Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * postinit.c
4 : * postgres initialization utilities
5 : *
6 : * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
7 : * Portions Copyright (c) 1994, Regents of the University of California
8 : *
9 : *
10 : * IDENTIFICATION
11 : * src/backend/utils/init/postinit.c
12 : *
13 : *
14 : *-------------------------------------------------------------------------
15 : */
16 : #include "postgres.h"
17 :
18 : #include <ctype.h>
19 : #include <fcntl.h>
20 : #include <unistd.h>
21 :
22 : #include "access/genam.h"
23 : #include "access/heapam.h"
24 : #include "access/htup_details.h"
25 : #include "access/session.h"
26 : #include "access/tableam.h"
27 : #include "access/xact.h"
28 : #include "access/xlog.h"
29 : #include "access/xloginsert.h"
30 : #include "catalog/namespace.h"
31 : #include "catalog/pg_authid.h"
32 : #include "catalog/pg_collation.h"
33 : #include "catalog/pg_database.h"
34 : #include "catalog/pg_db_role_setting.h"
35 : #include "catalog/pg_tablespace.h"
36 : #include "libpq/auth.h"
37 : #include "libpq/libpq-be.h"
38 : #include "mb/pg_wchar.h"
39 : #include "miscadmin.h"
40 : #include "pgstat.h"
41 : #include "postmaster/autovacuum.h"
42 : #include "postmaster/postmaster.h"
43 : #include "replication/slot.h"
44 : #include "replication/slotsync.h"
45 : #include "replication/walsender.h"
46 : #include "storage/aio_subsys.h"
47 : #include "storage/bufmgr.h"
48 : #include "storage/fd.h"
49 : #include "storage/ipc.h"
50 : #include "storage/lmgr.h"
51 : #include "storage/proc.h"
52 : #include "storage/procarray.h"
53 : #include "storage/procnumber.h"
54 : #include "storage/procsignal.h"
55 : #include "storage/sinvaladt.h"
56 : #include "storage/smgr.h"
57 : #include "storage/sync.h"
58 : #include "tcop/backend_startup.h"
59 : #include "tcop/tcopprot.h"
60 : #include "utils/acl.h"
61 : #include "utils/builtins.h"
62 : #include "utils/fmgroids.h"
63 : #include "utils/guc_hooks.h"
64 : #include "utils/injection_point.h"
65 : #include "utils/memutils.h"
66 : #include "utils/pg_locale.h"
67 : #include "utils/portal.h"
68 : #include "utils/ps_status.h"
69 : #include "utils/snapmgr.h"
70 : #include "utils/syscache.h"
71 : #include "utils/timeout.h"
72 :
73 : static HeapTuple GetDatabaseTuple(const char *dbname);
74 : static HeapTuple GetDatabaseTupleByOid(Oid dboid);
75 : static void PerformAuthentication(Port *port);
76 : static void CheckMyDatabase(const char *name, bool am_superuser, bool override_allow_connections);
77 : static void ShutdownPostgres(int code, Datum arg);
78 : static void StatementTimeoutHandler(void);
79 : static void LockTimeoutHandler(void);
80 : static void IdleInTransactionSessionTimeoutHandler(void);
81 : static void TransactionTimeoutHandler(void);
82 : static void IdleSessionTimeoutHandler(void);
83 : static void IdleStatsUpdateTimeoutHandler(void);
84 : static void ClientCheckTimeoutHandler(void);
85 : static bool ThereIsAtLeastOneRole(void);
86 : static void process_startup_options(Port *port, bool am_superuser);
87 : static void process_settings(Oid databaseid, Oid roleid);
88 :
89 :
90 : /*** InitPostgres support ***/
91 :
92 :
93 : /*
94 : * GetDatabaseTuple -- fetch the pg_database row for a database
95 : *
96 : * This is used during backend startup when we don't yet have any access to
97 : * system catalogs in general. In the worst case, we can seqscan pg_database
98 : * using nothing but the hard-wired descriptor that relcache.c creates for
99 : * pg_database. In more typical cases, relcache.c was able to load
100 : * descriptors for both pg_database and its indexes from the shared relcache
101 : * cache file, and so we can do an indexscan. criticalSharedRelcachesBuilt
102 : * tells whether we got the cached descriptors.
103 : */
104 : static HeapTuple
105 24278 : GetDatabaseTuple(const char *dbname)
106 : {
107 : HeapTuple tuple;
108 : Relation relation;
109 : SysScanDesc scan;
110 : ScanKeyData key[1];
111 :
112 : /*
113 : * form a scan key
114 : */
115 24278 : ScanKeyInit(&key[0],
116 : Anum_pg_database_datname,
117 : BTEqualStrategyNumber, F_NAMEEQ,
118 : CStringGetDatum(dbname));
119 :
120 : /*
121 : * Open pg_database and fetch a tuple. Force heap scan if we haven't yet
122 : * built the critical shared relcache entries (i.e., we're starting up
123 : * without a shared relcache cache file).
124 : */
125 24278 : relation = table_open(DatabaseRelationId, AccessShareLock);
126 24278 : scan = systable_beginscan(relation, DatabaseNameIndexId,
127 : criticalSharedRelcachesBuilt,
128 : NULL,
129 : 1, key);
130 :
131 24278 : tuple = systable_getnext(scan);
132 :
133 : /* Must copy tuple before releasing buffer */
134 24278 : if (HeapTupleIsValid(tuple))
135 24258 : tuple = heap_copytuple(tuple);
136 :
137 : /* all done */
138 24278 : systable_endscan(scan);
139 24278 : table_close(relation, AccessShareLock);
140 :
141 24278 : return tuple;
142 : }
143 :
144 : /*
145 : * GetDatabaseTupleByOid -- as above, but search by database OID
146 : */
147 : static HeapTuple
148 30226 : GetDatabaseTupleByOid(Oid dboid)
149 : {
150 : HeapTuple tuple;
151 : Relation relation;
152 : SysScanDesc scan;
153 : ScanKeyData key[1];
154 :
155 : /*
156 : * form a scan key
157 : */
158 30226 : ScanKeyInit(&key[0],
159 : Anum_pg_database_oid,
160 : BTEqualStrategyNumber, F_OIDEQ,
161 : ObjectIdGetDatum(dboid));
162 :
163 : /*
164 : * Open pg_database and fetch a tuple. Force heap scan if we haven't yet
165 : * built the critical shared relcache entries (i.e., we're starting up
166 : * without a shared relcache cache file).
167 : */
168 30226 : relation = table_open(DatabaseRelationId, AccessShareLock);
169 30226 : scan = systable_beginscan(relation, DatabaseOidIndexId,
170 : criticalSharedRelcachesBuilt,
171 : NULL,
172 : 1, key);
173 :
174 30226 : tuple = systable_getnext(scan);
175 :
176 : /* Must copy tuple before releasing buffer */
177 30226 : if (HeapTupleIsValid(tuple))
178 30226 : tuple = heap_copytuple(tuple);
179 :
180 : /* all done */
181 30226 : systable_endscan(scan);
182 30226 : table_close(relation, AccessShareLock);
183 :
184 30226 : return tuple;
185 : }
186 :
187 :
188 : /*
189 : * PerformAuthentication -- authenticate a remote client
190 : *
191 : * returns: nothing. Will not return at all if there's any failure.
