*
783 : * Don't do scans if we're bootstrapping, none of the system catalogs
784 : * exist yet, and they should be owned by postgres anyway.
785 : */
786 : Assert(!IsBootstrapProcessingMode());
787 :
788 : /*
789 : * Make sure syscache entries are flushed for recent catalog changes. This
790 : * allows us to find roles that were created on-the-fly during
791 : * authentication.
792 : */
793 25926 : AcceptInvalidationMessages();
794 :
795 : /*
796 : * Look up the role, either by name if that's given or by OID if not.
797 : */
798 25926 : if (rolename != NULL)
799 : {
800 25070 : roleTup = SearchSysCache1(AUTHNAME, PointerGetDatum(rolename));
801 25070 : if (!HeapTupleIsValid(roleTup))
802 4 : ereport(FATAL,
803 : (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
804 : errmsg("role \"%s\" does not exist", rolename)));
805 : }
806 : else
807 : {
808 856 : roleTup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
809 856 : if (!HeapTupleIsValid(roleTup))
810 0 : ereport(FATAL,
811 : (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
812 : errmsg("role with OID %u does not exist", roleid)));
813 : }
814 :
815 25922 : rform = (Form_pg_authid) GETSTRUCT(roleTup);
816 25922 : roleid = rform->oid;
817 25922 : rname = NameStr(rform->rolname);
818 25922 : is_superuser = rform->rolsuper;
819 :
820 25922 : SetAuthenticatedUserId(roleid);
821 :
822 : /*
823 : * Set SessionUserId and related variables, including "role", via the GUC
824 : * mechanisms.
825 : *
826 : * Note: ideally we would use PGC_S_DYNAMIC_DEFAULT here, so that
827 : * session_authorization could subsequently be changed from
828 : * pg_db_role_setting entries. Instead, session_authorization in
829 : * pg_db_role_setting has no effect. Changing that would require solving
830 : * two problems:
831 : *
832 : * 1. If pg_db_role_setting has values for both session_authorization and
833 : * role, we could not be sure which order those would be applied in, and
834 : * it would matter.
835 : *
836 : * 2. Sites may have years-old session_authorization entries. There's not
837 : * been any particular reason to remove them. Ending the dormancy of
838 : * those entries could seriously change application behavior, so only a
839 : * major release should do that.
840 : */
841 25922 : SetConfigOption("session_authorization", rname,
842 : PGC_BACKEND, PGC_S_OVERRIDE);
843 :
844 : /*
845 : * These next checks are not enforced when in standalone mode, so that
846 : * there is a way to recover from sillinesses like "UPDATE pg_authid SET
847 : * rolcanlogin = false;".
848 : */
849 25922 : if (IsUnderPostmaster)
850 : {
851 : /*
852 : * Is role allowed to login at all? (But background workers can
853 : * override this by setting bypass_login_check.)
854 : */
855 25922 : if (!bypass_login_check && !rform->rolcanlogin)
856 6 : ereport(FATAL,
857 : (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
858 : errmsg("role \"%s\" is not permitted to log in",
859 : rname)));
860 :
861 : /*
862 : * Check connection limit for this role. We enforce the limit only
863 : * for regular backends, since other process types have their own
864 : * PGPROC pools.
865 : *
866 : * There is a race condition here --- we create our PGPROC before
867 : * checking for other PGPROCs. If two backends did this at about the
868 : * same time, they might both think they were over the limit, while
869 : * ideally one should succeed and one fail. Getting that to work
870 : * exactly seems more trouble than it is worth, however; instead we
871 : * just document that the connection limit is approximate.
872 : */
873 25916 : if (rform->rolconnlimit >= 0 &&
874 0 : AmRegularBackendProcess() &&
875 0 : !is_superuser &&
876 0 : CountUserBackends(roleid) > rform->rolconnlimit)
877 0 : ereport(FATAL,
878 : (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
879 : errmsg("too many connections for role \"%s\"",
880 : rname)));
881 : }
882 :
883 25916 : ReleaseSysCache(roleTup);
884 : }
885 :
886 :
887 : /*
888 : * Initialize user identity during special backend startup
889 : */
890 : void
891 3396 : InitializeSessionUserIdStandalone(void)
892 : {
893 : /*
894 : * This function should only be called in single-user mode, in autovacuum
895 : * workers, in slot sync worker and in background workers.
896 : */
897 : Assert(!IsUnderPostmaster || AmAutoVacuumWorkerProcess() ||
898 : AmLogicalSlotSyncWorkerProcess() || AmBackgroundWorkerProcess());
899 :
900 : /* call only once */
901 : Assert(!OidIsValid(AuthenticatedUserId));
902 :
903 3396 : AuthenticatedUserId = BOOTSTRAP_SUPERUSERID;
904 :
905 : /*
906 : * XXX Ideally we'd do this via SetConfigOption("session_authorization"),
907 : * but we lack the role name needed to do that, and we can't fetch it
908 : * because one reason for this special case is to be able to start up even
909 : * if something's happened to the BOOTSTRAP_SUPERUSERID's pg_authid row.
910 : * Since we don't set the GUC itself, C code will see the value as NULL,
911 : * and current_setting() will report an empty string within this session.
912 : */
913 3396 : SetSessionAuthorization(BOOTSTRAP_SUPERUSERID, true);
914 :
915 : /* We could do SetConfigOption("role"), but let's be consistent */
916 3396 : SetCurrentRoleId(InvalidOid, false);
917 3396 : }
918 :
919 : /*
920 : * Initialize the system user.
921 : *
922 : * This is built as auth_method:authn_id.
923 : */
924 : void
925 252 : InitializeSystemUser(const char *authn_id, const char *auth_method)
926 : {
927 : char *system_user;
928 :
929 : /* call only once */
930 : Assert(SystemUser == NULL);
931 :
932 : /*
933 : * InitializeSystemUser should be called only when authn_id is not NULL,
934 : * meaning that auth_method is valid.
