Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * pg_ctl --- start/stops/restarts the PostgreSQL server
4 : *
5 : * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
6 : *
7 : * src/bin/pg_ctl/pg_ctl.c
8 : *
9 : *-------------------------------------------------------------------------
10 : */
11 :
12 : #include "postgres_fe.h"
13 :
14 : #include <fcntl.h>
15 : #include <signal.h>
16 : #include <time.h>
17 : #include <sys/resource.h>
18 : #include <sys/stat.h>
19 : #include <sys/time.h>
20 : #include <sys/wait.h>
21 : #include <unistd.h>
22 :
23 :
24 : #include "catalog/pg_control.h"
25 : #include "common/controldata_utils.h"
26 : #include "common/file_perm.h"
27 : #include "common/logging.h"
28 : #include "common/string.h"
29 : #include "getopt_long.h"
30 : #include "utils/pidfile.h"
31 :
32 : #ifdef WIN32 /* on Unix, we don't need libpq */
33 : #include "pqexpbuffer.h"
34 : #endif
35 :
36 :
37 : typedef enum
38 : {
39 : SMART_MODE,
40 : FAST_MODE,
41 : IMMEDIATE_MODE
42 : } ShutdownMode;
43 :
44 : typedef enum
45 : {
46 : POSTMASTER_READY,
47 : POSTMASTER_STILL_STARTING,
48 : POSTMASTER_FAILED
49 : } WaitPMResult;
50 :
51 : typedef enum
52 : {
53 : NO_COMMAND = 0,
54 : INIT_COMMAND,
55 : START_COMMAND,
56 : STOP_COMMAND,
57 : RESTART_COMMAND,
58 : RELOAD_COMMAND,
59 : STATUS_COMMAND,
60 : PROMOTE_COMMAND,
61 : LOGROTATE_COMMAND,
62 : KILL_COMMAND,
63 : REGISTER_COMMAND,
64 : UNREGISTER_COMMAND,
65 : RUN_AS_SERVICE_COMMAND
66 : } CtlCommand;
67 :
68 : #define DEFAULT_WAIT 60
69 :
70 : #define USEC_PER_SEC 1000000
71 :
72 : #define WAITS_PER_SEC 10 /* should divide USEC_PER_SEC evenly */
73 :
74 : static bool do_wait = true;
75 : static int wait_seconds = DEFAULT_WAIT;
76 : static bool wait_seconds_arg = false;
77 : static bool silent_mode = false;
78 : static ShutdownMode shutdown_mode = FAST_MODE;
79 : static int sig = SIGINT; /* default */
80 : static CtlCommand ctl_command = NO_COMMAND;
81 : static char *pg_data = NULL;
82 : static char *pg_config = NULL;
83 : static char *pgdata_opt = NULL;
84 : static char *post_opts = NULL;
85 : static const char *progname;
86 : static char *log_file = NULL;
87 : static char *exec_path = NULL;
88 : static char *event_source = NULL;
89 : static char *register_servicename = "PostgreSQL"; /* FIXME: + version ID? */
90 : static char *register_username = NULL;
91 : static char *register_password = NULL;
92 : static char *argv0 = NULL;
93 : static bool allow_core_files = false;
94 : static time_t start_time;
95 :
96 : static char postopts_file[MAXPGPATH];
97 : static char version_file[MAXPGPATH];
98 : static char pid_file[MAXPGPATH];
99 : static char backup_file[MAXPGPATH];
100 : static char promote_file[MAXPGPATH];
101 : static char logrotate_file[MAXPGPATH];
102 :
103 : static volatile pid_t postmasterPID = -1;
104 :
105 : #ifdef WIN32
106 : static DWORD pgctl_start_type = SERVICE_AUTO_START;
107 : static SERVICE_STATUS status;
108 : static SERVICE_STATUS_HANDLE hStatus = (SERVICE_STATUS_HANDLE) 0;
109 : static HANDLE shutdownHandles[2];
110 :
111 : #define shutdownEvent shutdownHandles[0]
112 : #define postmasterProcess shutdownHandles[1]
113 : #endif
114 :
115 :
116 : static void write_stderr(const char *fmt,...) pg_attribute_printf(1, 2);
117 : static void do_advice(void);
118 : static void do_help(void);
119 : static void set_mode(char *modeopt);
120 : static void set_sig(char *signame);
121 : static void do_init(void);
122 : static void do_start(void);
123 : static void do_stop(void);
124 : static void do_restart(void);
125 : static void do_reload(void);
126 : static void do_status(void);
127 : static void do_promote(void);
128 : static void do_logrotate(void);
129 : static void do_kill(pid_t pid);
130 : static void print_msg(const char *msg);
131 : static void adjust_data_dir(void);
132 :
133 : #ifdef WIN32
134 : #include <versionhelpers.h>
135 : static bool pgwin32_IsInstalled(SC_HANDLE);
136 : static char *pgwin32_CommandLine(bool);
137 : static void pgwin32_doRegister(void);
138 : static void pgwin32_doUnregister(void);
139 : static void pgwin32_SetServiceStatus(DWORD);
140 : static void WINAPI pgwin32_ServiceHandler(DWORD);
141 : static void WINAPI pgwin32_ServiceMain(DWORD, LPTSTR *);
142 : static void pgwin32_doRunAsService(void);
143 : static int CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, bool as_service);
144 : static PTOKEN_PRIVILEGES GetPrivilegesToDelete(HANDLE hToken);
145 : #endif
146 :
147 : static pid_t get_pgpid(bool is_status_request);
148 : static char **readfile(const char *path, int *numlines);
149 : static void free_readfile(char **optlines);
150 : static pid_t start_postmaster(void);
151 : static void read_post_opts(void);
152 :
153 : static WaitPMResult wait_for_postmaster_start(pid_t pm_pid, bool do_checkpoint);
154 : static bool wait_for_postmaster_stop(void);
155 : static bool wait_for_postmaster_promote(void);
156 : static bool postmaster_is_alive(pid_t pid);
157 :
158 : #if defined(HAVE_GETRLIMIT)
159 : static void unlimit_core_size(void);
160 : #endif
161 :
162 : static DBState get_control_dbstate(void);
163 :
164 :
165 : #ifdef WIN32
166 : static void
167 : write_eventlog(int level, const char *line)
168 : {
169 : static HANDLE evtHandle = INVALID_HANDLE_VALUE;
170 :
171 : if (silent_mode && level == EVENTLOG_INFORMATION_TYPE)
172 : return;
173 :
174 : if (evtHandle == INVALID_HANDLE_VALUE)
175 : {
176 : evtHandle = RegisterEventSource(NULL,
177 : event_source ? event_source : DEFAULT_EVENT_SOURCE);
178 : if (evtHandle == NULL)
179 : {
180 : evtHandle = INVALID_HANDLE_VALUE;
181 : return;
182 : }
183 : }
184 :
185 : ReportEvent(evtHandle,
186 : level,
187 : 0,
188 : 0, /* All events are Id 0 */
189 : NULL,
190 : 1,
191 : 0,
192 : &line,
193 : NULL);
194 : }
195 : #endif
196 :
197 : /*
198 : * Write errors to stderr (or by equal means when stderr is
199 : * not available).
200 : */
201 : static void
202 56 : write_stderr(const char *fmt,...)
203 : {
204 : va_list ap;
205 :
206 56 : va_start(ap, fmt);
207 : #ifndef WIN32
208 : /* On Unix, we just fprintf to stderr */
209 56 : vfprintf(stderr, fmt, ap);
210 : #else
211 :
212 : /*
213 : * On Win32, we print to stderr if running on a console, or write to
214 : * eventlog if running as a service
215 : */
216 : if (pgwin32_is_service()) /* Running as a service */
217 : {
218 : char errbuf[2048]; /* Arbitrary size? */
219 :
220 : vsnprintf(errbuf, sizeof(errbuf), fmt, ap);
221 :
222 : write_eventlog(EVENTLOG_ERROR_TYPE, errbuf);
223 : }
224 : else
225 : /* Not running as service, write to stderr */
226 : vfprintf(stderr, fmt, ap);
227 : #endif
228 56 : va_end(ap);
229 56 : }
230 :
231 : /*
232 : * Given an already-localized string, print it to stdout unless the
233 : * user has specified that no messages should be printed.
234 : */
235 : static void
236 9626 : print_msg(const char *msg)
237 : {
238 9626 : if (!silent_mode)
239 : {
240 8988 : fputs(msg, stdout);
241 8988 : fflush(stdout);
242 : }
243 9626 : }
244 :
245 : static pid_t
246 5400 : get_pgpid(bool is_status_request)
247 : {
248 : FILE *pidf;
249 : int pid;
250 : struct stat statbuf;
251 :
252 5400 : if (stat(pg_data, &statbuf) != 0)
253 : {
254 6 : if (errno == ENOENT)
255 6 : write_stderr(_("%s: directory \"%s\" does not exist\n"), progname,
256 : pg_data);
257 : else
258 0 : write_stderr(_("%s: could not access directory \"%s\": %s\n"), progname,
259 0 : pg_data, strerror(errno));
260 :
261 : /*
262 : * The Linux Standard Base Core Specification 3.1 says this should
263 : * return '4, program or service status is unknown'
264 : * https://refspecs.linuxbase.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
265 : */
266 6 : exit(is_status_request ? 4 : 1);
267 : }
268 :
269 5394 : if (stat(version_file, &statbuf) != 0 && errno == ENOENT)
270 : {
271 0 : write_stderr(_("%s: directory \"%s\" is not a database cluster directory\n"),
272 : progname, pg_data);
273 0 : exit(is_status_request ? 4 : 1);
274 : }
275 :
276 5394 : pidf = fopen(pid_file, "r");
277 5394 : if (pidf == NULL)
278 : {
279 : /* No pid file, not an error on startup */
280 2146 : if (errno == ENOENT)
281 2146 : return 0;
282 : else
283 : {
284 0 : write_stderr(_("%s: could not open PID file \"%s\": %s\n"),
285 0 : progname, pid_file, strerror(errno));
286 0 : exit(1);
287 : }
288 : }
289 3248 : if (fscanf(pidf, "%d", &pid) != 1)
290 : {
291 : /* Is the file empty? */
292 0 : if (ftell(pidf) == 0 && feof(pidf))
293 0 : write_stderr(_("%s: the PID file \"%s\" is empty\n"),
294 : progname, pid_file);
295 : else
296 0 : write_stderr(_("%s: invalid data in PID file \"%s\"\n"),
297 : progname, pid_file);
298 0 : exit(1);
299 : }
300 3248 : fclose(pidf);
301 3248 : return (pid_t) pid;
302 : }
303 :
304 :
305 : /*
306 : * get the lines from a text file - return NULL if file can't be opened
307 : *
308 : * Trailing newlines are deleted from the lines (this is a change from pre-v10)
309 : *
310 : * *numlines is set to the number of line pointers returned; there is
311 : * also an additional NULL pointer after the last real line.