192 : */
193 : static void
194 25206 : PerformAuthentication(Port *port)
195 : {
196 : /* This should be set already, but let's make sure */
197 25206 : ClientAuthInProgress = true; /* limit visibility of log messages */
198 :
199 : /*
200 : * In EXEC_BACKEND case, we didn't inherit the contents of pg_hba.conf
201 : * etcetera from the postmaster, and have to load them ourselves.
202 : *
203 : * FIXME: [fork/exec] Ugh. Is there a way around this overhead?
204 : */
205 : #ifdef EXEC_BACKEND
206 :
207 : /*
208 : * load_hba() and load_ident() want to work within the PostmasterContext,
209 : * so create that if it doesn't exist (which it won't). We'll delete it
210 : * again later, in PostgresMain.
211 : */
212 : if (PostmasterContext == NULL)
213 : PostmasterContext = AllocSetContextCreate(TopMemoryContext,
214 : "Postmaster",
215 : ALLOCSET_DEFAULT_SIZES);
216 :
217 : if (!load_hba())
218 : {
219 : /*
220 : * It makes no sense to continue if we fail to load the HBA file,
221 : * since there is no way to connect to the database in this case.
222 : */
223 : ereport(FATAL,
224 : /* translator: %s is a configuration file */
225 : (errmsg("could not load %s", HbaFileName)));
226 : }
227 :
228 : if (!load_ident())
229 : {
230 : /*
231 : * It is ok to continue if we fail to load the IDENT file, although it
232 : * means that you cannot log in using any of the authentication
233 : * methods that need a user name mapping. load_ident() already logged
234 : * the details of error to the log.
235 : */
236 : }
237 : #endif
238 :
239 : /* Capture authentication start time for logging */
240 25206 : conn_timing.auth_start = GetCurrentTimestamp();
241 :
242 : /*
243 : * Set up a timeout in case a buggy or malicious client fails to respond
244 : * during authentication. Since we're inside a transaction and might do
245 : * database access, we have to use the statement_timeout infrastructure.
246 : */
247 25206 : enable_timeout_after(STATEMENT_TIMEOUT, AuthenticationTimeout * 1000);
248 :
249 : /*
250 : * Now perform authentication exchange.
251 : */
252 25206 : set_ps_display("authentication");
253 25206 : ClientAuthentication(port); /* might not return, if failure */
254 :
255 : /*
256 : * Done with authentication. Disable the timeout, and log if needed.
257 : */
258 25072 : disable_timeout(STATEMENT_TIMEOUT, false);
259 :
260 : /* Capture authentication end time for logging */
261 25072 : conn_timing.auth_end = GetCurrentTimestamp();
262 :
263 25072 : if (log_connections & LOG_CONNECTION_AUTHORIZATION)
264 : {
265 : StringInfoData logmsg;
266 :
267 940 : initStringInfo(&logmsg);
268 940 : if (am_walsender)
269 6 : appendStringInfo(&logmsg, _("replication connection authorized: user=%s"),
270 : port->user_name);
271 : else
272 934 : appendStringInfo(&logmsg, _("connection authorized: user=%s"),
273 : port->user_name);
274 940 : if (!am_walsender)
275 934 : appendStringInfo(&logmsg, _(" database=%s"), port->database_name);
276 :
277 940 : if (port->application_name != NULL)
278 940 : appendStringInfo(&logmsg, _(" application_name=%s"),
279 : port->application_name);
280 :
281 : #ifdef USE_SSL
282 940 : if (port->ssl_in_use)
283 172 : appendStringInfo(&logmsg, _(" SSL enabled (protocol=%s, cipher=%s, bits=%d)"),
284 : be_tls_get_version(port),
285 : be_tls_get_cipher(port),
286 : be_tls_get_cipher_bits(port));
287 : #endif
288 : #ifdef ENABLE_GSS
289 : if (port->gss)
290 : {
291 : const char *princ = be_gssapi_get_princ(port);
292 :
293 : if (princ)
294 : appendStringInfo(&logmsg,
295 : _(" GSS (authenticated=%s, encrypted=%s, delegated_credentials=%s, principal=%s)"),
296 : be_gssapi_get_auth(port) ? _("yes") : _("no"),
297 : be_gssapi_get_enc(port) ? _("yes") : _("no"),
298 : be_gssapi_get_delegation(port) ? _("yes") : _("no"),
299 : princ);
300 : else
301 : appendStringInfo(&logmsg,
302 : _(" GSS (authenticated=%s, encrypted=%s, delegated_credentials=%s)"),
303 : be_gssapi_get_auth(port) ? _("yes") : _("no"),
304 : be_gssapi_get_enc(port) ? _("yes") : _("no"),
305 : be_gssapi_get_delegation(port) ? _("yes") : _("no"));
306 : }
307 : #endif
308 :
309 940 : ereport(LOG, errmsg_internal("%s", logmsg.data));
310 940 : pfree(logmsg.data);
311 : }
312 :
313 25072 : set_ps_display("startup");
314 :
315 25072 : ClientAuthInProgress = false; /* client_min_messages is active now */
316 25072 : }
317 :
318 :
319 : /*
320 : * CheckMyDatabase -- fetch information from the pg_database entry for our DB
321 : */
322 : static void
323 30212 : CheckMyDatabase(const char *name, bool am_superuser, bool override_allow_connections)
324 : {
325 : HeapTuple tup;
326 : Form_pg_database dbform;
327 : Datum datum;
328 : bool isnull;
329 : char *collate;
330 : char *ctype;
331 :
332 : /* Fetch our pg_database row normally, via syscache */
333 30212 : tup = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(MyDatabaseId));
334 30212 : if (!HeapTupleIsValid(tup))
335 0 : elog(ERROR, "cache lookup failed for database %u", MyDatabaseId);
336 30212 : dbform = (Form_pg_database) GETSTRUCT(tup);
337 :
338 : /* This recheck is strictly paranoia */
339 30212 : if (strcmp(name, NameStr(dbform->datname)) != 0)
340 0 : ereport(FATAL,
341 : (errcode(ERRCODE_UNDEFINED_DATABASE),
342 : errmsg("database \"%s\" has disappeared from pg_database",
343 : name),
344 : errdetail("Database OID %u now seems to belong to \"%s\".",
345 : MyDatabaseId, NameStr(dbform->datname))));
346 :
347 : /*
348 : * Check permissions to connect to the database.
349 : *
350 : * These checks are not enforced when in standalone mode, so that there is
351 : * a way to recover from disabling all access to all databases, for
352 : * example "UPDATE pg_database SET datallowconn = false;".
353 : */
354 30212 : if (IsUnderPostmaster)
355 : {
356 : /*
357 : * Check that the database is currently allowing connections.
358 : * (Background processes can override this test and the next one by
359 : * setting override_allow_connections.)
360 : */
361 30096 : if (!dbform->datallowconn && !override_allow_connections)
362 2 : ereport(FATAL,
363 : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
364 : errmsg("database \"%s\" is not currently accepting connections",
365 : name)));
366 :
367 : /*
368 : * Check privilege to connect to the database. (The am_superuser test
369 : * is redundant, but since we have the flag, might as well check it
370 : * and save a few cycles.)
371 : */
372 30626 : if (!am_superuser && !override_allow_connections &&
373 532 : object_aclcheck(DatabaseRelationId, MyDatabaseId, GetUserId(),
374 : ACL_CONNECT) != ACLCHECK_OK)
375 0 : ereport(FATAL,
376 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
377 : errmsg("permission denied for database \"%s\"", name),
378 : errdetail("User does not have CONNECT privilege.")));
379 :
380 : /*
381 : * Check connection limit for this database. We enforce the limit
382 : * only for regular backends, since other process types have their own
383 : * PGPROC pools.