935 : */
936 : Assert(authn_id != NULL);
937 :
938 252 : system_user = psprintf("%s:%s", auth_method, authn_id);
939 :
940 : /* Store SystemUser in long-lived storage */
941 252 : SystemUser = MemoryContextStrdup(TopMemoryContext, system_user);
942 252 : pfree(system_user);
943 252 : }
944 :
945 : /*
946 : * SQL-function SYSTEM_USER
947 : */
948 : Datum
949 44 : system_user(PG_FUNCTION_ARGS)
950 : {
951 44 : const char *sysuser = GetSystemUser();
952 :
953 44 : if (sysuser)
954 22 : PG_RETURN_DATUM(CStringGetTextDatum(sysuser));
955 : else
956 22 : PG_RETURN_NULL();
957 : }
958 :
959 : /*
960 : * Change session auth ID while running
961 : *
962 : * The SQL standard says that SET SESSION AUTHORIZATION implies SET ROLE NONE.
963 : * We mechanize that at higher levels not here, because this is the GUC
964 : * assign hook for "session_authorization", and it must be commutative with
965 : * SetCurrentRoleId (the hook for "role") because guc.c provides no guarantees
966 : * which will run first during cases such as transaction rollback. Therefore,
967 : * we update derived state (OuterUserId/CurrentUserId/is_superuser) only if
968 : * !SetRoleIsActive.
969 : */
970 : void
971 38244 : SetSessionAuthorization(Oid userid, bool is_superuser)
972 : {
973 38244 : SetSessionUserId(userid, is_superuser);
974 :
975 38244 : if (!SetRoleIsActive)
976 38176 : SetOuterUserId(userid, is_superuser);
977 38244 : }
978 :
979 : /*
980 : * Report current role id
981 : * This follows the semantics of SET ROLE, ie return the outer-level ID
982 : * not the current effective ID, and return InvalidOid when the setting
983 : * is logically SET ROLE NONE.
984 : */
985 : Oid
986 982 : GetCurrentRoleId(void)
987 : {
988 982 : if (SetRoleIsActive)
989 60 : return OuterUserId;
990 : else
991 922 : return InvalidOid;
992 : }
993 :
994 : /*
995 : * Change Role ID while running (SET ROLE)
996 : *
997 : * If roleid is InvalidOid, we are doing SET ROLE NONE: revert to the
998 : * session user authorization. In this case the is_superuser argument
999 : * is ignored.
1000 : *
1001 : * When roleid is not InvalidOid, the caller must have checked whether
1002 : * the session user has permission to become that role. (We cannot check
1003 : * here because this routine must be able to execute in a failed transaction
1004 : * to restore a prior value of the ROLE GUC variable.)
1005 : */
1006 : void
1007 42146 : SetCurrentRoleId(Oid roleid, bool is_superuser)
1008 : {
1009 : /*
1010 : * Get correct info if it's SET ROLE NONE
1011 : *
1012 : * If SessionUserId hasn't been set yet, do nothing beyond updating
1013 : * SetRoleIsActive --- the eventual SetSessionAuthorization call will
1014 : * update the derived state. This is needed since we will get called
1015 : * during GUC initialization.
1016 : */
1017 42146 : if (!OidIsValid(roleid))
1018 : {
1019 41112 : SetRoleIsActive = false;
1020 :
1021 41112 : if (!OidIsValid(SessionUserId))
1022 2168 : return;
1023 :
1024 38944 : roleid = SessionUserId;
1025 38944 : is_superuser = SessionUserIsSuperuser;
1026 : }
1027 : else
1028 1034 : SetRoleIsActive = true;
1029 :
1030 39978 : SetOuterUserId(roleid, is_superuser);
1031 : }
1032 :
1033 :
1034 : /*
1035 : * Get user name from user oid, returns NULL for nonexistent roleid if noerr
1036 : * is true.
1037 : */
1038 : char *
1039 21572 : GetUserNameFromId(Oid roleid, bool noerr)
1040 : {
1041 : HeapTuple tuple;
1042 : char *result;
1043 :
1044 21572 : tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
1045 21572 : if (!HeapTupleIsValid(tuple))
1046 : {
1047 18 : if (!noerr)
1048 0 : ereport(ERROR,
1049 : (errcode(ERRCODE_UNDEFINED_OBJECT),
1050 : errmsg("invalid role OID: %u", roleid)));
1051 18 : result = NULL;
1052 : }
1053 : else
1054 : {
1055 21554 : result = pstrdup(NameStr(((Form_pg_authid) GETSTRUCT(tuple))->rolname));
1056 21554 : ReleaseSysCache(tuple);
1057 : }
1058 21572 : return result;
1059 : }
1060 :
1061 : /* ------------------------------------------------------------------------
1062 : * Client connection state shared with parallel workers
1063 : *
1064 : * ClientConnectionInfo contains pieces of information about the client that
1065 : * need to be synced to parallel workers when they initialize.
1066 : *-------------------------------------------------------------------------
1067 : */
1068 :
1069 : ClientConnectionInfo MyClientConnectionInfo;
1070 :
1071 : /*
1072 : * Intermediate representation of ClientConnectionInfo for easier
1073 : * serialization. Variable-length fields are allocated right after this
1074 : * header.
1075 : */
1076 : typedef struct SerializedClientConnectionInfo
1077 : {
1078 : int32 authn_id_len; /* strlen(authn_id), or -1 if NULL */
1079 : UserAuth auth_method;
1080 : } SerializedClientConnectionInfo;
1081 :
1082 : /*
1083 : * Calculate the space needed to serialize MyClientConnectionInfo.
1084 : */
1085 : Size
1086 910 : EstimateClientConnectionInfoSpace(void)
1087 : {
1088 910 : Size size = 0;
1089 :
1090 910 : size = add_size(size, sizeof(SerializedClientConnectionInfo));
1091 :
1092 910 : if (MyClientConnectionInfo.authn_id)
1093 2 : size = add_size(size, strlen(MyClientConnectionInfo.authn_id) + 1);
1094 :
1095 910 : return size;
1096 : }
1097 :
1098 : /*
1099 : * Serialize MyClientConnectionInfo for use by parallel workers.