312 : */
313 : static char **
314 4250 : readfile(const char *path, int *numlines)
315 : {
316 : int fd;
317 : int nlines;
318 : char **result;
319 : char *buffer;
320 : char *linebegin;
321 : int i;
322 : int n;
323 : int len;
324 : struct stat statbuf;
325 :
326 4250 : *numlines = 0; /* in case of failure or empty file */
327 :
328 : /*
329 : * Slurp the file into memory.
330 : *
331 : * The file can change concurrently, so we read the whole file into memory
332 : * with a single read() call. That's not guaranteed to get an atomic
333 : * snapshot, but in practice, for a small file, it's close enough for the
334 : * current use.
335 : */
336 4250 : fd = open(path, O_RDONLY | PG_BINARY, 0);
337 4250 : if (fd < 0)
338 1092 : return NULL;
339 3158 : if (fstat(fd, &statbuf) < 0)
340 : {
341 0 : close(fd);
342 0 : return NULL;
343 : }
344 3158 : if (statbuf.st_size == 0)
345 : {
346 : /* empty file */
347 0 : close(fd);
348 0 : result = (char **) pg_malloc(sizeof(char *));
349 0 : *result = NULL;
350 0 : return result;
351 : }
352 3158 : buffer = pg_malloc(statbuf.st_size + 1);
353 :
354 3158 : len = read(fd, buffer, statbuf.st_size + 1);
355 3158 : close(fd);
356 3158 : if (len != statbuf.st_size)
357 : {
358 : /* oops, the file size changed between fstat and read */
359 0 : free(buffer);
360 0 : return NULL;
361 : }
362 :
363 : /*
364 : * Count newlines. We expect there to be a newline after each full line,
365 : * including one at the end of file. If there isn't a newline at the end,
366 : * any characters after the last newline will be ignored.
367 : */
368 3158 : nlines = 0;
369 530886 : for (i = 0; i < len; i++)
370 : {
371 527728 : if (buffer[i] == '\n')
372 24078 : nlines++;
373 : }
374 :
375 : /* set up the result buffer */
376 3158 : result = (char **) pg_malloc((nlines + 1) * sizeof(char *));
377 3158 : *numlines = nlines;
378 :
379 : /* now split the buffer into lines */
380 3158 : linebegin = buffer;
381 3158 : n = 0;
382 530886 : for (i = 0; i < len; i++)
383 : {
384 527728 : if (buffer[i] == '\n')
385 : {
386 24078 : int slen = &buffer[i] - linebegin;
387 24078 : char *linebuf = pg_malloc(slen + 1);
388 :
389 24078 : memcpy(linebuf, linebegin, slen);
390 : /* we already dropped the \n, but get rid of any \r too */
391 24078 : if (slen > 0 && linebuf[slen - 1] == '\r')
392 0 : slen--;
393 24078 : linebuf[slen] = '\0';
394 24078 : result[n++] = linebuf;
395 24078 : linebegin = &buffer[i + 1];
396 : }
397 : }
398 3158 : result[n] = NULL;
399 :
400 3158 : free(buffer);
401 :
402 3158 : return result;
403 : }
404 :
405 :
406 : /*
407 : * Free memory allocated for optlines through readfile()
408 : */
409 : static void
410 4250 : free_readfile(char **optlines)
411 : {
412 4250 : char *curr_line = NULL;
413 4250 : int i = 0;
414 :
415 4250 : if (!optlines)
416 1092 : return;
417 :
418 27236 : while ((curr_line = optlines[i++]))
419 24078 : free(curr_line);
420 :
421 3158 : free(optlines);
422 : }
423 :
424 : /*
425 : * start/test/stop routines
426 : */
427 :
428 : /*
429 : * Start the postmaster and return its PID.
430 : *
431 : * Currently, on Windows what we return is the PID of the shell process
432 : * that launched the postmaster (and, we trust, is waiting for it to exit).
433 : * So the PID is usable for "is the postmaster still running" checks,
434 : * but cannot be compared directly to postmaster.pid.
435 : *
436 : * On Windows, we also save aside a handle to the shell process in
437 : * "postmasterProcess", which the caller should close when done with it.
438 : */
439 : static pid_t
440 1086 : start_postmaster(void)
441 : {
442 : char *cmd;
443 :
444 : #ifndef WIN32
445 : pid_t pm_pid;
446 :
447 : /* Flush stdio channels just before fork, to avoid double-output problems */
448 1086 : fflush(NULL);
449 :
450 : #ifdef EXEC_BACKEND
451 : pg_disable_aslr();
452 : #endif
453 :
454 1086 : pm_pid = fork();
455 2172 : if (pm_pid < 0)
456 : {
457 : /* fork failed */
458 0 : write_stderr(_("%s: could not start server: %s\n"),
459 0 : progname, strerror(errno));
460 0 : exit(1);
461 : }
462 2172 : if (pm_pid > 0)
463 : {
464 : /* fork succeeded, in parent */
465 1086 : return pm_pid;
466 : }
467 :
468 : /* fork succeeded, in child */
469 :
470 : /*
471 : * If possible, detach the postmaster process from the launching process
472 : * group and make it a group leader, so that it doesn't get signaled along
473 : * with the current group that launched it.
474 : */
475 : #ifdef HAVE_SETSID
476 1086 : if (setsid() < 0)
477 : {
478 0 : write_stderr(_("%s: could not start server due to setsid() failure: %s\n"),
479 0 : progname, strerror(errno));
480 0 : exit(1);
481 : }
482 : #endif
483 :
484 : /*
485 : * Since there might be quotes to handle here, it is easier simply to pass
486 : * everything to a shell to process them. Use exec so that the postmaster
487 : * has the same PID as the current child process.
488 : */
489 1086 : if (log_file != NULL)
490 1080 : cmd = psprintf("exec \"%s\" %s%s < \"%s\" >> \"%s\" 2>&1",
491 : exec_path, pgdata_opt, post_opts,
492 : DEVNULL, log_file);
493 : else
494 6 : cmd = psprintf("exec \"%s\" %s%s < \"%s\" 2>&1",
495 : exec_path, pgdata_opt, post_opts, DEVNULL);
496 :
497 1086 : (void) execl("/bin/sh", "/bin/sh", "-c", cmd, (char *) NULL);
498 :
499 : /* exec failed */
500 0 : write_stderr(_("%s: could not start server: %s\n"),
501 1086 : progname, strerror(errno));
502 0 : exit(1);
503 :
504 : return 0; /* keep dumb compilers quiet */
505 :
506 : #else /* WIN32 */
507 :
508 : /*
509 : * As with the Unix case, it's easiest to use the shell (CMD.EXE) to
510 : * handle redirection etc. Unfortunately CMD.EXE lacks any equivalent of
511 : * "exec", so we don't get to find out the postmaster's PID immediately.
512 : */
513 : PROCESS_INFORMATION pi;
514 : const char *comspec;
515 :
516 : /* Find CMD.EXE location using COMSPEC, if it's set */
517 : comspec = getenv("COMSPEC");
518 : if (comspec == NULL)
519 : comspec = "CMD";
520 :
521 : if (log_file != NULL)
522 : {
523 : /*
524 : * First, open the log file if it exists. The idea is that if the
525 : * file is still locked by a previous postmaster run, we'll wait until
526 : * it comes free, instead of failing with ERROR_SHARING_VIOLATION.
527 : * (It'd be better to open the file in a sharing-friendly mode, but we
528 : * can't use CMD.EXE to do that, so work around it. Note that the
529 : * previous postmaster will still have the file open for a short time
530 : * after removing postmaster.pid.)
531 : *
532 : * If the log file doesn't exist, we *must not* create it here. If we
533 : * were launched with higher privileges than the restricted process
534 : * will have, the log file might end up with permissions settings that
535 : * prevent the postmaster from writing on it.
536 : */
537 : int fd = open(log_file, O_RDWR, 0);
538 :
539 : if (fd == -1)
540 : {
541 : /*
542 : * ENOENT is expectable since we didn't use O_CREAT. Otherwise
543 : * complain. We could just fall through and let CMD.EXE report
544 : * the problem, but its error reporting is pretty miserable.
545 : */
546 : if (errno != ENOENT)
547 : {
548 : write_stderr(_("%s: could not open log file \"%s\": %s\n"),
549 : progname, log_file, strerror(errno));
550 : exit(1);
551 : }
552 : }
553 : else
554 : close(fd);
555 :
556 : cmd = psprintf("\"%s\" /C \"\"%s\" %s%s < \"%s\" >> \"%s\" 2>&1\"",
557 : comspec, exec_path, pgdata_opt, post_opts, DEVNULL, log_file);
558 : }
559 : else
560 : cmd = psprintf("\"%s\" /C \"\"%s\" %s%s < \"%s\" 2>&1\"",
561 : comspec, exec_path, pgdata_opt, post_opts, DEVNULL);
562 :
563 : if (!CreateRestrictedProcess(cmd, &pi, false))
564 : {
565 : write_stderr(_("%s: could not start server: error code %lu\n"),
566 : progname, (unsigned long) GetLastError());
567 : exit(1);
568 : }
569 : /* Don't close command process handle here; caller must do so */
570 : postmasterProcess = pi.hProcess;
571 : CloseHandle(pi.hThread);
572 : return pi.dwProcessId; /* Shell's PID, not postmaster's! */
573 : #endif /* WIN32 */
574 : }
575 :
576 :
577 :
578 : /*
579 : * Wait for the postmaster to become ready.