384 : *
385 : * There is a race condition here --- we create our PGPROC before
386 : * checking for other PGPROCs. If two backends did this at about the
387 : * same time, they might both think they were over the limit, while
388 : * ideally one should succeed and one fail. Getting that to work
389 : * exactly seems more trouble than it is worth, however; instead we
390 : * just document that the connection limit is approximate.
391 : */
392 30094 : if (dbform->datconnlimit >= 0 &&
393 0 : AmRegularBackendProcess() &&
394 0 : !am_superuser &&
395 0 : CountDBConnections(MyDatabaseId) > dbform->datconnlimit)
396 0 : ereport(FATAL,
397 : (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
398 : errmsg("too many connections for database \"%s\"",
399 : name)));
400 : }
401 :
402 : /*
403 : * OK, we're golden. Next to-do item is to save the encoding info out of
404 : * the pg_database tuple.
405 : */
406 30210 : SetDatabaseEncoding(dbform->encoding);
407 : /* Record it as a GUC internal option, too */
408 30210 : SetConfigOption("server_encoding", GetDatabaseEncodingName(),
409 : PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT);
410 : /* If we have no other source of client_encoding, use server encoding */
411 30210 : SetConfigOption("client_encoding", GetDatabaseEncodingName(),
412 : PGC_BACKEND, PGC_S_DYNAMIC_DEFAULT);
413 :
414 : /* assign locale variables */
415 30210 : datum = SysCacheGetAttrNotNull(DATABASEOID, tup, Anum_pg_database_datcollate);
416 30210 : collate = TextDatumGetCString(datum);
417 30210 : datum = SysCacheGetAttrNotNull(DATABASEOID, tup, Anum_pg_database_datctype);
418 30210 : ctype = TextDatumGetCString(datum);
419 :
420 30210 : if (pg_perm_setlocale(LC_COLLATE, collate) == NULL)
421 0 : ereport(FATAL,
422 : (errmsg("database locale is incompatible with operating system"),
423 : errdetail("The database was initialized with LC_COLLATE \"%s\", "
424 : " which is not recognized by setlocale().", collate),
425 : errhint("Recreate the database with another locale or install the missing locale.")));
426 :
427 30210 : if (pg_perm_setlocale(LC_CTYPE, ctype) == NULL)
428 0 : ereport(FATAL,
429 : (errmsg("database locale is incompatible with operating system"),
430 : errdetail("The database was initialized with LC_CTYPE \"%s\", "
431 : " which is not recognized by setlocale().", ctype),
432 : errhint("Recreate the database with another locale or install the missing locale.")));
433 :
434 30210 : if (strcmp(ctype, "C") == 0 ||
435 27354 : strcmp(ctype, "POSIX") == 0)
436 2856 : database_ctype_is_c = true;
437 :
438 30210 : init_database_collation();
439 :
440 : /*
441 : * Check collation version. See similar code in
442 : * pg_newlocale_from_collation(). Note that here we warn instead of error
443 : * in any case, so that we don't prevent connecting.
444 : */
445 30206 : datum = SysCacheGetAttr(DATABASEOID, tup, Anum_pg_database_datcollversion,
446 : &isnull);
447 30206 : if (!isnull)
448 : {
449 : char *actual_versionstr;
450 : char *collversionstr;
451 : char *locale;
452 :
453 28458 : collversionstr = TextDatumGetCString(datum);
454 :
455 28458 : if (dbform->datlocprovider == COLLPROVIDER_LIBC)
456 26718 : locale = collate;
457 : else
458 : {
459 1740 : datum = SysCacheGetAttrNotNull(DATABASEOID, tup, Anum_pg_database_datlocale);
460 1740 : locale = TextDatumGetCString(datum);
461 : }
462 :
463 28458 : actual_versionstr = get_collation_actual_version(dbform->datlocprovider, locale);
464 28458 : if (!actual_versionstr)
465 : /* should not happen */
466 0 : elog(WARNING,
467 : "database \"%s\" has no actual collation version, but a version was recorded",
468 : name);
469 28458 : else if (strcmp(actual_versionstr, collversionstr) != 0)
470 0 : ereport(WARNING,
471 : (errmsg("database \"%s\" has a collation version mismatch",
472 : name),
473 : errdetail("The database was created using collation version %s, "
474 : "but the operating system provides version %s.",
475 : collversionstr, actual_versionstr),
476 : errhint("Rebuild all objects in this database that use the default collation and run "
477 : "ALTER DATABASE %s REFRESH COLLATION VERSION, "
478 : "or build PostgreSQL with the right library version.",
479 : quote_identifier(name))));
480 : }
481 :
482 30206 : ReleaseSysCache(tup);
483 30206 : }
484 :
485 :
486 : /*
487 : * pg_split_opts -- split a string of options and append it to an argv array
488 : *
489 : * The caller is responsible for ensuring the argv array is large enough. The
490 : * maximum possible number of arguments added by this routine is
491 : * (strlen(optstr) + 1) / 2.
492 : *
493 : * Because some option values can contain spaces we allow escaping using
494 : * backslashes, with \\ representing a literal backslash.
495 : */
496 : void
497 7098 : pg_split_opts(char **argv, int *argcp, const char *optstr)
498 : {
499 : StringInfoData s;
500 :
501 7098 : initStringInfo(&s);
502 :
503 25906 : while (*optstr)
504 : {
505 18808 : bool last_was_escape = false;
506 :
507 18808 : resetStringInfo(&s);
508 :
509 : /* skip over leading space */
510 34864 : while (isspace((unsigned char) *optstr))
511 16056 : optstr++;
512 :
513 18808 : if (*optstr == '\0')
514 0 : break;
515 :
516 : /*
517 : * Parse a single option, stopping at the first space, unless it's
518 : * escaped.
519 : */
520 287380 : while (*optstr)
521 : {
522 280282 : if (isspace((unsigned char) *optstr) && !last_was_escape)
523 11710 : break;
524 :
525 268572 : if (!last_was_escape && *optstr == '\\')
526 28 : last_was_escape = true;
527 : else
528 : {
529 268544 : last_was_escape = false;
530 268544 : appendStringInfoChar(&s, *optstr);
531 : }
532 :
533 268572 : optstr++;
534 : }
535 :
536 : /* now store the option in the next argv[] position */
537 18808 : argv[(*argcp)++] = pstrdup(s.data);
538 : }
539 :
540 7098 : pfree(s.data);
541 7098 : }
542 :
543 : /*
544 : * Initialize MaxBackends value from config options.
545 : *
546 : * This must be called after modules have had the chance to alter GUCs in
547 : * shared_preload_libraries and before shared memory size is determined.
548 : *
549 : * Note that in EXEC_BACKEND environment, the value is passed down from
550 : * postmaster to subprocesses via BackendParameters in SubPostmasterMain; only
551 : * postmaster itself and processes not under postmaster control should call
552 : * this.