1100 : */
1101 : void
1102 910 : SerializeClientConnectionInfo(Size maxsize, char *start_address)
1103 : {
1104 910 : SerializedClientConnectionInfo serialized = {0};
1105 :
1106 910 : serialized.authn_id_len = -1;
1107 910 : serialized.auth_method = MyClientConnectionInfo.auth_method;
1108 :
1109 910 : if (MyClientConnectionInfo.authn_id)
1110 2 : serialized.authn_id_len = strlen(MyClientConnectionInfo.authn_id);
1111 :
1112 : /* Copy serialized representation to buffer */
1113 : Assert(maxsize >= sizeof(serialized));
1114 910 : memcpy(start_address, &serialized, sizeof(serialized));
1115 :
1116 910 : maxsize -= sizeof(serialized);
1117 910 : start_address += sizeof(serialized);
1118 :
1119 : /* Copy authn_id into the space after the struct */
1120 910 : if (serialized.authn_id_len >= 0)
1121 : {
1122 : Assert(maxsize >= (serialized.authn_id_len + 1));
1123 2 : memcpy(start_address,
1124 2 : MyClientConnectionInfo.authn_id,
1125 : /* include the NULL terminator to ease deserialization */
1126 2 : serialized.authn_id_len + 1);
1127 : }
1128 910 : }
1129 :
1130 : /*
1131 : * Restore MyClientConnectionInfo from its serialized representation.
1132 : */
1133 : void
1134 2736 : RestoreClientConnectionInfo(char *conninfo)
1135 : {
1136 : SerializedClientConnectionInfo serialized;
1137 :
1138 2736 : memcpy(&serialized, conninfo, sizeof(serialized));
1139 :
1140 : /* Copy the fields back into place */
1141 2736 : MyClientConnectionInfo.authn_id = NULL;
1142 2736 : MyClientConnectionInfo.auth_method = serialized.auth_method;
1143 :
1144 2736 : if (serialized.authn_id_len >= 0)
1145 : {
1146 : char *authn_id;
1147 :
1148 4 : authn_id = conninfo + sizeof(serialized);
1149 4 : MyClientConnectionInfo.authn_id = MemoryContextStrdup(TopMemoryContext,
1150 : authn_id);
1151 : }
1152 2736 : }
1153 :
1154 :
1155 : /*-------------------------------------------------------------------------
1156 : * Interlock-file support
1157 : *
1158 : * These routines are used to create both a data-directory lockfile
1159 : * ($DATADIR/postmaster.pid) and Unix-socket-file lockfiles ($SOCKFILE.lock).
1160 : * Both kinds of files contain the same info initially, although we can add
1161 : * more information to a data-directory lockfile after it's created, using
1162 : * AddToDataDirLockFile(). See pidfile.h for documentation of the contents
1163 : * of these lockfiles.
1164 : *
1165 : * On successful lockfile creation, a proc_exit callback to remove the
1166 : * lockfile is automatically created.
1167 : *-------------------------------------------------------------------------
1168 : */
1169 :
1170 : /*
1171 : * proc_exit callback to remove lockfiles.
1172 : */
1173 : static void
1174 2100 : UnlinkLockFiles(int status, Datum arg)
1175 : {
1176 : ListCell *l;
1177 :
1178 5872 : foreach(l, lock_files)
1179 : {
1180 3772 : char *curfile = (char *) lfirst(l);
1181 :
1182 3772 : unlink(curfile);
1183 : /* Should we complain if the unlink fails? */
1184 : }
1185 : /* Since we're about to exit, no need to reclaim storage */
1186 2100 : lock_files = NIL;
1187 :
1188 : /*
1189 : * Lock file removal should always be the last externally visible action
1190 : * of a postmaster or standalone backend, while we won't come here at all
1191 : * when exiting postmaster child processes. Therefore, this is a good
1192 : * place to log completion of shutdown. We could alternatively teach
1193 : * proc_exit() to do it, but that seems uglier. In a standalone backend,
1194 : * use NOTICE elevel to be less chatty.
1195 : */
1196 2100 : ereport(IsPostmasterEnvironment ? LOG : NOTICE,
1197 : (errmsg("database system is shut down")));
1198 2100 : }
1199 :
1200 : /*
1201 : * Create a lockfile.
1202 : *
1203 : * filename is the path name of the lockfile to create.
1204 : * amPostmaster is used to determine how to encode the output PID.
1205 : * socketDir is the Unix socket directory path to include (possibly empty).
1206 : * isDDLock and refName are used to determine what error message to produce.
1207 : */
1208 : static void
1209 3788 : CreateLockFile(const char *filename, bool amPostmaster,
1210 : const char *socketDir,
1211 : bool isDDLock, const char *refName)
1212 : {
1213 : int fd;
1214 : char buffer[MAXPGPATH * 2 + 256];
1215 : int ntries;
1216 : int len;
1217 : int encoded_pid;
1218 : pid_t other_pid;
1219 : pid_t my_pid,
1220 : my_p_pid,
1221 : my_gp_pid;
1222 : const char *envvar;
1223 :
1224 : /*
1225 : * If the PID in the lockfile is our own PID or our parent's or
1226 : * grandparent's PID, then the file must be stale (probably left over from
1227 : * a previous system boot cycle). We need to check this because of the
1228 : * likelihood that a reboot will assign exactly the same PID as we had in
1229 : * the previous reboot, or one that's only one or two counts larger and
1230 : * hence the lockfile's PID now refers to an ancestor shell process. We
1231 : * allow pg_ctl to pass down its parent shell PID (our grandparent PID)
1232 : * via the environment variable PG_GRANDPARENT_PID; this is so that
1233 : * launching the postmaster via pg_ctl can be just as reliable as
1234 : * launching it directly. There is no provision for detecting
1235 : * further-removed ancestor processes, but if the init script is written
1236 : * carefully then all but the immediate parent shell will be root-owned
1237 : * processes and so the kill test will fail with EPERM. Note that we
1238 : * cannot get a false negative this way, because an existing postmaster
1239 : * would surely never launch a competing postmaster or pg_ctl process
1240 : * directly.