580 : *
581 : * On Unix, pm_pid is the PID of the just-launched postmaster. On Windows,
582 : * it may be the PID of an ancestor shell process, so we can't check the
583 : * contents of postmaster.pid quite as carefully.
584 : *
585 : * On Windows, the static variable postmasterProcess is an implicit argument
586 : * to this routine; it contains a handle to the postmaster process or an
587 : * ancestor shell process thereof.
588 : *
589 : * Note that the checkpoint parameter enables a Windows service control
590 : * manager checkpoint, it's got nothing to do with database checkpoints!!
591 : */
592 : static WaitPMResult
593 1086 : wait_for_postmaster_start(pid_t pm_pid, bool do_checkpoint)
594 : {
595 : int i;
596 :
597 4084 : for (i = 0; i < wait_seconds * WAITS_PER_SEC; i++)
598 : {
599 : char **optlines;
600 : int numlines;
601 :
602 : /*
603 : * Try to read the postmaster.pid file. If it's not valid, or if the
604 : * status line isn't there yet, just keep waiting.
605 : */
606 4084 : if ((optlines = readfile(pid_file, &numlines)) != NULL &&
607 2992 : numlines >= LOCK_FILE_LINE_PM_STATUS)
608 : {
609 : /* File is complete enough for us, parse it */
610 : pid_t pmpid;
611 : time_t pmstart;
612 :
613 : /*
614 : * Make sanity checks. If it's for the wrong PID, or the recorded
615 : * start time is before pg_ctl started, then either we are looking
616 : * at the wrong data directory, or this is a pre-existing pidfile
617 : * that hasn't (yet?) been overwritten by our child postmaster.
618 : * Allow 2 seconds slop for possible cross-process clock skew.
619 : */
620 2968 : pmpid = atol(optlines[LOCK_FILE_LINE_PID - 1]);
621 2968 : pmstart = atol(optlines[LOCK_FILE_LINE_START_TIME - 1]);
622 2968 : if (pmstart >= start_time - 2 &&
623 : #ifndef WIN32
624 : pmpid == pm_pid
625 : #else
626 : /* Windows can only reject standalone-backend PIDs */
627 : pmpid > 0
628 : #endif
629 : )
630 : {
631 : /*
632 : * OK, seems to be a valid pidfile from our child. Check the
633 : * status line (this assumes a v10 or later server).
634 : */
635 2960 : char *pmstatus = optlines[LOCK_FILE_LINE_PM_STATUS - 1];
636 :
637 2960 : if (strcmp(pmstatus, PM_STATUS_READY) == 0 ||
638 1892 : strcmp(pmstatus, PM_STATUS_STANDBY) == 0)
639 : {
640 : /* postmaster is done starting up */
641 1072 : free_readfile(optlines);
642 1086 : return POSTMASTER_READY;
643 : }
644 : }
645 : }
646 :
647 : /*
648 : * Free the results of readfile.
649 : *
650 : * This is safe to call even if optlines is NULL.
651 : */
652 3012 : free_readfile(optlines);
653 :
654 : /*
655 : * Check whether the child postmaster process is still alive. This
656 : * lets us exit early if the postmaster fails during startup.
657 : *
658 : * On Windows, we may be checking the postmaster's parent shell, but
659 : * that's fine for this purpose.
660 : */
661 : #ifndef WIN32
662 : {
663 : int exitstatus;
664 :
665 3012 : if (waitpid(pm_pid, &exitstatus, WNOHANG) == pm_pid)
666 14 : return POSTMASTER_FAILED;
667 : }
668 : #else
669 : if (WaitForSingleObject(postmasterProcess, 0) == WAIT_OBJECT_0)
670 : return POSTMASTER_FAILED;
671 : #endif
672 :
673 : /* Startup still in process; wait, printing a dot once per second */
674 2998 : if (i % WAITS_PER_SEC == 0)
675 : {
676 : #ifdef WIN32
677 : if (do_checkpoint)
678 : {
679 : /*
680 : * Increment the wait hint by 6 secs (connection timeout +
681 : * sleep). We must do this to indicate to the SCM that our
682 : * startup time is changing, otherwise it'll usually send a
683 : * stop signal after 20 seconds, despite incrementing the
684 : * checkpoint counter.
685 : */
686 : status.dwWaitHint += 6000;
687 : status.dwCheckPoint++;
688 : SetServiceStatus(hStatus, (LPSERVICE_STATUS) &status);
689 : }
690 : else
691 : #endif
692 1086 : print_msg(".");
693 : }
694 :
695 2998 : pg_usleep(USEC_PER_SEC / WAITS_PER_SEC);
696 : }
697 :
698 : /* out of patience; report that postmaster is still starting up */
699 0 : return POSTMASTER_STILL_STARTING;
700 : }
701 :
702 :
703 : /*
704 : * Wait for the postmaster to stop.
705 : *
706 : * Returns true if the postmaster stopped cleanly (i.e., removed its pidfile).
707 : * Returns false if the postmaster dies uncleanly, or if we time out.
708 : */
709 : static bool
710 1218 : wait_for_postmaster_stop(void)
711 : {
712 : int cnt;
713 :
714 2784 : for (cnt = 0; cnt < wait_seconds * WAITS_PER_SEC; cnt++)
715 : {
716 : pid_t pid;
717 :
718 2784 : if ((pid = get_pgpid(false)) == 0)
719 1218 : return true; /* pid file is gone */
720 :
721 1566 : if (kill(pid, 0) != 0)
722 : {
723 : /*
724 : * Postmaster seems to have died. Check the pid file once more to
725 : * avoid a race condition, but give up waiting.
726 : */
727 0 : if (get_pgpid(false) == 0)
728 0 : return true; /* pid file is gone */
729 0 : return false; /* postmaster died untimely */
730 : }
731 :
732 1566 : if (cnt % WAITS_PER_SEC == 0)
733 1190 : print_msg(".");
734 1566 : pg_usleep(USEC_PER_SEC / WAITS_PER_SEC);
735 : }
736 0 : return false; /* timeout reached */
737 : }
738 :
739 :
740 : /*
741 : * Wait for the postmaster to promote.
742 : *
743 : * Returns true on success, else false.
744 : * To avoid waiting uselessly, we check for postmaster death here too.
745 : */
746 : static bool
747 68 : wait_for_postmaster_promote(void)
748 : {
749 : int cnt;
750 :
751 206 : for (cnt = 0; cnt < wait_seconds * WAITS_PER_SEC; cnt++)
752 : {
753 : pid_t pid;
754 : DBState state;
755 :
756 206 : if ((pid = get_pgpid(false)) == 0)
757 0 : return false; /* pid file is gone */
758 206 : if (kill(pid, 0) != 0)
759 0 : return false; /* postmaster died */
760 :
761 206 : state = get_control_dbstate();
762 206 : if (state == DB_IN_PRODUCTION)
763 68 : return true; /* successful promotion */
764 :
765 138 : if (cnt % WAITS_PER_SEC == 0)
766 68 : print_msg(".");
767 138 : pg_usleep(USEC_PER_SEC / WAITS_PER_SEC);
768 : }
769 0 : return false; /* timeout reached */
770 : }
771 :
772 :
773 : #if defined(HAVE_GETRLIMIT)
774 : static void
775 0 : unlimit_core_size(void)
776 : {
777 : struct rlimit lim;
778 :
779 0 : getrlimit(RLIMIT_CORE, &lim);
780 0 : if (lim.rlim_max == 0)
781 : {
782 0 : write_stderr(_("%s: cannot set core file size limit; disallowed by hard limit\n"),
783 : progname);
784 0 : return;
785 : }
786 0 : else if (lim.rlim_max == RLIM_INFINITY || lim.rlim_cur < lim.rlim_max)
787 : {
788 0 : lim.rlim_cur = lim.rlim_max;
789 0 : setrlimit(RLIMIT_CORE, &lim);
790 : }
791 : }
792 : #endif
793 :
794 : static void
795 1086 : read_post_opts(void)
796 : {
797 1086 : if (post_opts == NULL)
798 : {
799 182 : post_opts = ""; /* default */
800 182 : if (ctl_command == RESTART_COMMAND)
801 : {
802 : char **optlines;
803 : int numlines;
804 :
805 164 : optlines = readfile(postopts_file, &numlines);
806 164 : if (optlines == NULL)
807 : {
808 0 : write_stderr(_("%s: could not read file \"%s\"\n"), progname, postopts_file);
809 0 : exit(1);
810 : }
811 164 : else if (numlines != 1)
812 : {
813 0 : write_stderr(_("%s: option file \"%s\" must have exactly one line\n"),
814 : progname, postopts_file);
815 0 : exit(1);
816 : }
817 : else
818 : {
819 : char *optline;
820 : char *arg1;
821 :
822 164 : optline = optlines[0];
823 :
824 : /*
825 : * Are we at the first option, as defined by space and
826 : * double-quote?
827 : */
828 164 : if ((arg1 = strstr(optline, " \"")) != NULL)
829 : {
830 164 : *arg1 = '\0'; /* terminate so we get only program name */
831 164 : post_opts = pg_strdup(arg1 + 1); /* point past whitespace */
832 : }
833 164 : if (exec_path == NULL)
834 164 : exec_path = pg_strdup(optline);
835 : }
836 :
837 : /* Free the results of readfile. */
838 164 : free_readfile(optlines);
839 : }
840 : }
841 1086 : }
842 :
843 : /*
844 : * SIGINT signal handler used while waiting for postmaster to start up.
845 : * Forwards the SIGINT to the postmaster process, asking it to shut down,
846 : * before terminating pg_ctl itself. This way, if the user hits CTRL-C while
847 : * waiting for the server to start up, the server launch is aborted.
848 : */
849 : static void
850 0 : trap_sigint_during_startup(SIGNAL_ARGS)
851 : {
852 0 : if (postmasterPID != -1)
853 : {
854 0 : if (kill(postmasterPID, SIGINT) != 0)
855 0 : write_stderr(_("%s: could not send stop signal (PID: %d): %s\n"),
856 0 : progname, (int) postmasterPID, strerror(errno));
857 : }
858 :
859 : /*
860 : * Clear the signal handler, and send the signal again, to terminate the
861 : * process as normal.