553 : */
554 : void
555 2096 : InitializeMaxBackends(void)
556 : {
557 : Assert(MaxBackends == 0);
558 :
559 : /* Note that this does not include "auxiliary" processes */
560 2096 : MaxBackends = MaxConnections + autovacuum_worker_slots +
561 2096 : max_worker_processes + max_wal_senders + NUM_SPECIAL_WORKER_PROCS;
562 :
563 2096 : if (MaxBackends > MAX_BACKENDS)
564 0 : ereport(ERROR,
565 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
566 : errmsg("too many server processes configured"),
567 : errdetail("\"max_connections\" (%d) plus \"autovacuum_worker_slots\" (%d) plus \"max_worker_processes\" (%d) plus \"max_wal_senders\" (%d) must be less than %d.",
568 : MaxConnections, autovacuum_worker_slots,
569 : max_worker_processes, max_wal_senders,
570 : MAX_BACKENDS - (NUM_SPECIAL_WORKER_PROCS - 1))));
571 2096 : }
572 :
573 : /*
574 : * Initialize the number of fast-path lock slots in PGPROC.
575 : *
576 : * This must be called after modules have had the chance to alter GUCs in
577 : * shared_preload_libraries and before shared memory size is determined.
578 : *
579 : * The default max_locks_per_xact=64 means 4 groups by default.
580 : *
581 : * We allow anything between 1 and 1024 groups, with the usual power-of-2
582 : * logic. The 1 is the "old" size with only 16 slots, 1024 is an arbitrary
583 : * limit (matching max_locks_per_xact = 16k). Values over 1024 are unlikely
584 : * to be beneficial - there are bottlenecks we'll hit way before that.
585 : */
586 : void
587 2096 : InitializeFastPathLocks(void)
588 : {
589 : /* Should be initialized only once. */
590 : Assert(FastPathLockGroupsPerBackend == 0);
591 :
592 : /* we need at least one group */
593 2096 : FastPathLockGroupsPerBackend = 1;
594 :
595 6288 : while (FastPathLockGroupsPerBackend < FP_LOCK_GROUPS_PER_BACKEND_MAX)
596 : {
597 : /* stop once we exceed max_locks_per_xact */
598 6288 : if (FastPathLockSlotsPerBackend() >= max_locks_per_xact)
599 2096 : break;
600 :
601 4192 : FastPathLockGroupsPerBackend *= 2;
602 : }
603 :
604 : Assert(FastPathLockGroupsPerBackend <= FP_LOCK_GROUPS_PER_BACKEND_MAX);
605 2096 : }
606 :
607 : /*
608 : * Early initialization of a backend (either standalone or under postmaster).
609 : * This happens even before InitPostgres.
610 : *
611 : * This is separate from InitPostgres because it is also called by auxiliary
612 : * processes, such as the background writer process, which may not call
613 : * InitPostgres at all.
614 : */
615 : void
616 41036 : BaseInit(void)
617 : {
618 : Assert(MyProc != NULL);
619 :
620 : /*
621 : * Initialize our input/output/debugging file descriptors.
622 : */
623 41036 : DebugFileOpen();
624 :
625 : /*
626 : * Initialize file access. Done early so other subsystems can access
627 : * files.
628 : */
629 41036 : InitFileAccess();
630 :
631 : /*
632 : * Initialize statistics reporting. This needs to happen early to ensure
633 : * that pgstat's shutdown callback runs after the shutdown callbacks of
634 : * all subsystems that can produce stats (like e.g. transaction commits
635 : * can).
636 : */
637 41036 : pgstat_initialize();
638 :
639 : /*
640 : * Initialize AIO before infrastructure that might need to actually
641 : * execute AIO.
642 : */
643 41036 : pgaio_init_backend();
644 :
645 : /* Do local initialization of storage and buffer managers */
646 41036 : InitSync();
647 41036 : smgrinit();
648 41036 : InitBufferManagerAccess();
649 :
650 : /*
651 : * Initialize temporary file access after pgstat, so that the temporary
652 : * file shutdown hook can report temporary file statistics.
653 : */
654 41036 : InitTemporaryFileAccess();
655 :
656 : /*
657 : * Initialize local buffers for WAL record construction, in case we ever
658 : * try to insert XLOG.
659 : */
660 41036 : InitXLogInsert();
661 :
662 : /* Initialize lock manager's local structs */
663 41036 : InitLockManagerAccess();
664 :
665 : /*
666 : * Initialize replication slots after pgstat. The exit hook might need to
667 : * drop ephemeral slots, which in turn triggers stats reporting.
668 : */
669 41036 : ReplicationSlotInitialize();
670 :
671 : /*
672 : * The before shmem exit callback frees the DSA memory occupied by the
673 : * latest memory context statistics that could be published by this proc
674 : * if requested.
675 : */
676 41036 : before_shmem_exit(AtProcExit_memstats_cleanup, 0);
677 41036 : }
678 :
679 :
680 : /* --------------------------------
681 : * InitPostgres
682 : * Initialize POSTGRES.
683 : *
684 : * Parameters:
685 : * in_dbname, dboid: specify database to connect to, as described below
686 : * username, useroid: specify role to connect as, as described below
687 : * flags:
688 : * - INIT_PG_LOAD_SESSION_LIBS to honor [session|local]_preload_libraries.
689 : * - INIT_PG_OVERRIDE_ALLOW_CONNS to connect despite !datallowconn.
690 : * - INIT_PG_OVERRIDE_ROLE_LOGIN to connect despite !rolcanlogin.
691 : * out_dbname: optional output parameter, see below; pass NULL if not used
692 : *
693 : * The database can be specified by name, using the in_dbname parameter, or by
694 : * OID, using the dboid parameter. Specify NULL or InvalidOid respectively
695 : * for the unused parameter. If dboid is provided, the actual database
696 : * name can be returned to the caller in out_dbname. If out_dbname isn't
697 : * NULL, it must point to a buffer of size NAMEDATALEN.
698 : *
699 : * Similarly, the role can be passed by name, using the username parameter,
700 : * or by OID using the useroid parameter.
701 : *
702 : * In bootstrap mode the database and username parameters are NULL/InvalidOid.
703 : * The autovacuum launcher process doesn't specify these parameters either,
704 : * because it only goes far enough to be able to read pg_database; it doesn't
705 : * connect to any particular database. An autovacuum worker specifies a
706 : * database but not a username; conversely, a physical walsender specifies
707 : * username but not database.
708 : *
709 : * By convention, INIT_PG_LOAD_SESSION_LIBS should be passed in "flags" in
710 : * "interactive" sessions (including standalone backends), but not in
711 : * background processes such as autovacuum. Note in particular that it
712 : * shouldn't be true in parallel worker processes; those have another
713 : * mechanism for replicating their leader's set of loaded libraries.
714 : *
715 : * We expect that InitProcess() was already called, so we already have a
716 : * PGPROC struct ... but it's not completely filled in yet.
717 : *
718 : * Note:
719 : * Be very careful with the order of calls in the InitPostgres function.
720 : * --------------------------------
721 : */
722 : void
723 32940 : InitPostgres(const char *in_dbname, Oid dboid,
724 : const char *username, Oid useroid,
725 : bits32 flags,
726 : char *out_dbname)
727 : {
728 32940 : bool bootstrap = IsBootstrapProcessingMode();
729 : bool am_superuser;
730 : char *fullpath;
731 : char dbname[NAMEDATALEN];
732 32940 : int nfree = 0;
733 :
734 32940 : elog(DEBUG3, "InitPostgres");
735 :
736 : /*
737 : * Add my PGPROC struct to the ProcArray.
738 : *
739 : * Once I have done this, I am visible to other backends!