1241 : */
1242 3788 : my_pid = getpid();
1243 :
1244 : #ifndef WIN32
1245 3788 : my_p_pid = getppid();
1246 : #else
1247 :
1248 : /*
1249 : * Windows hasn't got getppid(), but doesn't need it since it's not using
1250 : * real kill() either...
1251 : */
1252 : my_p_pid = 0;
1253 : #endif
1254 :
1255 3788 : envvar = getenv("PG_GRANDPARENT_PID");
1256 3788 : if (envvar)
1257 3012 : my_gp_pid = atoi(envvar);
1258 : else
1259 776 : my_gp_pid = 0;
1260 :
1261 : /*
1262 : * We need a loop here because of race conditions. But don't loop forever
1263 : * (for example, a non-writable $PGDATA directory might cause a failure
1264 : * that won't go away). 100 tries seems like plenty.
1265 : */
1266 3788 : for (ntries = 0;; ntries++)
1267 : {
1268 : /*
1269 : * Try to create the lock file --- O_EXCL makes this atomic.
1270 : *
1271 : * Think not to make the file protection weaker than 0600/0640. See
1272 : * comments below.
1273 : */
1274 3798 : fd = open(filename, O_RDWR | O_CREAT | O_EXCL, pg_file_create_mode);
1275 3798 : if (fd >= 0)
1276 3784 : break; /* Success; exit the retry loop */
1277 :
1278 : /*
1279 : * Couldn't create the pid file. Probably it already exists.
1280 : */
1281 14 : if ((errno != EEXIST && errno != EACCES) || ntries > 100)
1282 0 : ereport(FATAL,
1283 : (errcode_for_file_access(),
1284 : errmsg("could not create lock file \"%s\": %m",
1285 : filename)));
1286 :
1287 : /*
1288 : * Read the file to get the old owner's PID. Note race condition
1289 : * here: file might have been deleted since we tried to create it.
1290 : */
1291 14 : fd = open(filename, O_RDONLY, pg_file_create_mode);
1292 14 : if (fd < 0)
1293 : {
1294 0 : if (errno == ENOENT)
1295 0 : continue; /* race condition; try again */
1296 0 : ereport(FATAL,
1297 : (errcode_for_file_access(),
1298 : errmsg("could not open lock file \"%s\": %m",
1299 : filename)));
1300 : }
1301 14 : pgstat_report_wait_start(WAIT_EVENT_LOCK_FILE_CREATE_READ);
1302 14 : if ((len = read(fd, buffer, sizeof(buffer) - 1)) < 0)
1303 0 : ereport(FATAL,
1304 : (errcode_for_file_access(),
1305 : errmsg("could not read lock file \"%s\": %m",
1306 : filename)));
1307 14 : pgstat_report_wait_end();
1308 14 : close(fd);
1309 :
1310 14 : if (len == 0)
1311 : {
1312 0 : ereport(FATAL,
1313 : (errcode(ERRCODE_LOCK_FILE_EXISTS),
1314 : errmsg("lock file \"%s\" is empty", filename),
1315 : errhint("Either another server is starting, or the lock file is the remnant of a previous server startup crash.")));
1316 : }
1317 :
1318 14 : buffer[len] = '\0';
1319 14 : encoded_pid = atoi(buffer);
1320 :
1321 : /* if pid < 0, the pid is for postgres, not postmaster */
1322 14 : other_pid = (pid_t) (encoded_pid < 0 ? -encoded_pid : encoded_pid);
1323 :
1324 14 : if (other_pid <= 0)
1325 0 : elog(FATAL, "bogus data in lock file \"%s\": \"%s\"",
1326 : filename, buffer);
1327 :
1328 : /*
1329 : * Check to see if the other process still exists
1330 : *
1331 : * Per discussion above, my_pid, my_p_pid, and my_gp_pid can be
1332 : * ignored as false matches.
1333 : *
1334 : * Normally kill() will fail with ESRCH if the given PID doesn't
1335 : * exist.
1336 : *
1337 : * We can treat the EPERM-error case as okay because that error
1338 : * implies that the existing process has a different userid than we
1339 : * do, which means it cannot be a competing postmaster. A postmaster
1340 : * cannot successfully attach to a data directory owned by a userid
1341 : * other than its own, as enforced in checkDataDir(). Also, since we
1342 : * create the lockfiles mode 0600/0640, we'd have failed above if the
1343 : * lockfile belonged to another userid --- which means that whatever
1344 : * process kill() is reporting about isn't the one that made the
1345 : * lockfile. (NOTE: this last consideration is the only one that
1346 : * keeps us from blowing away a Unix socket file belonging to an
1347 : * instance of Postgres being run by someone else, at least on
1348 : * machines where /tmp hasn't got a stickybit.)
1349 : */
1350 14 : if (other_pid != my_pid && other_pid != my_p_pid &&
1351 : other_pid != my_gp_pid)
1352 : {
1353 14 : if (kill(other_pid, 0) == 0 ||
1354 10 : (errno != ESRCH && errno != EPERM))
1355 : {
1356 : /* lockfile belongs to a live process */
1357 4 : ereport(FATAL,
1358 : (errcode(ERRCODE_LOCK_FILE_EXISTS),
1359 : errmsg("lock file \"%s\" already exists",
1360 : filename),
1361 : isDDLock ?
1362 : (encoded_pid < 0 ?
1363 : errhint("Is another postgres (PID %d) running in data directory \"%s\"?",
1364 : (int) other_pid, refName) :
1365 : errhint("Is another postmaster (PID %d) running in data directory \"%s\"?",
1366 : (int) other_pid, refName)) :
1367 : (encoded_pid < 0 ?