862 : */
863 0 : pqsignal(postgres_signal_arg, SIG_DFL);
864 0 : raise(postgres_signal_arg);
865 0 : }
866 :
867 : static char *
868 924 : find_other_exec_or_die(const char *argv0, const char *target, const char *versionstr)
869 : {
870 : int ret;
871 : char *found_path;
872 :
873 924 : found_path = pg_malloc(MAXPGPATH);
874 :
875 924 : if ((ret = find_other_exec(argv0, target, versionstr, found_path)) < 0)
876 : {
877 : char full_path[MAXPGPATH];
878 :
879 0 : if (find_my_exec(argv0, full_path) < 0)
880 0 : strlcpy(full_path, progname, sizeof(full_path));
881 :
882 0 : if (ret == -1)
883 0 : write_stderr(_("program \"%s\" is needed by %s but was not found in the same directory as \"%s\"\n"),
884 : target, progname, full_path);
885 : else
886 0 : write_stderr(_("program \"%s\" was found by \"%s\" but was not the same version as %s\n"),
887 : target, full_path, progname);
888 0 : exit(1);
889 : }
890 :
891 924 : return found_path;
892 : }
893 :
894 : static void
895 2 : do_init(void)
896 : {
897 : char *cmd;
898 :
899 2 : if (exec_path == NULL)
900 2 : exec_path = find_other_exec_or_die(argv0, "initdb", "initdb (PostgreSQL) " PG_VERSION "\n");
901 :
902 2 : if (pgdata_opt == NULL)
903 0 : pgdata_opt = "";
904 :
905 2 : if (post_opts == NULL)
906 0 : post_opts = "";
907 :
908 2 : if (!silent_mode)
909 2 : cmd = psprintf("\"%s\" %s%s",
910 : exec_path, pgdata_opt, post_opts);
911 : else
912 0 : cmd = psprintf("\"%s\" %s%s > \"%s\"",
913 : exec_path, pgdata_opt, post_opts, DEVNULL);
914 :
915 2 : fflush(NULL);
916 2 : if (system(cmd) != 0)
917 : {
918 0 : write_stderr(_("%s: database system initialization failed\n"), progname);
919 0 : exit(1);
920 : }
921 2 : }
922 :
923 : static void
924 1088 : do_start(void)
925 : {
926 1088 : pid_t old_pid = 0;
927 : pid_t pm_pid;
928 :
929 1088 : if (ctl_command != RESTART_COMMAND)
930 : {
931 924 : old_pid = get_pgpid(false);
932 922 : if (old_pid != 0)
933 6 : write_stderr(_("%s: another server might be running; "
934 : "trying to start server anyway\n"),
935 : progname);
936 : }
937 :
938 1086 : read_post_opts();
939 :
940 : /* No -D or -D already added during server start */
941 1086 : if (ctl_command == RESTART_COMMAND || pgdata_opt == NULL)
942 164 : pgdata_opt = "";
943 :
944 1086 : if (exec_path == NULL)
945 922 : exec_path = find_other_exec_or_die(argv0, "postgres", PG_BACKEND_VERSIONSTR);
946 :
947 : #if defined(HAVE_GETRLIMIT)
948 1086 : if (allow_core_files)
949 0 : unlimit_core_size();
950 : #endif
951 :
952 : /*
953 : * If possible, tell the postmaster our parent shell's PID (see the
954 : * comments in CreateLockFile() for motivation). Windows hasn't got
955 : * getppid() unfortunately.
956 : */
957 : #ifndef WIN32
958 : {
959 : char env_var[32];
960 :
961 1086 : snprintf(env_var, sizeof(env_var), "%d", (int) getppid());
962 1086 : setenv("PG_GRANDPARENT_PID", env_var, 1);
963 : }
964 : #endif
965 :
966 1086 : pm_pid = start_postmaster();
967 :
968 1086 : if (do_wait)
969 : {
970 : /*
971 : * If the user interrupts the startup (e.g. with CTRL-C), we'd like to
972 : * abort the server launch. Install a signal handler that will
973 : * forward SIGINT to the postmaster process, while we wait.
974 : *
975 : * (We don't bother to reset the signal handler after the launch, as
976 : * we're about to exit, anyway.)
977 : */
978 1086 : postmasterPID = pm_pid;
979 1086 : pqsignal(SIGINT, trap_sigint_during_startup);
980 :
981 1086 : print_msg(_("waiting for server to start..."));
982 :
983 1086 : switch (wait_for_postmaster_start(pm_pid, false))
984 : {
985 1072 : case POSTMASTER_READY:
986 1072 : print_msg(_(" done\n"));
987 1072 : print_msg(_("server started\n"));
988 1072 : break;
989 0 : case POSTMASTER_STILL_STARTING:
990 0 : print_msg(_(" stopped waiting\n"));
991 0 : write_stderr(_("%s: server did not start in time\n"),
992 : progname);
993 0 : exit(1);
994 : break;
995 14 : case POSTMASTER_FAILED:
996 14 : print_msg(_(" stopped waiting\n"));
997 14 : write_stderr(_("%s: could not start server\n"
998 : "Examine the log output.\n"),
999 : progname);
1000 14 : exit(1);
1001 : break;
1002 : }
1003 1072 : }
1004 : else
1005 0 : print_msg(_("server starting\n"));
1006 :
1007 : #ifdef WIN32
1008 : /* Now we don't need the handle to the shell process anymore */
1009 : CloseHandle(postmasterProcess);
1010 : postmasterProcess = INVALID_HANDLE_VALUE;
1011 : #endif
1012 1072 : }
1013 :
1014 :
1015 : static void
1016 1062 : do_stop(void)
1017 : {
1018 : pid_t pid;
1019 :
1020 1062 : pid = get_pgpid(false);
1021 :
1022 1062 : if (pid == 0) /* no pid file */
1023 : {
1024 2 : write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
1025 2 : write_stderr(_("Is server running?\n"));
1026 2 : exit(1);
1027 : }
1028 1060 : else if (pid < 0) /* standalone backend, not postmaster */
1029 : {
1030 0 : pid = -pid;
1031 0 : write_stderr(_("%s: cannot stop server; "
1032 : "single-user server is running (PID: %d)\n"),
1033 : progname, (int) pid);
1034 0 : exit(1);
1035 : }
1036 :
1037 1060 : if (kill(pid, sig) != 0)
1038 : {
1039 0 : write_stderr(_("%s: could not send stop signal (PID: %d): %s\n"), progname, (int) pid,
1040 0 : strerror(errno));
1041 0 : exit(1);
1042 : }
1043 :
1044 1060 : if (!do_wait)
1045 : {
1046 0 : print_msg(_("server shutting down\n"));
1047 0 : return;
1048 : }
1049 : else
1050 : {
1051 1060 : print_msg(_("waiting for server to shut down..."));
1052 :
1053 1060 : if (!wait_for_postmaster_stop())
1054 : {
1055 0 : print_msg(_(" failed\n"));
1056 :
1057 0 : write_stderr(_("%s: server does not shut down\n"), progname);
1058 0 : if (shutdown_mode == SMART_MODE)
1059 0 : write_stderr(_("HINT: The \"-m fast\" option immediately disconnects sessions rather than\n"
1060 : "waiting for session-initiated disconnection.\n"));
1061 0 : exit(1);
1062 : }
1063 1060 : print_msg(_(" done\n"));
1064 :
1065 1060 : print_msg(_("server stopped\n"));
1066 : }
1067 : }
1068 :
1069 :
1070 : /*
1071 : * restart/reload routines
1072 : */
1073 :
1074 : static void
1075 164 : do_restart(void)
1076 : {
1077 : pid_t pid;
1078 :
1079 164 : pid = get_pgpid(false);
1080 :
1081 164 : if (pid == 0) /* no pid file */
1082 : {
1083 6 : write_stderr(_("%s: PID file \"%s\" does not exist\n"),
1084 : progname, pid_file);
1085 6 : write_stderr(_("Is server running?\n"));
1086 6 : write_stderr(_("trying to start server anyway\n"));
1087 6 : do_start();
1088 6 : return;
1089 : }
1090 158 : else if (pid < 0) /* standalone backend, not postmaster */
1091 : {
1092 0 : pid = -pid;
1093 0 : if (postmaster_is_alive(pid))
1094 : {
1095 0 : write_stderr(_("%s: cannot restart server; "
1096 : "single-user server is running (PID: %d)\n"),
1097 : progname, (int) pid);
1098 0 : write_stderr(_("Please terminate the single-user server and try again.\n"));
1099 0 : exit(1);
1100 : }
1101 : }
1102 :
1103 158 : if (postmaster_is_alive(pid))
1104 : {
1105 158 : if (kill(pid, sig) != 0)
1106 : {
1107 0 : write_stderr(_("%s: could not send stop signal (PID: %d): %s\n"), progname, (int) pid,
1108 0 : strerror(errno));
1109 0 : exit(1);
1110 : }
1111 :
1112 158 : print_msg(_("waiting for server to shut down..."));
1113 :
1114 : /* always wait for restart */
1115 158 : if (!wait_for_postmaster_stop())
1116 : {
1117 0 : print_msg(_(" failed\n"));
1118 :
1119 0 : write_stderr(_("%s: server does not shut down\n"), progname);
1120 0 : if (shutdown_mode == SMART_MODE)
1121 0 : write_stderr(_("HINT: The \"-m fast\" option immediately disconnects sessions rather than\n"
1122 : "waiting for session-initiated disconnection.\n"));
1123 0 : exit(1);
1124 : }
1125 :
1126 158 : print_msg(_(" done\n"));
1127 158 : print_msg(_("server stopped\n"));
1128 : }
1129 : else
1130 : {
1131 0 : write_stderr(_("%s: old server process (PID: %d) seems to be gone\n"),
1132 : progname, (int) pid);
1133 0 : write_stderr(_("starting server anyway\n"));
1134 : }
1135 :
1136 158 : do_start();
1137 : }
1138 :
1139 : static void
1140 176 : do_reload(void)
1141 : {
1142 : pid_t pid;
1143 :
1144 176 : pid = get_pgpid(false);