740 : */
741 32940 : InitProcessPhase2();
742 :
743 : /* Initialize status reporting */
744 32940 : pgstat_beinit();
745 :
746 : /*
747 : * And initialize an entry in the PgBackendStatus array. That way, if
748 : * LWLocks or third-party authentication should happen to hang, it is
749 : * possible to retrieve some information about what is going on.
750 : */
751 32940 : if (!bootstrap)
752 : {
753 32842 : pgstat_bestart_initial();
754 32842 : INJECTION_POINT("init-pre-auth");
755 : }
756 :
757 : /*
758 : * Initialize my entry in the shared-invalidation manager's array of
759 : * per-backend data.
760 : */
761 32940 : SharedInvalBackendInit(false);
762 :
763 32940 : ProcSignalInit(MyCancelKey, MyCancelKeyLength);
764 :
765 : /*
766 : * Also set up timeout handlers needed for backend operation. We need
767 : * these in every case except bootstrap.
768 : */
769 32940 : if (!bootstrap)
770 : {
771 32842 : RegisterTimeout(DEADLOCK_TIMEOUT, CheckDeadLockAlert);
772 32842 : RegisterTimeout(STATEMENT_TIMEOUT, StatementTimeoutHandler);
773 32842 : RegisterTimeout(LOCK_TIMEOUT, LockTimeoutHandler);
774 32842 : RegisterTimeout(IDLE_IN_TRANSACTION_SESSION_TIMEOUT,
775 : IdleInTransactionSessionTimeoutHandler);
776 32842 : RegisterTimeout(TRANSACTION_TIMEOUT, TransactionTimeoutHandler);
777 32842 : RegisterTimeout(IDLE_SESSION_TIMEOUT, IdleSessionTimeoutHandler);
778 32842 : RegisterTimeout(CLIENT_CONNECTION_CHECK_TIMEOUT, ClientCheckTimeoutHandler);
779 32842 : RegisterTimeout(IDLE_STATS_UPDATE_TIMEOUT,
780 : IdleStatsUpdateTimeoutHandler);
781 : }
782 :
783 : /*
784 : * If this is either a bootstrap process or a standalone backend, start up
785 : * the XLOG machinery, and register to have it closed down at exit. In
786 : * other cases, the startup process is responsible for starting up the
787 : * XLOG machinery, and the checkpointer for closing it down.
788 : */
789 32940 : if (!IsUnderPostmaster)
790 : {
791 : /*
792 : * We don't yet have an aux-process resource owner, but StartupXLOG
793 : * and ShutdownXLOG will need one. Hence, create said resource owner
794 : * (and register a callback to clean it up after ShutdownXLOG runs).
795 : */
796 214 : CreateAuxProcessResourceOwner();
797 :
798 214 : StartupXLOG();
799 : /* Release (and warn about) any buffer pins leaked in StartupXLOG */
800 214 : ReleaseAuxProcessResources(true);
801 : /* Reset CurrentResourceOwner to nothing for the moment */
802 214 : CurrentResourceOwner = NULL;
803 :
804 : /*
805 : * Use before_shmem_exit() so that ShutdownXLOG() can rely on DSM
806 : * segments etc to work (which in turn is required for pgstats).
807 : */
808 214 : before_shmem_exit(pgstat_before_server_shutdown, 0);
809 214 : before_shmem_exit(ShutdownXLOG, 0);
810 : }
811 :
812 : /*
813 : * Initialize the relation cache and the system catalog caches. Note that
814 : * no catalog access happens here; we only set up the hashtable structure.
815 : * We must do this before starting a transaction because transaction abort
816 : * would try to touch these hashtables.
817 : */
818 32940 : RelationCacheInitialize();
819 32940 : InitCatalogCache();
820 32940 : InitPlanCache();
821 :
822 : /* Initialize portal manager */
823 32940 : EnablePortalManager();
824 :
825 : /*
826 : * Load relcache entries for the shared system catalogs. This must create
827 : * at least entries for pg_database and catalogs used for authentication.
828 : */
829 32940 : RelationCacheInitializePhase2();
830 :
831 : /*
832 : * Set up process-exit callback to do pre-shutdown cleanup. This is the
833 : * one of the first before_shmem_exit callbacks we register; thus, this
834 : * will be one the last things we do before low-level modules like the
835 : * buffer manager begin to close down. We need to have this in place
836 : * before we begin our first transaction --- if we fail during the
837 : * initialization transaction, as is entirely possible, we need the
838 : * AbortTransaction call to clean up.
839 : */
840 32940 : before_shmem_exit(ShutdownPostgres, 0);
841 :
842 : /* The autovacuum launcher is done here */
843 32940 : if (AmAutoVacuumLauncherProcess())
844 : {
845 : /* fill in the remainder of this entry in the PgBackendStatus array */
846 746 : pgstat_bestart_final();
847 :
848 2448 : return;
849 : }
850 :
851 : /*
852 : * Start a new transaction here before first access to db.
853 : */
854 32194 : if (!bootstrap)
855 : {
856 : /* statement_timestamp must be set for timeouts to work correctly */
857 32096 : SetCurrentStatementStartTimestamp();
858 32096 : StartTransactionCommand();
859 :
860 : /*
861 : * transaction_isolation will have been set to the default by the
862 : * above. If the default is "serializable", and we are in hot
863 : * standby, we will fail if we don't change it to something lower.
864 : * Fortunately, "read committed" is plenty good enough.
865 : */
866 32096 : XactIsoLevel = XACT_READ_COMMITTED;
867 : }
868 :
869 : /*
870 : * Perform client authentication if necessary, then figure out our
871 : * postgres user ID, and see if we are a superuser.
872 : *
873 : * In standalone mode, autovacuum worker processes and slot sync worker
874 : * process, we use a fixed ID, otherwise we figure it out from the
875 : * authenticated user name.
876 : */
877 32194 : if (bootstrap || AmAutoVacuumWorkerProcess() || AmLogicalSlotSyncWorkerProcess())
878 : {
879 2480 : InitializeSessionUserIdStandalone();
880 2480 : am_superuser = true;
881 : }
882 29714 : else if (!IsUnderPostmaster)
883 : {
884 116 : InitializeSessionUserIdStandalone();
885 116 : am_superuser = true;
886 116 : if (!ThereIsAtLeastOneRole())
887 0 : ereport(WARNING,
888 : (errcode(ERRCODE_UNDEFINED_OBJECT),
889 : errmsg("no roles are defined in this database system"),
890 : errhint("You should immediately run CREATE USER \"%s\" SUPERUSER;.",
891 : username != NULL ? username : "postgres")));
892 : }
893 29598 : else if (AmBackgroundWorkerProcess())
894 : {
895 4392 : if (username == NULL && !OidIsValid(useroid))
896 : {
897 800 : InitializeSessionUserIdStandalone();
898 800 : am_superuser = true;
899 : }
900 : else
901 : {
902 3592 : InitializeSessionUserId(username, useroid,
903 3592 : (flags & INIT_PG_OVERRIDE_ROLE_LOGIN) != 0);
904 3590 : am_superuser = superuser();
905 : }
906 : }
907 : else
908 : {
909 : /* normal multiuser case */
910 : Assert(MyProcPort != NULL);
911 25206 : PerformAuthentication(MyProcPort);
912 25072 : InitializeSessionUserId(username, useroid, false);
913 : /* ensure that auth_method is actually valid, aka authn_id is not NULL */
914 25064 : if (MyClientConnectionInfo.authn_id)
915 248 : InitializeSystemUser(MyClientConnectionInfo.authn_id,
916 : hba_authname(MyClientConnectionInfo.auth_method));
917 25064 : am_superuser = superuser();
918 : }
919 :
920 : /* Report any SSL/GSS details for the session. */
921 32050 : if (MyProcPort != NULL)
922 : {
923 : Assert(!bootstrap);
924 :
925 25064 : pgstat_bestart_security();
926 : }
927 :
928 : /*
929 : * Binary upgrades only allowed super-user connections
930 : */
931 32050 : if (IsBinaryUpgrade && !am_superuser)
932 : {
933 0 : ereport(FATAL,
934 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
935 : errmsg("must be superuser to connect in binary upgrade mode")));
936 : }
937 :
938 : /*
939 : * The last few regular connection slots are reserved for superusers and
940 : * roles with privileges of pg_use_reserved_connections. We do not apply
941 : * these limits to background processes, since they all have their own
942 : * pools of PGPROC slots.