1368 : errhint("Is another postgres (PID %d) using socket file \"%s\"?",
1369 : (int) other_pid, refName) :
1370 : errhint("Is another postmaster (PID %d) using socket file \"%s\"?",
1371 : (int) other_pid, refName))));
1372 : }
1373 : }
1374 :
1375 : /*
1376 : * No, the creating process did not exist. However, it could be that
1377 : * the postmaster crashed (or more likely was kill -9'd by a clueless
1378 : * admin) but has left orphan backends behind. Check for this by
1379 : * looking to see if there is an associated shmem segment that is
1380 : * still in use.
1381 : *
1382 : * Note: because postmaster.pid is written in multiple steps, we might
1383 : * not find the shmem ID values in it; we can't treat that as an
1384 : * error.
1385 : */
1386 10 : if (isDDLock)
1387 : {
1388 4 : char *ptr = buffer;
1389 : unsigned long id1,
1390 : id2;
1391 : int lineno;
1392 :
1393 28 : for (lineno = 1; lineno < LOCK_FILE_LINE_SHMEM_KEY; lineno++)
1394 : {
1395 24 : if ((ptr = strchr(ptr, '\n')) == NULL)
1396 0 : break;
1397 24 : ptr++;
1398 : }
1399 :
1400 4 : if (ptr != NULL &&
1401 4 : sscanf(ptr, "%lu %lu", &id1, &id2) == 2)
1402 : {
1403 4 : if (PGSharedMemoryIsInUse(id1, id2))
1404 0 : ereport(FATAL,
1405 : (errcode(ERRCODE_LOCK_FILE_EXISTS),
1406 : errmsg("pre-existing shared memory block (key %lu, ID %lu) is still in use",
1407 : id1, id2),
1408 : errhint("Terminate any old server processes associated with data directory \"%s\".",
1409 : refName)));
1410 : }
1411 : }
1412 :
1413 : /*
1414 : * Looks like nobody's home. Unlink the file and try again to create
1415 : * it. Need a loop because of possible race condition against other
1416 : * would-be creators.
1417 : */
1418 10 : if (unlink(filename) < 0)
1419 0 : ereport(FATAL,
1420 : (errcode_for_file_access(),
1421 : errmsg("could not remove old lock file \"%s\": %m",
1422 : filename),
1423 : errhint("The file seems accidentally left over, but "
1424 : "it could not be removed. Please remove the file "
1425 : "by hand and try again.")));
1426 : }
1427 :
1428 : /*
1429 : * Successfully created the file, now fill it. See comment in pidfile.h
1430 : * about the contents. Note that we write the same first five lines into
1431 : * both datadir and socket lockfiles; although more stuff may get added to
1432 : * the datadir lockfile later.
1433 : */
1434 3784 : snprintf(buffer, sizeof(buffer), "%d\n%s\n" INT64_FORMAT "\n%d\n%s\n",
1435 : amPostmaster ? (int) my_pid : -((int) my_pid),
1436 : DataDir,
1437 : MyStartTime,
1438 : PostPortNumber,
1439 : socketDir);
1440 :
1441 : /*
1442 : * In a standalone backend, the next line (LOCK_FILE_LINE_LISTEN_ADDR)
1443 : * will never receive data, so fill it in as empty now.
1444 : */
1445 3784 : if (isDDLock && !amPostmaster)
1446 412 : strlcat(buffer, "\n", sizeof(buffer));
1447 :
1448 3784 : errno = 0;
1449 3784 : pgstat_report_wait_start(WAIT_EVENT_LOCK_FILE_CREATE_WRITE);
1450 3784 : if (write(fd, buffer, strlen(buffer)) != strlen(buffer))
1451 : {
1452 0 : int save_errno = errno;
1453 :
1454 0 : close(fd);
1455 0 : unlink(filename);
1456 : /* if write didn't set errno, assume problem is no disk space */
1457 0 : errno = save_errno ? save_errno : ENOSPC;
1458 0 : ereport(FATAL,
1459 : (errcode_for_file_access(),
1460 : errmsg("could not write lock file \"%s\": %m", filename)));
1461 : }
1462 3784 : pgstat_report_wait_end();
1463 :
1464 3784 : pgstat_report_wait_start(WAIT_EVENT_LOCK_FILE_CREATE_SYNC);
1465 3784 : if (pg_fsync(fd) != 0)
1466 : {
1467 0 : int save_errno = errno;
1468 :
1469 0 : close(fd);
1470 0 : unlink(filename);
1471 0 : errno = save_errno;
1472 0 : ereport(FATAL,
1473 : (errcode_for_file_access(),
1474 : errmsg("could not write lock file \"%s\": %m", filename)));
1475 : }
1476 3784 : pgstat_report_wait_end();
1477 3784 : if (close(fd) != 0)
1478 : {
1479 0 : int save_errno = errno;
1480 :
1481 0 : unlink(filename);
1482 0 : errno = save_errno;
1483 0 : ereport(FATAL,
1484 : (errcode_for_file_access(),
1485 : errmsg("could not write lock file \"%s\": %m", filename)));
1486 : }
1487 :
1488 : /*
1489 : * Arrange to unlink the lock file(s) at proc_exit. If this is the first
1490 : * one, set up the on_proc_exit function to do it; then add this lock file
1491 : * to the list of files to unlink.
1492 : */
1493 3784 : if (lock_files == NIL)
1494 2106 : on_proc_exit(UnlinkLockFiles, 0);
1495 :
1496 : /*
1497 : * Use lcons so that the lock files are unlinked in reverse order of
1498 : * creation; this is critical!
1499 : */
1500 3784 : lock_files = lcons(pstrdup(filename), lock_files);
1501 3784 : }
1502 :
1503 : /*
1504 : * Create the data directory lockfile.