1145 176 : if (pid == 0) /* no pid file */
1146 : {
1147 0 : write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
1148 0 : write_stderr(_("Is server running?\n"));
1149 0 : exit(1);
1150 : }
1151 176 : else if (pid < 0) /* standalone backend, not postmaster */
1152 : {
1153 0 : pid = -pid;
1154 0 : write_stderr(_("%s: cannot reload server; "
1155 : "single-user server is running (PID: %d)\n"),
1156 : progname, (int) pid);
1157 0 : write_stderr(_("Please terminate the single-user server and try again.\n"));
1158 0 : exit(1);
1159 : }
1160 :
1161 176 : if (kill(pid, sig) != 0)
1162 : {
1163 0 : write_stderr(_("%s: could not send reload signal (PID: %d): %s\n"),
1164 0 : progname, (int) pid, strerror(errno));
1165 0 : exit(1);
1166 : }
1167 :
1168 176 : print_msg(_("server signaled\n"));
1169 176 : }
1170 :
1171 :
1172 : /*
1173 : * promote
1174 : */
1175 :
1176 : static void
1177 76 : do_promote(void)
1178 : {
1179 : FILE *prmfile;
1180 : pid_t pid;
1181 :
1182 76 : pid = get_pgpid(false);
1183 :
1184 74 : if (pid == 0) /* no pid file */
1185 : {
1186 2 : write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
1187 2 : write_stderr(_("Is server running?\n"));
1188 2 : exit(1);
1189 : }
1190 72 : else if (pid < 0) /* standalone backend, not postmaster */
1191 : {
1192 0 : pid = -pid;
1193 0 : write_stderr(_("%s: cannot promote server; "
1194 : "single-user server is running (PID: %d)\n"),
1195 : progname, (int) pid);
1196 0 : exit(1);
1197 : }
1198 :
1199 72 : if (get_control_dbstate() != DB_IN_ARCHIVE_RECOVERY)
1200 : {
1201 2 : write_stderr(_("%s: cannot promote server; "
1202 : "server is not in standby mode\n"),
1203 : progname);
1204 2 : exit(1);
1205 : }
1206 :
1207 70 : snprintf(promote_file, MAXPGPATH, "%s/promote", pg_data);
1208 :
1209 70 : if ((prmfile = fopen(promote_file, "w")) == NULL)
1210 : {
1211 0 : write_stderr(_("%s: could not create promote signal file \"%s\": %s\n"),
1212 0 : progname, promote_file, strerror(errno));
1213 0 : exit(1);
1214 : }
1215 70 : if (fclose(prmfile))
1216 : {
1217 0 : write_stderr(_("%s: could not write promote signal file \"%s\": %s\n"),
1218 0 : progname, promote_file, strerror(errno));
1219 0 : exit(1);
1220 : }
1221 :
1222 70 : sig = SIGUSR1;
1223 70 : if (kill(pid, sig) != 0)
1224 : {
1225 0 : write_stderr(_("%s: could not send promote signal (PID: %d): %s\n"),
1226 0 : progname, (int) pid, strerror(errno));
1227 0 : if (unlink(promote_file) != 0)
1228 0 : write_stderr(_("%s: could not remove promote signal file \"%s\": %s\n"),
1229 0 : progname, promote_file, strerror(errno));
1230 0 : exit(1);
1231 : }
1232 :
1233 70 : if (do_wait)
1234 : {
1235 68 : print_msg(_("waiting for server to promote..."));
1236 68 : if (wait_for_postmaster_promote())
1237 : {
1238 68 : print_msg(_(" done\n"));
1239 68 : print_msg(_("server promoted\n"));
1240 : }
1241 : else
1242 : {
1243 0 : print_msg(_(" stopped waiting\n"));
1244 0 : write_stderr(_("%s: server did not promote in time\n"),
1245 : progname);
1246 0 : exit(1);
1247 : }
1248 : }
1249 : else
1250 2 : print_msg(_("server promoting\n"));
1251 70 : }
1252 :
1253 : /*
1254 : * log rotate
1255 : */
1256 :
1257 : static void
1258 2 : do_logrotate(void)
1259 : {
1260 : FILE *logrotatefile;
1261 : pid_t pid;
1262 :
1263 2 : pid = get_pgpid(false);
1264 :
1265 2 : if (pid == 0) /* no pid file */
1266 : {
1267 0 : write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
1268 0 : write_stderr(_("Is server running?\n"));
1269 0 : exit(1);
1270 : }
1271 2 : else if (pid < 0) /* standalone backend, not postmaster */
1272 : {
1273 0 : pid = -pid;
1274 0 : write_stderr(_("%s: cannot rotate log file; "
1275 : "single-user server is running (PID: %d)\n"),
1276 : progname, (int) pid);
1277 0 : exit(1);
1278 : }
1279 :
1280 2 : snprintf(logrotate_file, MAXPGPATH, "%s/logrotate", pg_data);
1281 :
1282 2 : if ((logrotatefile = fopen(logrotate_file, "w")) == NULL)
1283 : {
1284 0 : write_stderr(_("%s: could not create log rotation signal file \"%s\": %s\n"),
1285 0 : progname, logrotate_file, strerror(errno));
1286 0 : exit(1);
1287 : }
1288 2 : if (fclose(logrotatefile))
1289 : {
1290 0 : write_stderr(_("%s: could not write log rotation signal file \"%s\": %s\n"),
1291 0 : progname, logrotate_file, strerror(errno));
1292 0 : exit(1);
1293 : }
1294 :
1295 2 : sig = SIGUSR1;
1296 2 : if (kill(pid, sig) != 0)
1297 : {
1298 0 : write_stderr(_("%s: could not send log rotation signal (PID: %d): %s\n"),
1299 0 : progname, (int) pid, strerror(errno));
1300 0 : if (unlink(logrotate_file) != 0)
1301 0 : write_stderr(_("%s: could not remove log rotation signal file \"%s\": %s\n"),
1302 0 : progname, logrotate_file, strerror(errno));
1303 0 : exit(1);
1304 : }
1305 :
1306 2 : print_msg(_("server signaled to rotate log file\n"));
1307 2 : }
1308 :
1309 :
1310 : /*
1311 : * utility routines
1312 : */
1313 :
1314 : static bool
1315 160 : postmaster_is_alive(pid_t pid)
1316 : {
1317 : /*
1318 : * Test to see if the process is still there. Note that we do not
1319 : * consider an EPERM failure to mean that the process is still there;
1320 : * EPERM must mean that the given PID belongs to some other userid, and
1321 : * considering the permissions on $PGDATA, that means it's not the
1322 : * postmaster we are after.
1323 : *
1324 : * Don't believe that our own PID or parent shell's PID is the postmaster,
1325 : * either. (Windows hasn't got getppid(), though.)
1326 : */
1327 160 : if (pid == getpid())
1328 0 : return false;
1329 : #ifndef WIN32
1330 160 : if (pid == getppid())
1331 0 : return false;
1332 : #endif
1333 160 : if (kill(pid, 0) == 0)
1334 160 : return true;
1335 0 : return false;
1336 : }
1337 :
1338 : static void
1339 6 : do_status(void)
1340 : {
1341 : pid_t pid;
1342 :
1343 6 : pid = get_pgpid(true);
1344 : /* Is there a pid file? */
1345 4 : if (pid != 0)
1346 : {
1347 : /* standalone backend? */
1348 2 : if (pid < 0)
1349 : {
1350 0 : pid = -pid;
1351 0 : if (postmaster_is_alive(pid))
1352 : {
1353 0 : printf(_("%s: single-user server is running (PID: %d)\n"),
1354 : progname, (int) pid);
1355 0 : return;
1356 : }
1357 : }
1358 : else
1359 : /* must be a postmaster */
1360 : {
1361 2 : if (postmaster_is_alive(pid))
1362 : {
1363 : char **optlines;
1364 : char **curr_line;
1365 : int numlines;
1366 :
1367 2 : printf(_("%s: server is running (PID: %d)\n"),
1368 : progname, (int) pid);
1369 :
1370 2 : optlines = readfile(postopts_file, &numlines);
1371 2 : if (optlines != NULL)
1372 : {
1373 4 : for (curr_line = optlines; *curr_line != NULL; curr_line++)
1374 2 : puts(*curr_line);
1375 :
1376 : /* Free the results of readfile */
1377 2 : free_readfile(optlines);
1378 : }
1379 2 : return;
1380 : }
1381 : }
1382 : }
1383 2 : printf(_("%s: no server running\n"), progname);
1384 :
1385 : /*
1386 : * The Linux Standard Base Core Specification 3.1 says this should return
1387 : * '3, program is not running'
1388 : * https://refspecs.linuxbase.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
1389 : */
1390 2 : exit(3);
1391 : }
1392 :
1393 :
1394 :
1395 : static void
1396 10 : do_kill(pid_t pid)
1397 : {
1398 10 : if (kill(pid, sig) != 0)
1399 : {
1400 0 : write_stderr(_("%s: could not send signal %d (PID: %d): %s\n"),
1401 0 : progname, sig, (int) pid, strerror(errno));
1402 0 : exit(1);
1403 : }
1404 10 : }
1405 :
1406 : #ifdef WIN32
1407 :
1408 : static bool
1409 : pgwin32_IsInstalled(SC_HANDLE hSCM)
1410 : {
1411 : SC_HANDLE hService = OpenService(hSCM, register_servicename, SERVICE_QUERY_CONFIG);
1412 : bool bResult = (hService != NULL);
1413 :
1414 : if (bResult)
1415 : CloseServiceHandle(hService);
1416 : return bResult;
1417 : }
1418 :
1419 : static char *
1420 : pgwin32_CommandLine(bool registration)
1421 : {
1422 : PQExpBuffer cmdLine = createPQExpBuffer();
1423 : char cmdPath[MAXPGPATH];
1424 : int ret;
1425 :
1426 : if (registration)
1427 : {
1428 : ret = find_my_exec(argv0, cmdPath);
1429 : if (ret != 0)
1430 : {
1431 : write_stderr(_("%s: could not find own program executable\n"), progname);
1432 : exit(1);