943 : *
944 : * Note: At this point, the new backend has already claimed a proc struct,
945 : * so we must check whether the number of free slots is strictly less than
946 : * the reserved connection limits.
947 : */
948 32050 : if (AmRegularBackendProcess() && !am_superuser &&
949 486 : (SuperuserReservedConnections + ReservedConnections) > 0 &&
950 486 : !HaveNFreeProcs(SuperuserReservedConnections + ReservedConnections, &nfree))
951 : {
952 8 : if (nfree < SuperuserReservedConnections)
953 2 : ereport(FATAL,
954 : (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
955 : errmsg("remaining connection slots are reserved for roles with the %s attribute",
956 : "SUPERUSER")));
957 :
958 6 : if (!has_privs_of_role(GetUserId(), ROLE_PG_USE_RESERVED_CONNECTIONS))
959 2 : ereport(FATAL,
960 : (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
961 : errmsg("remaining connection slots are reserved for roles with privileges of the \"%s\" role",
962 : "pg_use_reserved_connections")));
963 : }
964 :
965 : /* Check replication permissions needed for walsender processes. */
966 32046 : if (am_walsender)
967 : {
968 : Assert(!bootstrap);
969 :
970 2210 : if (!has_rolreplication(GetUserId()))
971 0 : ereport(FATAL,
972 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
973 : errmsg("permission denied to start WAL sender"),
974 : errdetail("Only roles with the %s attribute may start a WAL sender process.",
975 : "REPLICATION")));
976 : }
977 :
978 : /*
979 : * If this is a plain walsender only supporting physical replication, we
980 : * don't want to connect to any particular database. Just finish the
981 : * backend startup by processing any options from the startup packet, and
982 : * we're done.
983 : */
984 32046 : if (am_walsender && !am_db_walsender)
985 : {
986 : /* process any options passed in the startup packet */
987 906 : if (MyProcPort != NULL)
988 906 : process_startup_options(MyProcPort, am_superuser);
989 :
990 : /* Apply PostAuthDelay as soon as we've read all options */
991 906 : if (PostAuthDelay > 0)
992 0 : pg_usleep(PostAuthDelay * 1000000L);
993 :
994 : /* initialize client encoding */
995 906 : InitializeClientEncoding();
996 :
997 : /* fill in the remainder of this entry in the PgBackendStatus array */
998 906 : pgstat_bestart_final();
999 :
1000 : /* close the transaction we started above */
1001 906 : CommitTransactionCommand();
1002 :
1003 906 : return;
1004 : }
1005 :
1006 : /*
1007 : * Set up the global variables holding database id and default tablespace.
1008 : * But note we won't actually try to touch the database just yet.
1009 : *
1010 : * We take a shortcut in the bootstrap case, otherwise we have to look up
1011 : * the db's entry in pg_database.
1012 : */
1013 31140 : if (bootstrap)
1014 : {
1015 98 : dboid = Template1DbOid;
1016 98 : MyDatabaseTableSpace = DEFAULTTABLESPACE_OID;
1017 : }
1018 31042 : else if (in_dbname != NULL)
1019 : {
1020 : HeapTuple tuple;
1021 : Form_pg_database dbform;
1022 :
1023 24278 : tuple = GetDatabaseTuple(in_dbname);
1024 24278 : if (!HeapTupleIsValid(tuple))
1025 20 : ereport(FATAL,
1026 : (errcode(ERRCODE_UNDEFINED_DATABASE),
1027 : errmsg("database \"%s\" does not exist", in_dbname)));
1028 24258 : dbform = (Form_pg_database) GETSTRUCT(tuple);
1029 24258 : dboid = dbform->oid;
1030 : }
1031 6764 : else if (!OidIsValid(dboid))
1032 : {
1033 : /*
1034 : * If this is a background worker not bound to any particular
1035 : * database, we're done now. Everything that follows only makes sense
1036 : * if we are bound to a specific database. We do need to close the
1037 : * transaction we started before returning.
1038 : */
1039 796 : if (!bootstrap)
1040 : {
1041 796 : pgstat_bestart_final();
1042 796 : CommitTransactionCommand();
1043 : }
1044 796 : return;
1045 : }
1046 :
1047 : /*
1048 : * Now, take a writer's lock on the database we are trying to connect to.
1049 : * If there is a concurrently running DROP DATABASE on that database, this
1050 : * will block us until it finishes (and has committed its update of
1051 : * pg_database).
1052 : *
1053 : * Note that the lock is not held long, only until the end of this startup
1054 : * transaction. This is OK since we will advertise our use of the
1055 : * database in the ProcArray before dropping the lock (in fact, that's the
1056 : * next thing to do). Anyone trying a DROP DATABASE after this point will
1057 : * see us in the array once they have the lock. Ordering is important for
1058 : * this because we don't want to advertise ourselves as being in this
1059 : * database until we have the lock; otherwise we create what amounts to a
1060 : * deadlock with CountOtherDBBackends().
1061 : *
1062 : * Note: use of RowExclusiveLock here is reasonable because we envision
1063 : * our session as being a concurrent writer of the database. If we had a
1064 : * way of declaring a session as being guaranteed-read-only, we could use
1065 : * AccessShareLock for such sessions and thereby not conflict against
1066 : * CREATE DATABASE.
1067 : */
1068 30324 : if (!bootstrap)
1069 30226 : LockSharedObject(DatabaseRelationId, dboid, 0, RowExclusiveLock);
1070 :
1071 : /*
1072 : * Recheck pg_database to make sure the target database hasn't gone away.
1073 : * If there was a concurrent DROP DATABASE, this ensures we will die
1074 : * cleanly without creating a mess.