1505 : *
1506 : * When this is called, we must have already switched the working
1507 : * directory to DataDir, so we can just use a relative path. This
1508 : * helps ensure that we are locking the directory we should be.
1509 : *
1510 : * Note that the socket directory path line is initially written as empty.
1511 : * postmaster.c will rewrite it upon creating the first Unix socket.
1512 : */
1513 : void
1514 2110 : CreateDataDirLockFile(bool amPostmaster)
1515 : {
1516 2110 : CreateLockFile(DIRECTORY_LOCK_FILE, amPostmaster, "", true, DataDir);
1517 2106 : }
1518 :
1519 : /*
1520 : * Create a lockfile for the specified Unix socket file.
1521 : */
1522 : void
1523 1678 : CreateSocketLockFile(const char *socketfile, bool amPostmaster,
1524 : const char *socketDir)
1525 : {
1526 : char lockfile[MAXPGPATH];
1527 :
1528 1678 : snprintf(lockfile, sizeof(lockfile), "%s.lock", socketfile);
1529 1678 : CreateLockFile(lockfile, amPostmaster, socketDir, false, socketfile);
1530 1678 : }
1531 :
1532 : /*
1533 : * TouchSocketLockFiles -- mark socket lock files as recently accessed
1534 : *
1535 : * This routine should be called every so often to ensure that the socket
1536 : * lock files have a recent mod or access date. That saves them
1537 : * from being removed by overenthusiastic /tmp-directory-cleaner daemons.
1538 : * (Another reason we should never have put the socket file in /tmp...)
1539 : */
1540 : void
1541 0 : TouchSocketLockFiles(void)
1542 : {
1543 : ListCell *l;
1544 :
1545 0 : foreach(l, lock_files)
1546 : {
1547 0 : char *socketLockFile = (char *) lfirst(l);
1548 :
1549 : /* No need to touch the data directory lock file, we trust */
1550 0 : if (strcmp(socketLockFile, DIRECTORY_LOCK_FILE) == 0)
1551 0 : continue;
1552 :
1553 : /* we just ignore any error here */
1554 0 : (void) utime(socketLockFile, NULL);
1555 : }
1556 0 : }
1557 :
1558 :
1559 : /*
1560 : * Add (or replace) a line in the data directory lock file.
1561 : * The given string should not include a trailing newline.
1562 : *
1563 : * Note: because we don't truncate the file, if we were to rewrite a line
1564 : * with less data than it had before, there would be garbage after the last
1565 : * line. While we could fix that by adding a truncate call, that would make
1566 : * the file update non-atomic, which we'd rather avoid. Therefore, callers
1567 : * should endeavor never to shorten a line once it's been written.
1568 : */
1569 : void
1570 10590 : AddToDataDirLockFile(int target_line, const char *str)
1571 : {
1572 : int fd;
1573 : int len;
1574 : int lineno;
1575 : char *srcptr;
1576 : char *destptr;
1577 : char srcbuffer[BLCKSZ];
1578 : char destbuffer[BLCKSZ];
1579 :
1580 10590 : fd = open(DIRECTORY_LOCK_FILE, O_RDWR | PG_BINARY, 0);
1581 10590 : if (fd < 0)
1582 : {
1583 0 : ereport(LOG,
1584 : (errcode_for_file_access(),
1585 : errmsg("could not open file \"%s\": %m",
1586 : DIRECTORY_LOCK_FILE)));
1587 0 : return;
1588 : }
1589 10590 : pgstat_report_wait_start(WAIT_EVENT_LOCK_FILE_ADDTODATADIR_READ);
1590 10590 : len = read(fd, srcbuffer, sizeof(srcbuffer) - 1);
1591 10590 : pgstat_report_wait_end();
1592 10590 : if (len < 0)
1593 : {
1594 0 : ereport(LOG,
1595 : (errcode_for_file_access(),
1596 : errmsg("could not read from file \"%s\": %m",
1597 : DIRECTORY_LOCK_FILE)));
1598 0 : close(fd);
1599 0 : return;
1600 : }
1601 10590 : srcbuffer[len] = '\0';
1602 :
1603 : /*
1604 : * Advance over lines we are not supposed to rewrite, then copy them to
1605 : * destbuffer.
1606 : */
1607 10590 : srcptr = srcbuffer;
1608 72546 : for (lineno = 1; lineno < target_line; lineno++)
1609 : {
1610 63636 : char *eol = strchr(srcptr, '\n');
1611 :
1612 63636 : if (eol == NULL)
1613 1680 : break; /* not enough lines in file yet */
1614 61956 : srcptr = eol + 1;
1615 : }
1616 10590 : memcpy(destbuffer, srcbuffer, srcptr - srcbuffer);
1617 10590 : destptr = destbuffer + (srcptr - srcbuffer);
1618 :
1619 : /*
1620 : * Fill in any missing lines before the target line, in case lines are
1621 : * added to the file out of order.
1622 : */
1623 12270 : for (; lineno < target_line; lineno++)
1624 : {
1625 1680 : if (destptr < destbuffer + sizeof(destbuffer))
1626 1680 : *destptr++ = '\n';
1627 : }
1628 :
1629 : /*
1630 : * Write or rewrite the target line.
1631 : */
1632 10590 : snprintf(destptr, destbuffer + sizeof(destbuffer) - destptr, "%s\n", str);
1633 10590 : destptr += strlen(destptr);
1634 :
1635 : /*
1636 : * If there are more lines in the old file, append them to destbuffer.
1637 : */
1638 10590 : if ((srcptr = strchr(srcptr, '\n')) != NULL)
1639 : {
1640 6820 : srcptr++;
1641 6820 : snprintf(destptr, destbuffer + sizeof(destbuffer) - destptr, "%s",
1642 : srcptr);
1643 : }
1644 :
1645 : /*
1646 : * And rewrite the data. Since we write in a single kernel call, this
1647 : * update should appear atomic to onlookers.