1433 : }
1434 : }
1435 : else
1436 : {
1437 : ret = find_other_exec(argv0, "postgres", PG_BACKEND_VERSIONSTR,
1438 : cmdPath);
1439 : if (ret != 0)
1440 : {
1441 : write_stderr(_("%s: could not find postgres program executable\n"), progname);
1442 : exit(1);
1443 : }
1444 : }
1445 :
1446 : /* if path does not end in .exe, append it */
1447 : if (strlen(cmdPath) < 4 ||
1448 : pg_strcasecmp(cmdPath + strlen(cmdPath) - 4, ".exe") != 0)
1449 : snprintf(cmdPath + strlen(cmdPath), sizeof(cmdPath) - strlen(cmdPath),
1450 : ".exe");
1451 :
1452 : /* use backslashes in path to avoid problems with some third-party tools */
1453 : make_native_path(cmdPath);
1454 :
1455 : /* be sure to double-quote the executable's name in the command */
1456 : appendPQExpBuffer(cmdLine, "\"%s\"", cmdPath);
1457 :
1458 : /* append assorted switches to the command line, as needed */
1459 :
1460 : if (registration)
1461 : appendPQExpBuffer(cmdLine, " runservice -N \"%s\"",
1462 : register_servicename);
1463 :
1464 : if (pg_config)
1465 : {
1466 : /* We need the -D path to be absolute */
1467 : char *dataDir;
1468 :
1469 : if ((dataDir = make_absolute_path(pg_config)) == NULL)
1470 : {
1471 : /* make_absolute_path already reported the error */
1472 : exit(1);
1473 : }
1474 : make_native_path(dataDir);
1475 : appendPQExpBuffer(cmdLine, " -D \"%s\"", dataDir);
1476 : free(dataDir);
1477 : }
1478 :
1479 : if (registration && event_source != NULL)
1480 : appendPQExpBuffer(cmdLine, " -e \"%s\"", event_source);
1481 :
1482 : if (registration && do_wait)
1483 : appendPQExpBufferStr(cmdLine, " -w");
1484 :
1485 : /* Don't propagate a value from an environment variable. */
1486 : if (registration && wait_seconds_arg && wait_seconds != DEFAULT_WAIT)
1487 : appendPQExpBuffer(cmdLine, " -t %d", wait_seconds);
1488 :
1489 : if (registration && silent_mode)
1490 : appendPQExpBufferStr(cmdLine, " -s");
1491 :
1492 : if (post_opts)
1493 : {
1494 : if (registration)
1495 : appendPQExpBuffer(cmdLine, " -o \"%s\"", post_opts);
1496 : else
1497 : appendPQExpBuffer(cmdLine, " %s", post_opts);
1498 : }
1499 :
1500 : return cmdLine->data;
1501 : }
1502 :
1503 : static void
1504 : pgwin32_doRegister(void)
1505 : {
1506 : SC_HANDLE hService;
1507 : SC_HANDLE hSCM = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
1508 :
1509 : if (hSCM == NULL)
1510 : {
1511 : write_stderr(_("%s: could not open service manager\n"), progname);
1512 : exit(1);
1513 : }
1514 : if (pgwin32_IsInstalled(hSCM))
1515 : {
1516 : CloseServiceHandle(hSCM);
1517 : write_stderr(_("%s: service \"%s\" already registered\n"), progname, register_servicename);
1518 : exit(1);
1519 : }
1520 :
1521 : if ((hService = CreateService(hSCM, register_servicename, register_servicename,
1522 : SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS,
1523 : pgctl_start_type, SERVICE_ERROR_NORMAL,
1524 : pgwin32_CommandLine(true),
1525 : NULL, NULL, "RPCSS\0", register_username, register_password)) == NULL)
1526 : {
1527 : CloseServiceHandle(hSCM);
1528 : write_stderr(_("%s: could not register service \"%s\": error code %lu\n"),
1529 : progname, register_servicename,
1530 : (unsigned long) GetLastError());
1531 : exit(1);
1532 : }
1533 : CloseServiceHandle(hService);
1534 : CloseServiceHandle(hSCM);
1535 : }
1536 :
1537 : static void
1538 : pgwin32_doUnregister(void)
1539 : {
1540 : SC_HANDLE hService;
1541 : SC_HANDLE hSCM = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
1542 :
1543 : if (hSCM == NULL)
1544 : {
1545 : write_stderr(_("%s: could not open service manager\n"), progname);
1546 : exit(1);
1547 : }
1548 : if (!pgwin32_IsInstalled(hSCM))
1549 : {
1550 : CloseServiceHandle(hSCM);
1551 : write_stderr(_("%s: service \"%s\" not registered\n"), progname, register_servicename);
1552 : exit(1);
1553 : }
1554 :
1555 : if ((hService = OpenService(hSCM, register_servicename, DELETE)) == NULL)
1556 : {
1557 : CloseServiceHandle(hSCM);
1558 : write_stderr(_("%s: could not open service \"%s\": error code %lu\n"),
1559 : progname, register_servicename,
1560 : (unsigned long) GetLastError());
1561 : exit(1);
1562 : }
1563 : if (!DeleteService(hService))
1564 : {
1565 : CloseServiceHandle(hService);
1566 : CloseServiceHandle(hSCM);
1567 : write_stderr(_("%s: could not unregister service \"%s\": error code %lu\n"),
1568 : progname, register_servicename,
1569 : (unsigned long) GetLastError());
1570 : exit(1);
1571 : }
1572 : CloseServiceHandle(hService);
1573 : CloseServiceHandle(hSCM);
1574 : }
1575 :
1576 : static void
1577 : pgwin32_SetServiceStatus(DWORD currentState)
1578 : {
1579 : status.dwCurrentState = currentState;
1580 : SetServiceStatus(hStatus, (LPSERVICE_STATUS) &status);
1581 : }
1582 :
1583 : static void WINAPI
1584 : pgwin32_ServiceHandler(DWORD request)
1585 : {
1586 : switch (request)
1587 : {
1588 : case SERVICE_CONTROL_STOP:
1589 : case SERVICE_CONTROL_SHUTDOWN:
1590 :
1591 : /*
1592 : * We only need a short wait hint here as it just needs to wait
1593 : * for the next checkpoint. They occur every 5 seconds during
1594 : * shutdown
1595 : */
1596 : status.dwWaitHint = 10000;
1597 : pgwin32_SetServiceStatus(SERVICE_STOP_PENDING);
1598 : SetEvent(shutdownEvent);
1599 : return;
1600 :
1601 : case SERVICE_CONTROL_PAUSE:
1602 : /* Win32 config reloading */
1603 : status.dwWaitHint = 5000;
1604 : kill(postmasterPID, SIGHUP);
1605 : return;
1606 :
1607 : /* FIXME: These could be used to replace other signals etc */
1608 : case SERVICE_CONTROL_CONTINUE:
1609 : case SERVICE_CONTROL_INTERROGATE:
1610 : default:
1611 : break;
1612 : }
1613 : }
1614 :
1615 : static void WINAPI
1616 : pgwin32_ServiceMain(DWORD argc, LPTSTR *argv)
1617 : {
1618 : PROCESS_INFORMATION pi;
1619 : DWORD ret;
1620 :
1621 : /* Initialize variables */
1622 : status.dwWin32ExitCode = S_OK;
1623 : status.dwCheckPoint = 0;
1624 : status.dwWaitHint = 60000;
1625 : status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
1626 : status.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN | SERVICE_ACCEPT_PAUSE_CONTINUE;
1627 : status.dwServiceSpecificExitCode = 0;
1628 : status.dwCurrentState = SERVICE_START_PENDING;
1629 :
1630 : memset(&pi, 0, sizeof(pi));
1631 :
1632 : read_post_opts();
1633 :
1634 : /* Register the control request handler */
1635 : if ((hStatus = RegisterServiceCtrlHandler(register_servicename, pgwin32_ServiceHandler)) == (SERVICE_STATUS_HANDLE) 0)
1636 : return;
1637 :
1638 : if ((shutdownEvent = CreateEvent(NULL, true, false, NULL)) == NULL)
1639 : return;
1640 :
1641 : /* Start the postmaster */
1642 : pgwin32_SetServiceStatus(SERVICE_START_PENDING);
1643 : if (!CreateRestrictedProcess(pgwin32_CommandLine(false), &pi, true))
1644 : {
1645 : pgwin32_SetServiceStatus(SERVICE_STOPPED);
1646 : return;
1647 : }
1648 : postmasterPID = pi.dwProcessId;
1649 : postmasterProcess = pi.hProcess;
1650 : CloseHandle(pi.hThread);
1651 :
1652 : if (do_wait)
1653 : {
1654 : write_eventlog(EVENTLOG_INFORMATION_TYPE, _("Waiting for server startup...\n"));
1655 : if (wait_for_postmaster_start(postmasterPID, true) != POSTMASTER_READY)
1656 : {
1657 : write_eventlog(EVENTLOG_ERROR_TYPE, _("Timed out waiting for server startup\n"));
1658 : pgwin32_SetServiceStatus(SERVICE_STOPPED);
1659 : return;
1660 : }
1661 : write_eventlog(EVENTLOG_INFORMATION_TYPE, _("Server started and accepting connections\n"));
1662 : }
1663 :
1664 : pgwin32_SetServiceStatus(SERVICE_RUNNING);
1665 :
1666 : /* Wait for quit... */
1667 : ret = WaitForMultipleObjects(2, shutdownHandles, FALSE, INFINITE);
1668 :
1669 : pgwin32_SetServiceStatus(SERVICE_STOP_PENDING);
1670 : switch (ret)
1671 : {
1672 : case WAIT_OBJECT_0: /* shutdown event */
1673 : {
1674 : /*
1675 : * status.dwCheckPoint can be incremented by
1676 : * wait_for_postmaster_start(), so it might not start from 0.
1677 : */
1678 : int maxShutdownCheckPoint = status.dwCheckPoint + 12;
1679 :
1680 : kill(postmasterPID, SIGINT);
1681 :
1682 : /*
1683 : * Increment the checkpoint and try again. Abort after 12
1684 : * checkpoints as the postmaster has probably hung.