1075 : */
1076 30324 : if (!bootstrap)
1077 : {
1078 : HeapTuple tuple;
1079 : Form_pg_database datform;
1080 :
1081 30226 : tuple = GetDatabaseTupleByOid(dboid);
1082 30226 : if (HeapTupleIsValid(tuple))
1083 30226 : datform = (Form_pg_database) GETSTRUCT(tuple);
1084 :
1085 30226 : if (!HeapTupleIsValid(tuple) ||
1086 24258 : (in_dbname && namestrcmp(&datform->datname, in_dbname)))
1087 : {
1088 0 : if (in_dbname)
1089 0 : ereport(FATAL,
1090 : (errcode(ERRCODE_UNDEFINED_DATABASE),
1091 : errmsg("database \"%s\" does not exist", in_dbname),
1092 : errdetail("It seems to have just been dropped or renamed.")));
1093 : else
1094 0 : ereport(FATAL,
1095 : (errcode(ERRCODE_UNDEFINED_DATABASE),
1096 : errmsg("database %u does not exist", dboid)));
1097 : }
1098 :
1099 30226 : strlcpy(dbname, NameStr(datform->datname), sizeof(dbname));
1100 :
1101 30226 : if (database_is_invalid_form(datform))
1102 : {
1103 8 : ereport(FATAL,
1104 : errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
1105 : errmsg("cannot connect to invalid database \"%s\"", dbname),
1106 : errhint("Use DROP DATABASE to drop invalid databases."));
1107 : }
1108 :
1109 30218 : MyDatabaseTableSpace = datform->dattablespace;
1110 30218 : MyDatabaseHasLoginEventTriggers = datform->dathasloginevt;
1111 : /* pass the database name back to the caller */
1112 30218 : if (out_dbname)
1113 2374 : strcpy(out_dbname, dbname);
1114 : }
1115 :
1116 : /*
1117 : * Now that we rechecked, we are certain to be connected to a database and
1118 : * thus can set MyDatabaseId.
1119 : *
1120 : * It is important that MyDatabaseId only be set once we are sure that the
1121 : * target database can no longer be concurrently dropped or renamed. For
1122 : * example, without this guarantee, pgstat_update_dbstats() could create
1123 : * entries for databases that were just dropped in the pgstat shutdown
1124 : * callback, which could confuse other code paths like the autovacuum
1125 : * scheduler.
1126 : */
1127 30316 : MyDatabaseId = dboid;
1128 :
1129 : /*
1130 : * Now we can mark our PGPROC entry with the database ID.
1131 : *
1132 : * We assume this is an atomic store so no lock is needed; though actually
1133 : * things would work fine even if it weren't atomic. Anyone searching the
1134 : * ProcArray for this database's ID should hold the database lock, so they
1135 : * would not be executing concurrently with this store. A process looking
1136 : * for another database's ID could in theory see a chance match if it read
1137 : * a partially-updated databaseId value; but as long as all such searches
1138 : * wait and retry, as in CountOtherDBBackends(), they will certainly see
1139 : * the correct value on their next try.
1140 : */
1141 30316 : MyProc->databaseId = MyDatabaseId;
1142 :
1143 : /*
1144 : * We established a catalog snapshot while reading pg_authid and/or
1145 : * pg_database; but until we have set up MyDatabaseId, we won't react to
1146 : * incoming sinval messages for unshared catalogs, so we won't realize it
1147 : * if the snapshot has been invalidated. Assume it's no good anymore.
1148 : */
1149 30316 : InvalidateCatalogSnapshot();
1150 :
1151 : /*
1152 : * Now we should be able to access the database directory safely. Verify
1153 : * it's there and looks reasonable.
1154 : */
1155 30316 : fullpath = GetDatabasePath(MyDatabaseId, MyDatabaseTableSpace);
1156 :
1157 30316 : if (!bootstrap)
1158 : {
1159 30218 : if (access(fullpath, F_OK) == -1)
1160 : {
1161 0 : if (errno == ENOENT)
1162 0 : ereport(FATAL,
1163 : (errcode(ERRCODE_UNDEFINED_DATABASE),
1164 : errmsg("database \"%s\" does not exist",
1165 : dbname),
1166 : errdetail("The database subdirectory \"%s\" is missing.",
1167 : fullpath)));
1168 : else
1169 0 : ereport(FATAL,
1170 : (errcode_for_file_access(),
1171 : errmsg("could not access directory \"%s\": %m",
1172 : fullpath)));
1173 : }
1174 :
1175 30218 : ValidatePgVersion(fullpath);
1176 : }
1177 :
1178 30316 : SetDatabasePath(fullpath);
1179 30316 : pfree(fullpath);
1180 :
1181 : /*
1182 : * It's now possible to do real access to the system catalogs.
1183 : *
1184 : * Load relcache entries for the system catalogs. This must create at
1185 : * least the minimum set of "nailed-in" cache entries.
1186 : */
1187 30316 : RelationCacheInitializePhase3();
1188 :
1189 : /* set up ACL framework (so CheckMyDatabase can check permissions) */
1190 30310 : initialize_acl();
1191 :
1192 : /*
1193 : * Re-read the pg_database row for our database, check permissions and set
1194 : * up database-specific GUC settings. We can't do this until all the
1195 : * database-access infrastructure is up. (Also, it wants to know if the
1196 : * user is a superuser, so the above stuff has to happen first.)
1197 : */
1198 30310 : if (!bootstrap)
1199 30212 : CheckMyDatabase(dbname, am_superuser,
1200 30212 : (flags & INIT_PG_OVERRIDE_ALLOW_CONNS) != 0);
1201 :
1202 : /*
1203 : * Now process any command-line switches and any additional GUC variable
1204 : * settings passed in the startup packet. We couldn't do this before
1205 : * because we didn't know if client is a superuser.
1206 : */
1207 30304 : if (MyProcPort != NULL)
1208 24126 : process_startup_options(MyProcPort, am_superuser);
1209 :
1210 : /* Process pg_db_role_setting options */
1211 30304 : process_settings(MyDatabaseId, GetSessionUserId());
1212 :
1213 : /* Apply PostAuthDelay as soon as we've read all options */
1214 30302 : if (PostAuthDelay > 0)
1215 0 : pg_usleep(PostAuthDelay * 1000000L);
1216 :
1217 : /*
1218 : * Initialize various default states that can't be set up until we've
1219 : * selected the active user and gotten the right GUC settings.
1220 : */
1221 :
1222 : /* set default namespace search path */
1223 30302 : InitializeSearchPath();
1224 :
1225 : /* initialize client encoding */
1226 30302 : InitializeClientEncoding();
1227 :
1228 : /* Initialize this backend's session state. */
1229 30302 : InitializeSession();
1230 :
1231 : /*
1232 : * If this is an interactive session, load any libraries that should be
1233 : * preloaded at backend start. Since those are determined by GUCs, this
1234 : * can't happen until GUC settings are complete, but we want it to happen
1235 : * during the initial transaction in case anything that requires database
1236 : * access needs to be done.
1237 : */
1238 30302 : if ((flags & INIT_PG_LOAD_SESSION_LIBS) != 0)
1239 22934 : process_session_preload_libraries();
1240 :
1241 : /* fill in the remainder of this entry in the PgBackendStatus array */
1242 30302 : if (!bootstrap)
1243 30204 : pgstat_bestart_final();
1244 :
1245 : /* close the transaction we started above */
1246 30302 : if (!bootstrap)
1247 30204 : CommitTransactionCommand();
1248 : }
1249 :
1250 : /*
1251 : * Process any command-line switches and any additional GUC variable
1252 : * settings passed in the startup packet.
1253 : */
1254 : static void
1255 25032 : process_startup_options(Port *port, bool am_superuser)
1256 : {
1257 : GucContext gucctx;
1258 : ListCell *gucopts;
1259 :
1260 25032 : gucctx = am_superuser ? PGC_SU_BACKEND : PGC_BACKEND;
1261 :
1262 : /*
1263 : * First process any command-line switches that were included in the
1264 : * startup packet, if we are in a regular backend.