1648 : */
1649 10590 : len = strlen(destbuffer);
1650 10590 : errno = 0;
1651 10590 : pgstat_report_wait_start(WAIT_EVENT_LOCK_FILE_ADDTODATADIR_WRITE);
1652 10590 : if (pg_pwrite(fd, destbuffer, len, 0) != len)
1653 : {
1654 0 : pgstat_report_wait_end();
1655 : /* if write didn't set errno, assume problem is no disk space */
1656 0 : if (errno == 0)
1657 0 : errno = ENOSPC;
1658 0 : ereport(LOG,
1659 : (errcode_for_file_access(),
1660 : errmsg("could not write to file \"%s\": %m",
1661 : DIRECTORY_LOCK_FILE)));
1662 0 : close(fd);
1663 0 : return;
1664 : }
1665 10590 : pgstat_report_wait_end();
1666 10590 : pgstat_report_wait_start(WAIT_EVENT_LOCK_FILE_ADDTODATADIR_SYNC);
1667 10590 : if (pg_fsync(fd) != 0)
1668 : {
1669 0 : ereport(LOG,
1670 : (errcode_for_file_access(),
1671 : errmsg("could not write to file \"%s\": %m",
1672 : DIRECTORY_LOCK_FILE)));
1673 : }
1674 10590 : pgstat_report_wait_end();
1675 10590 : if (close(fd) != 0)
1676 : {
1677 0 : ereport(LOG,
1678 : (errcode_for_file_access(),
1679 : errmsg("could not write to file \"%s\": %m",
1680 : DIRECTORY_LOCK_FILE)));
1681 : }
1682 : }
1683 :
1684 :
1685 : /*
1686 : * Recheck that the data directory lock file still exists with expected
1687 : * content. Return true if the lock file appears OK, false if it isn't.
1688 : *
1689 : * We call this periodically in the postmaster. The idea is that if the
1690 : * lock file has been removed or replaced by another postmaster, we should
1691 : * do a panic database shutdown. Therefore, we should return true if there
1692 : * is any doubt: we do not want to cause a panic shutdown unnecessarily.
1693 : * Transient failures like EINTR or ENFILE should not cause us to fail.
1694 : * (If there really is something wrong, we'll detect it on a future recheck.)
1695 : */
1696 : bool
1697 32 : RecheckDataDirLockFile(void)
1698 : {
1699 : int fd;
1700 : int len;
1701 : long file_pid;
1702 : char buffer[BLCKSZ];
1703 :
1704 32 : fd = open(DIRECTORY_LOCK_FILE, O_RDWR | PG_BINARY, 0);
1705 32 : if (fd < 0)
1706 : {
1707 : /*
1708 : * There are many foreseeable false-positive error conditions. For
1709 : * safety, fail only on enumerated clearly-something-is-wrong
1710 : * conditions.
1711 : */
1712 0 : switch (errno)
1713 : {
1714 0 : case ENOENT:
1715 : case ENOTDIR:
1716 : /* disaster */
1717 0 : ereport(LOG,
1718 : (errcode_for_file_access(),
1719 : errmsg("could not open file \"%s\": %m",
1720 : DIRECTORY_LOCK_FILE)));
1721 0 : return false;
1722 0 : default:
1723 : /* non-fatal, at least for now */
1724 0 : ereport(LOG,
1725 : (errcode_for_file_access(),
1726 : errmsg("could not open file \"%s\": %m; continuing anyway",
1727 : DIRECTORY_LOCK_FILE)));
1728 0 : return true;
1729 : }
1730 : }
1731 32 : pgstat_report_wait_start(WAIT_EVENT_LOCK_FILE_RECHECKDATADIR_READ);
1732 32 : len = read(fd, buffer, sizeof(buffer) - 1);
1733 32 : pgstat_report_wait_end();
1734 32 : if (len < 0)
1735 : {
1736 0 : ereport(LOG,
1737 : (errcode_for_file_access(),
1738 : errmsg("could not read from file \"%s\": %m",
1739 : DIRECTORY_LOCK_FILE)));
1740 0 : close(fd);
1741 0 : return true; /* treat read failure as nonfatal */
1742 : }
1743 32 : buffer[len] = '\0';
1744 32 : close(fd);
1745 32 : file_pid = atol(buffer);
1746 32 : if (file_pid == getpid())
1747 32 : return true; /* all is well */
1748 :
1749 : /* Trouble: someone's overwritten the lock file */
1750 0 : ereport(LOG,
1751 : (errmsg("lock file \"%s\" contains wrong PID: %ld instead of %ld",
1752 : DIRECTORY_LOCK_FILE, file_pid, (long) getpid())));
1753 0 : return false;
1754 : }
1755 :
1756 :
1757 : /*-------------------------------------------------------------------------
1758 : * Version checking support
1759 : *-------------------------------------------------------------------------
1760 : */
1761 :
1762 : /*
1763 : * Determine whether the PG_VERSION file in directory `path' indicates
1764 : * a data version compatible with the version of this program.
1765 : *
1766 : * If compatible, return. Otherwise, ereport(FATAL).