1685 : */
1686 : while (WaitForSingleObject(postmasterProcess, 5000) == WAIT_TIMEOUT && status.dwCheckPoint < maxShutdownCheckPoint)
1687 : {
1688 : status.dwCheckPoint++;
1689 : SetServiceStatus(hStatus, (LPSERVICE_STATUS) &status);
1690 : }
1691 : break;
1692 : }
1693 :
1694 : case (WAIT_OBJECT_0 + 1): /* postmaster went down */
1695 : break;
1696 :
1697 : default:
1698 : /* shouldn't get here? */
1699 : break;
1700 : }
1701 :
1702 : CloseHandle(shutdownEvent);
1703 : CloseHandle(postmasterProcess);
1704 :
1705 : pgwin32_SetServiceStatus(SERVICE_STOPPED);
1706 : }
1707 :
1708 : static void
1709 : pgwin32_doRunAsService(void)
1710 : {
1711 : SERVICE_TABLE_ENTRY st[] = {{register_servicename, pgwin32_ServiceMain},
1712 : {NULL, NULL}};
1713 :
1714 : if (StartServiceCtrlDispatcher(st) == 0)
1715 : {
1716 : write_stderr(_("%s: could not start service \"%s\": error code %lu\n"),
1717 : progname, register_servicename,
1718 : (unsigned long) GetLastError());
1719 : exit(1);
1720 : }
1721 : }
1722 :
1723 :
1724 : /*
1725 : * Set up STARTUPINFO for the new process to inherit this process' handles.
1726 : *
1727 : * Process started as services appear to have "empty" handles (GetStdHandle()
1728 : * returns NULL) rather than invalid ones. But passing down NULL ourselves
1729 : * doesn't work, it's interpreted as STARTUPINFO->hStd* not being set. But we
1730 : * can pass down INVALID_HANDLE_VALUE - which makes GetStdHandle() in the new
1731 : * process (and its child processes!) return INVALID_HANDLE_VALUE. Which
1732 : * achieves the goal of postmaster running in a similar environment as pg_ctl.
1733 : */
1734 : static void
1735 : InheritStdHandles(STARTUPINFO *si)
1736 : {
1737 : si->dwFlags |= STARTF_USESTDHANDLES;
1738 : si->hStdInput = GetStdHandle(STD_INPUT_HANDLE);
1739 : if (si->hStdInput == NULL)
1740 : si->hStdInput = INVALID_HANDLE_VALUE;
1741 : si->hStdOutput = GetStdHandle(STD_OUTPUT_HANDLE);
1742 : if (si->hStdOutput == NULL)
1743 : si->hStdOutput = INVALID_HANDLE_VALUE;
1744 : si->hStdError = GetStdHandle(STD_ERROR_HANDLE);
1745 : if (si->hStdError == NULL)
1746 : si->hStdError = INVALID_HANDLE_VALUE;
1747 : }
1748 :
1749 : /*
1750 : * Create a restricted token, a job object sandbox, and execute the specified
1751 : * process with it.
1752 : *
1753 : * Returns 0 on success, non-zero on failure, same as CreateProcess().
1754 : *
1755 : * NOTE! Job object will only work when running as a service, because it's
1756 : * automatically destroyed when pg_ctl exits.
1757 : */
1758 : static int
1759 : CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, bool as_service)
1760 : {
1761 : int r;
1762 : BOOL b;
1763 : STARTUPINFO si;
1764 : HANDLE origToken;
1765 : HANDLE restrictedToken;
1766 : BOOL inJob;
1767 : SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
1768 : SID_AND_ATTRIBUTES dropSids[2];
1769 : PTOKEN_PRIVILEGES delPrivs;
1770 :
1771 : ZeroMemory(&si, sizeof(si));
1772 : si.cb = sizeof(si);
1773 :
1774 : /*
1775 : * Set stdin/stdout/stderr handles to be inherited in the child process.
1776 : * That allows postmaster and the processes it starts to perform
1777 : * additional checks to see if running in a service (otherwise they get
1778 : * the default console handles - which point to "somewhere").
1779 : */
1780 : InheritStdHandles(&si);
1781 :
1782 : /* Open the current token to use as a base for the restricted one */
1783 : if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &origToken))
1784 : {
1785 : /*
1786 : * Most Windows targets make DWORD a 32-bit unsigned long, but in case
1787 : * it doesn't cast DWORD before printing.
1788 : */
1789 : write_stderr(_("%s: could not open process token: error code %lu\n"),
1790 : progname, (unsigned long) GetLastError());
1791 : return 0;
1792 : }
1793 :
1794 : /* Allocate list of SIDs to remove */
1795 : ZeroMemory(&dropSids, sizeof(dropSids));
1796 : if (!AllocateAndInitializeSid(&NtAuthority, 2,
1797 : SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0,
1798 : 0, &dropSids[0].Sid) ||
1799 : !AllocateAndInitializeSid(&NtAuthority, 2,
1800 : SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS, 0, 0, 0, 0, 0,
1801 : 0, &dropSids[1].Sid))
1802 : {
1803 : write_stderr(_("%s: could not allocate SIDs: error code %lu\n"),
1804 : progname, (unsigned long) GetLastError());
1805 : return 0;
1806 : }
1807 :
1808 : /* Get list of privileges to remove */
1809 : delPrivs = GetPrivilegesToDelete(origToken);
1810 : if (delPrivs == NULL)
1811 : /* Error message already printed */
1812 : return 0;
1813 :
1814 : b = CreateRestrictedToken(origToken,
1815 : 0,
1816 : sizeof(dropSids) / sizeof(dropSids[0]),
1817 : dropSids,
1818 : delPrivs->PrivilegeCount, delPrivs->Privileges,
1819 : 0, NULL,
1820 : &restrictedToken);
1821 :
1822 : free(delPrivs);
1823 : FreeSid(dropSids[1].Sid);
1824 : FreeSid(dropSids[0].Sid);
1825 : CloseHandle(origToken);
1826 :
1827 : if (!b)
1828 : {
1829 : write_stderr(_("%s: could not create restricted token: error code %lu\n"),
1830 : progname, (unsigned long) GetLastError());
1831 : return 0;
1832 : }
1833 :
1834 : AddUserToTokenDacl(restrictedToken);
1835 : r = CreateProcessAsUser(restrictedToken, NULL, cmd, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, &si, processInfo);
1836 :
1837 : if (IsProcessInJob(processInfo->hProcess, NULL, &inJob))
1838 : {
1839 : if (!inJob)
1840 : {
1841 : /*
1842 : * Job objects are working, and the new process isn't in one, so
1843 : * we can create one safely. If any problems show up when setting
1844 : * it, we're going to ignore them.
1845 : */
1846 : HANDLE job;
1847 : char jobname[128];
1848 :
1849 : sprintf(jobname, "PostgreSQL_%lu",
1850 : (unsigned long) processInfo->dwProcessId);
1851 :
1852 : job = CreateJobObject(NULL, jobname);
1853 : if (job)
1854 : {
1855 : JOBOBJECT_BASIC_LIMIT_INFORMATION basicLimit;
1856 : JOBOBJECT_BASIC_UI_RESTRICTIONS uiRestrictions;
1857 : JOBOBJECT_SECURITY_LIMIT_INFORMATION securityLimit;
1858 :
1859 : ZeroMemory(&basicLimit, sizeof(basicLimit));
1860 : ZeroMemory(&uiRestrictions, sizeof(uiRestrictions));
1861 : ZeroMemory(&securityLimit, sizeof(securityLimit));
1862 :
1863 : basicLimit.LimitFlags = JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION | JOB_OBJECT_LIMIT_PRIORITY_CLASS;
1864 : basicLimit.PriorityClass = NORMAL_PRIORITY_CLASS;
1865 : SetInformationJobObject(job, JobObjectBasicLimitInformation, &basicLimit, sizeof(basicLimit));
1866 :
1867 : uiRestrictions.UIRestrictionsClass = JOB_OBJECT_UILIMIT_DESKTOP | JOB_OBJECT_UILIMIT_DISPLAYSETTINGS |
1868 : JOB_OBJECT_UILIMIT_EXITWINDOWS | JOB_OBJECT_UILIMIT_READCLIPBOARD |
1869 : JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS | JOB_OBJECT_UILIMIT_WRITECLIPBOARD;
1870 :
1871 : SetInformationJobObject(job, JobObjectBasicUIRestrictions, &uiRestrictions, sizeof(uiRestrictions));
1872 :
1873 : securityLimit.SecurityLimitFlags = JOB_OBJECT_SECURITY_NO_ADMIN | JOB_OBJECT_SECURITY_ONLY_TOKEN;
1874 : securityLimit.JobToken = restrictedToken;
1875 : SetInformationJobObject(job, JobObjectSecurityLimitInformation, &securityLimit, sizeof(securityLimit));
1876 :
1877 : AssignProcessToJobObject(job, processInfo->hProcess);
1878 : }
1879 : }
1880 : }
1881 :
1882 : CloseHandle(restrictedToken);
1883 :
1884 : ResumeThread(processInfo->hThread);
1885 :
1886 : /*
1887 : * We intentionally don't close the job object handle, because we want the
1888 : * object to live on until pg_ctl shuts down.
1889 : */
1890 : return r;
1891 : }
1892 :
1893 : /*
1894 : * Get a list of privileges to delete from the access token. We delete all privileges
1895 : * except SeLockMemoryPrivilege which is needed to use large pages, and
1896 : * SeChangeNotifyPrivilege which is enabled by default in DISABLE_MAX_PRIVILEGE.