1265 : */
1266 25032 : if (port->cmdline_options != NULL)
1267 : {
1268 : /*
1269 : * The maximum possible number of commandline arguments that could
1270 : * come from port->cmdline_options is (strlen + 1) / 2; see
1271 : * pg_split_opts().
1272 : */
1273 : char **av;
1274 : int maxac;
1275 : int ac;
1276 :
1277 7098 : maxac = 2 + (strlen(port->cmdline_options) + 1) / 2;
1278 :
1279 7098 : av = (char **) palloc(maxac * sizeof(char *));
1280 7098 : ac = 0;
1281 :
1282 7098 : av[ac++] = "postgres";
1283 :
1284 7098 : pg_split_opts(av, &ac, port->cmdline_options);
1285 :
1286 7098 : av[ac] = NULL;
1287 :
1288 : Assert(ac < maxac);
1289 :
1290 7098 : (void) process_postgres_switches(ac, av, gucctx, NULL);
1291 : }
1292 :
1293 : /*
1294 : * Process any additional GUC variable settings passed in startup packet.
1295 : * These are handled exactly like command-line variables.
1296 : */
1297 25032 : gucopts = list_head(port->guc_options);
1298 60264 : while (gucopts)
1299 : {
1300 : char *name;
1301 : char *value;
1302 :
1303 35232 : name = lfirst(gucopts);
1304 35232 : gucopts = lnext(port->guc_options, gucopts);
1305 :
1306 35232 : value = lfirst(gucopts);
1307 35232 : gucopts = lnext(port->guc_options, gucopts);
1308 :
1309 35232 : SetConfigOption(name, value, gucctx, PGC_S_CLIENT);
1310 : }
1311 25032 : }
1312 :
1313 : /*
1314 : * Load GUC settings from pg_db_role_setting.
1315 : *
1316 : * We try specific settings for the database/role combination, as well as
1317 : * general for this database and for this user.
1318 : */
1319 : static void
1320 30304 : process_settings(Oid databaseid, Oid roleid)
1321 : {
1322 : Relation relsetting;
1323 : Snapshot snapshot;
1324 :
1325 30304 : if (!IsUnderPostmaster)
1326 210 : return;
1327 :
1328 30094 : relsetting = table_open(DbRoleSettingRelationId, AccessShareLock);
1329 :
1330 : /* read all the settings under the same snapshot for efficiency */
1331 30094 : snapshot = RegisterSnapshot(GetCatalogSnapshot(DbRoleSettingRelationId));
1332 :
1333 : /* Later settings are ignored if set earlier. */
1334 30094 : ApplySetting(snapshot, databaseid, roleid, relsetting, PGC_S_DATABASE_USER);
1335 30092 : ApplySetting(snapshot, InvalidOid, roleid, relsetting, PGC_S_USER);
1336 30092 : ApplySetting(snapshot, databaseid, InvalidOid, relsetting, PGC_S_DATABASE);
1337 30092 : ApplySetting(snapshot, InvalidOid, InvalidOid, relsetting, PGC_S_GLOBAL);
1338 :
1339 30092 : UnregisterSnapshot(snapshot);
1340 30092 : table_close(relsetting, AccessShareLock);
1341 : }
1342 :
1343 : /*
1344 : * Backend-shutdown callback. Do cleanup that we want to be sure happens
1345 : * before all the supporting modules begin to nail their doors shut via
1346 : * their own callbacks.
1347 : *
1348 : * User-level cleanup, such as temp-relation removal and UNLISTEN, happens
1349 : * via separate callbacks that execute before this one. We don't combine the
1350 : * callbacks because we still want this one to happen if the user-level
1351 : * cleanup fails.
1352 : */
1353 : static void
1354 32940 : ShutdownPostgres(int code, Datum arg)
1355 : {
1356 : /* Make sure we've killed any active transaction */
1357 32940 : AbortOutOfAnyTransaction();
1358 :
1359 : /*
1360 : * User locks are not released by transaction end, so be sure to release
1361 : * them explicitly.
1362 : */
1363 32940 : LockReleaseAll(USER_LOCKMETHOD, true);
1364 32940 : }
1365 :
1366 :
1367 : /*
1368 : * STATEMENT_TIMEOUT handler: trigger a query-cancel interrupt.
1369 : */
1370 : static void
1371 12 : StatementTimeoutHandler(void)
1372 : {
1373 12 : int sig = SIGINT;
1374 :
1375 : /*
1376 : * During authentication the timeout is used to deal with
1377 : * authentication_timeout - we want to quit in response to such timeouts.
1378 : */
1379 12 : if (ClientAuthInProgress)
1380 0 : sig = SIGTERM;
1381 :
1382 : #ifdef HAVE_SETSID
1383 : /* try to signal whole process group */
1384 12 : kill(-MyProcPid, sig);
1385 : #endif
1386 12 : kill(MyProcPid, sig);
1387 12 : }
1388 :
1389 : /*
1390 : * LOCK_TIMEOUT handler: trigger a query-cancel interrupt.
1391 : */
1392 : static void
1393 8 : LockTimeoutHandler(void)
1394 : {
1395 : #ifdef HAVE_SETSID
1396 : /* try to signal whole process group */
1397 8 : kill(-MyProcPid, SIGINT);
1398 : #endif
1399 8 : kill(MyProcPid, SIGINT);
1400 8 : }
1401 :
1402 : static void
1403 2 : TransactionTimeoutHandler(void)
1404 : {
1405 2 : TransactionTimeoutPending = true;
1406 2 : InterruptPending = true;
1407 2 : SetLatch(MyLatch);
1408 2 : }
1409 :
1410 : static void
1411 2 : IdleInTransactionSessionTimeoutHandler(void)
1412 : {
1413 2 : IdleInTransactionSessionTimeoutPending = true;
1414 2 : InterruptPending = true;
1415 2 : SetLatch(MyLatch);
1416 2 : }
1417 :
1418 : static void
1419 2 : IdleSessionTimeoutHandler(void)
1420 : {
1421 2 : IdleSessionTimeoutPending = true;
1422 2 : InterruptPending = true;
1423 2 : SetLatch(MyLatch);
1424 2 : }
1425 :
1426 : static void
1427 22 : IdleStatsUpdateTimeoutHandler(void)
1428 : {
1429 22 : IdleStatsUpdateTimeoutPending = true;
1430 22 : InterruptPending = true;
1431 22 : SetLatch(MyLatch);
1432 22 : }
1433 :
1434 : static void
1435 0 : ClientCheckTimeoutHandler(void)
1436 : {
1437 0 : CheckClientConnectionPending = true;
1438 0 : InterruptPending = true;
1439 0 : SetLatch(MyLatch);
1440 0 : }
1441 :
1442 : /*
1443 : * Returns true if at least one role is defined in this database cluster.
1444 : */
1445 : static bool
1446 116 : ThereIsAtLeastOneRole(void)
1447 : {
1448 : Relation pg_authid_rel;
1449 : TableScanDesc scan;
1450 : bool result;
1451 :
1452 116 : pg_authid_rel = table_open(AuthIdRelationId, AccessShareLock);
1453 :
1454 116 : scan = table_beginscan_catalog(pg_authid_rel, 0, NULL);
1455 116 : result = (heap_getnext(scan, ForwardScanDirection) != NULL);
1456 :
1457 116 : table_endscan(scan);
1458 116 : table_close(pg_authid_rel, AccessShareLock);
1459 :
1460 116 : return result;
1461 : }
|