1767 : */
1768 : void
1769 32326 : ValidatePgVersion(const char *path)
1770 : {
1771 : char full_path[MAXPGPATH];
1772 : FILE *file;
1773 : int ret;
1774 : long file_major;
1775 : long my_major;
1776 : char *endptr;
1777 : char file_version_string[64];
1778 32326 : const char *my_version_string = PG_VERSION;
1779 :
1780 32326 : my_major = strtol(my_version_string, &endptr, 10);
1781 :
1782 32326 : snprintf(full_path, sizeof(full_path), "%s/PG_VERSION", path);
1783 :
1784 32326 : file = AllocateFile(full_path, "r");
1785 32326 : if (!file)
1786 : {
1787 0 : if (errno == ENOENT)
1788 0 : ereport(FATAL,
1789 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1790 : errmsg("\"%s\" is not a valid data directory",
1791 : path),
1792 : errdetail("File \"%s\" is missing.", full_path)));
1793 : else
1794 0 : ereport(FATAL,
1795 : (errcode_for_file_access(),
1796 : errmsg("could not open file \"%s\": %m", full_path)));
1797 : }
1798 :
1799 32326 : file_version_string[0] = '\0';
1800 32326 : ret = fscanf(file, "%63s", file_version_string);
1801 32326 : file_major = strtol(file_version_string, &endptr, 10);
1802 :
1803 32326 : if (ret != 1 || endptr == file_version_string)
1804 0 : ereport(FATAL,
1805 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1806 : errmsg("\"%s\" is not a valid data directory",
1807 : path),
1808 : errdetail("File \"%s\" does not contain valid data.",
1809 : full_path),
1810 : errhint("You might need to initdb.")));
1811 :
1812 32326 : FreeFile(file);
1813 :
1814 32326 : if (my_major != file_major)
1815 0 : ereport(FATAL,
1816 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1817 : errmsg("database files are incompatible with server"),
1818 : errdetail("The data directory was initialized by PostgreSQL version %s, "
1819 : "which is not compatible with this version %s.",
1820 : file_version_string, my_version_string)));
1821 32326 : }
1822 :
1823 : /*-------------------------------------------------------------------------
1824 : * Library preload support
1825 : *-------------------------------------------------------------------------
1826 : */
1827 :
1828 : /*
1829 : * GUC variables: lists of library names to be preloaded at postmaster
1830 : * start and at backend start
1831 : */
1832 : char *session_preload_libraries_string = NULL;
1833 : char *shared_preload_libraries_string = NULL;
1834 : char *local_preload_libraries_string = NULL;
1835 :
1836 : /* Flag telling that we are loading shared_preload_libraries */
1837 : bool process_shared_preload_libraries_in_progress = false;
1838 : bool process_shared_preload_libraries_done = false;
1839 :
1840 : shmem_request_hook_type shmem_request_hook = NULL;
1841 : bool process_shmem_requests_in_progress = false;
1842 :
1843 : /*
1844 : * load the shared libraries listed in 'libraries'
1845 : *
1846 : * 'gucname': name of GUC variable, for error reports
1847 : * 'restricted': if true, force libraries to be in $libdir/plugins/
1848 : */
1849 : static void
1850 47676 : load_libraries(const char *libraries, const char *gucname, bool restricted)
1851 : {
1852 : char *rawstring;
1853 : List *elemlist;
1854 : ListCell *l;
1855 :
1856 47676 : if (libraries == NULL || libraries[0] == '\0')
1857 47598 : return; /* nothing to do */
1858 :
1859 : /* Need a modifiable copy of string */
1860 78 : rawstring = pstrdup(libraries);
1861 :
1862 : /* Parse string into list of filename paths */
1863 78 : if (!SplitDirectoriesString(rawstring, ',', &elemlist))
1864 : {
1865 : /* syntax error in list */
1866 0 : list_free_deep(elemlist);
1867 0 : pfree(rawstring);
1868 0 : ereport(LOG,
1869 : (errcode(ERRCODE_SYNTAX_ERROR),
1870 : errmsg("invalid list syntax in parameter \"%s\"",
1871 : gucname)));
1872 0 : return;
1873 : }
1874 :
1875 158 : foreach(l, elemlist)
1876 : {
1877 : /* Note that filename was already canonicalized */
1878 80 : char *filename = (char *) lfirst(l);
1879 80 : char *expanded = NULL;
1880 :
1881 : /* If restricting, insert $libdir/plugins if not mentioned already */
1882 80 : if (restricted && first_dir_separator(filename) == NULL)
1883 : {
1884 0 : expanded = psprintf("$libdir/plugins/%s", filename);
1885 0 : filename = expanded;
1886 : }
1887 80 : load_file(filename, restricted);
1888 80 : ereport(DEBUG1,
1889 : (errmsg_internal("loaded library \"%s\"", filename)));
1890 80 : if (expanded)
1891 0 : pfree(expanded);
1892 : }
1893 :
1894 78 : list_free_deep(elemlist);
1895 78 : pfree(rawstring);
1896 : }
1897 :
1898 : /*
1899 : * process any libraries that should be preloaded at postmaster start
1900 : */
1901 : void
1902 1812 : process_shared_preload_libraries(void)
1903 : {
1904 1812 : process_shared_preload_libraries_in_progress = true;
1905 1812 : load_libraries(shared_preload_libraries_string,
1906 : "shared_preload_libraries",
1907 : false);
1908 1812 : process_shared_preload_libraries_in_progress = false;
1909 1812 : process_shared_preload_libraries_done = true;
1910 1812 : }
1911 :
1912 : /*
1913 : * process any libraries that should be preloaded at backend start
1914 : */
1915 : void
1916 22932 : process_session_preload_libraries(void)
1917 : {
1918 22932 : load_libraries(session_preload_libraries_string,
1919 : "session_preload_libraries",
1920 : false);
1921 22932 : load_libraries(local_preload_libraries_string,
1922 : "local_preload_libraries",
1923 : true);
1924 22932 : }
1925 :
1926 : /*
1927 : * process any shared memory requests from preloaded libraries
1928 : */
1929 : void
1930 1802 : process_shmem_requests(void)
1931 : {
1932 1802 : process_shmem_requests_in_progress = true;
1933 1802 : if (shmem_request_hook)
1934 28 : shmem_request_hook();
1935 1802 : process_shmem_requests_in_progress = false;
1936 1802 : }
1937 :
1938 : void
1939 3660 : pg_bindtextdomain(const char *domain)
1940 : {
1941 : #ifdef ENABLE_NLS
1942 3660 : if (my_exec_path[0] != '\0')
1943 : {
1944 : char locale_path[MAXPGPATH];
1945 :
1946 3660 : get_locale_path(my_exec_path, locale_path);
1947 3660 : bindtextdomain(domain, locale_path);
1948 3660 : pg_bind_textdomain_codeset(domain);
1949 : }
1950 : #endif
1951 3660 : }
|