1897 : */
1898 : static PTOKEN_PRIVILEGES
1899 : GetPrivilegesToDelete(HANDLE hToken)
1900 : {
1901 : int i,
1902 : j;
1903 : DWORD length;
1904 : PTOKEN_PRIVILEGES tokenPrivs;
1905 : LUID luidLockPages;
1906 : LUID luidChangeNotify;
1907 :
1908 : if (!LookupPrivilegeValue(NULL, SE_LOCK_MEMORY_NAME, &luidLockPages) ||
1909 : !LookupPrivilegeValue(NULL, SE_CHANGE_NOTIFY_NAME, &luidChangeNotify))
1910 : {
1911 : write_stderr(_("%s: could not get LUIDs for privileges: error code %lu\n"),
1912 : progname, (unsigned long) GetLastError());
1913 : return NULL;
1914 : }
1915 :
1916 : if (!GetTokenInformation(hToken, TokenPrivileges, NULL, 0, &length) &&
1917 : GetLastError() != ERROR_INSUFFICIENT_BUFFER)
1918 : {
1919 : write_stderr(_("%s: could not get token information: error code %lu\n"),
1920 : progname, (unsigned long) GetLastError());
1921 : return NULL;
1922 : }
1923 :
1924 : tokenPrivs = (PTOKEN_PRIVILEGES) pg_malloc_extended(length,
1925 : MCXT_ALLOC_NO_OOM);
1926 : if (tokenPrivs == NULL)
1927 : {
1928 : write_stderr(_("%s: out of memory\n"), progname);
1929 : return NULL;
1930 : }
1931 :
1932 : if (!GetTokenInformation(hToken, TokenPrivileges, tokenPrivs, length, &length))
1933 : {
1934 : write_stderr(_("%s: could not get token information: error code %lu\n"),
1935 : progname, (unsigned long) GetLastError());
1936 : free(tokenPrivs);
1937 : return NULL;
1938 : }
1939 :
1940 : for (i = 0; i < tokenPrivs->PrivilegeCount; i++)
1941 : {
1942 : if (memcmp(&tokenPrivs->Privileges[i].Luid, &luidLockPages, sizeof(LUID)) == 0 ||
1943 : memcmp(&tokenPrivs->Privileges[i].Luid, &luidChangeNotify, sizeof(LUID)) == 0)
1944 : {
1945 : for (j = i; j < tokenPrivs->PrivilegeCount - 1; j++)
1946 : tokenPrivs->Privileges[j] = tokenPrivs->Privileges[j + 1];
1947 : tokenPrivs->PrivilegeCount--;
1948 : }
1949 : }
1950 :
1951 : return tokenPrivs;
1952 : }
1953 : #endif /* WIN32 */
1954 :
1955 : static void
1956 2 : do_advice(void)
1957 : {
1958 2 : write_stderr(_("Try \"%s --help\" for more information.\n"), progname);
1959 2 : }
1960 :
1961 :
1962 :
1963 : static void
1964 2 : do_help(void)
1965 : {
1966 2 : printf(_("%s is a utility to initialize, start, stop, or control a PostgreSQL server.\n\n"), progname);
1967 2 : printf(_("Usage:\n"));
1968 2 : printf(_(" %s init[db] [-D DATADIR] [-s] [-o OPTIONS]\n"), progname);
1969 2 : printf(_(" %s start [-D DATADIR] [-l FILENAME] [-W] [-t SECS] [-s]\n"
1970 : " [-o OPTIONS] [-p PATH] [-c]\n"), progname);
1971 2 : printf(_(" %s stop [-D DATADIR] [-m SHUTDOWN-MODE] [-W] [-t SECS] [-s]\n"), progname);
1972 2 : printf(_(" %s restart [-D DATADIR] [-m SHUTDOWN-MODE] [-W] [-t SECS] [-s]\n"
1973 : " [-o OPTIONS] [-c]\n"), progname);
1974 2 : printf(_(" %s reload [-D DATADIR] [-s]\n"), progname);
1975 2 : printf(_(" %s status [-D DATADIR]\n"), progname);
1976 2 : printf(_(" %s promote [-D DATADIR] [-W] [-t SECS] [-s]\n"), progname);
1977 2 : printf(_(" %s logrotate [-D DATADIR] [-s]\n"), progname);
1978 2 : printf(_(" %s kill SIGNALNAME PID\n"), progname);
1979 : #ifdef WIN32
1980 : printf(_(" %s register [-D DATADIR] [-N SERVICENAME] [-U USERNAME] [-P PASSWORD]\n"
1981 : " [-S START-TYPE] [-e SOURCE] [-W] [-t SECS] [-s] [-o OPTIONS]\n"), progname);
1982 : printf(_(" %s unregister [-N SERVICENAME]\n"), progname);
1983 : #endif
1984 :
1985 2 : printf(_("\nCommon options:\n"));
1986 2 : printf(_(" -D, --pgdata=DATADIR location of the database storage area\n"));
1987 : #ifdef WIN32
1988 : printf(_(" -e SOURCE event source for logging when running as a service\n"));
1989 : #endif
1990 2 : printf(_(" -s, --silent only print errors, no informational messages\n"));
1991 2 : printf(_(" -t, --timeout=SECS seconds to wait when using -w option\n"));
1992 2 : printf(_(" -V, --version output version information, then exit\n"));
1993 2 : printf(_(" -w, --wait wait until operation completes (default)\n"));
1994 2 : printf(_(" -W, --no-wait do not wait until operation completes\n"));
1995 2 : printf(_(" -?, --help show this help, then exit\n"));
1996 2 : printf(_("If the -D option is omitted, the environment variable PGDATA is used.\n"));
1997 :
1998 2 : printf(_("\nOptions for start or restart:\n"));
1999 : #if defined(HAVE_GETRLIMIT)
2000 2 : printf(_(" -c, --core-files allow postgres to produce core files\n"));
2001 : #else
2002 : printf(_(" -c, --core-files not applicable on this platform\n"));
2003 : #endif
2004 2 : printf(_(" -l, --log=FILENAME write (or append) server log to FILENAME\n"));
2005 2 : printf(_(" -o, --options=OPTIONS command line options to pass to postgres\n"
2006 : " (PostgreSQL server executable) or initdb\n"));
2007 2 : printf(_(" -p PATH-TO-POSTGRES normally not necessary\n"));
2008 2 : printf(_("\nOptions for stop or restart:\n"));
2009 2 : printf(_(" -m, --mode=MODE MODE can be \"smart\", \"fast\", or \"immediate\"\n"));
2010 :
2011 2 : printf(_("\nShutdown modes are:\n"));
2012 2 : printf(_(" smart quit after all clients have disconnected\n"));
2013 2 : printf(_(" fast quit directly, with proper shutdown (default)\n"));
2014 2 : printf(_(" immediate quit without complete shutdown; will lead to recovery on restart\n"));
2015 :
2016 2 : printf(_("\nAllowed signal names for kill:\n"));
2017 2 : printf(" ABRT HUP INT KILL QUIT TERM USR1 USR2\n");
2018 :
2019 : #ifdef WIN32
2020 : printf(_("\nOptions for register and unregister:\n"));
2021 : printf(_(" -N SERVICENAME service name with which to register PostgreSQL server\n"));
2022 : printf(_(" -P PASSWORD password of account to register PostgreSQL server\n"));
2023 : printf(_(" -U USERNAME user name of account to register PostgreSQL server\n"));
2024 : printf(_(" -S START-TYPE service start type to register PostgreSQL server\n"));
2025 :
2026 : printf(_("\nStart types are:\n"));
2027 : printf(_(" auto start service automatically during system startup (default)\n"));
2028 : printf(_(" demand start service on demand\n"));
2029 : #endif
2030 :
2031 2 : printf(_("\nReport bugs to <%s>.\n"), PACKAGE_BUGREPORT);
2032 2 : printf(_("%s home page: <%s>\n"), PACKAGE_NAME, PACKAGE_URL);
2033 2 : }
2034 :
2035 :
2036 :
2037 : static void
2038 894 : set_mode(char *modeopt)
2039 : {
2040 894 : if (strcmp(modeopt, "s") == 0 || strcmp(modeopt, "smart") == 0)
2041 : {
2042 12 : shutdown_mode = SMART_MODE;
2043 12 : sig = SIGTERM;
2044 : }
2045 882 : else if (strcmp(modeopt, "f") == 0 || strcmp(modeopt, "fast") == 0)
2046 : {
2047 358 : shutdown_mode = FAST_MODE;
2048 358 : sig = SIGINT;
2049 : }
2050 524 : else if (strcmp(modeopt, "i") == 0 || strcmp(modeopt, "immediate") == 0)
2051 : {
2052 524 : shutdown_mode = IMMEDIATE_MODE;
2053 524 : sig = SIGQUIT;
2054 : }
2055 : else
2056 : {
2057 0 : write_stderr(_("%s: unrecognized shutdown mode \"%s\"\n"), progname, modeopt);
2058 0 : do_advice();
2059 0 : exit(1);
2060 : }
2061 894 : }
2062 :
2063 :
2064 :
2065 : static void
2066 10 : set_sig(char *signame)
2067 : {
2068 10 : if (strcmp(signame, "HUP") == 0)
2069 0 : sig = SIGHUP;
2070 10 : else if (strcmp(signame, "INT") == 0)
2071 0 : sig = SIGINT;
2072 10 : else if (strcmp(signame, "QUIT") == 0)
2073 4 : sig = SIGQUIT;
2074 6 : else if (strcmp(signame, "ABRT") == 0)
2075 0 : sig = SIGABRT;
2076 6 : else if (strcmp(signame, "KILL") == 0)
2077 6 : sig = SIGKILL;
2078 0 : else if (strcmp(signame, "TERM") == 0)
2079 0 : sig = SIGTERM;
2080 0 : else if (strcmp(signame, "USR1") == 0)
2081 0 : sig = SIGUSR1;
2082 0 : else if (strcmp(signame, "USR2") == 0)
2083 0 : sig = SIGUSR2;
2084 : else
2085 : {
2086 0 : write_stderr(_("%s: unrecognized signal name \"%s\"\n"), progname, signame);
2087 0 : do_advice();
2088 0 : exit(1);
2089 : }
2090 10 : }
2091 :
2092 :
2093 : #ifdef WIN32
2094 : static void
2095 : set_starttype(char *starttypeopt)
2096 : {
2097 : if (strcmp(starttypeopt, "a") == 0 || strcmp(starttypeopt, "auto") == 0)
2098 : pgctl_start_type = SERVICE_AUTO_START;
2099 : else if (strcmp(starttypeopt, "d") == 0 || strcmp(starttypeopt, "demand") == 0)
2100 : pgctl_start_type = SERVICE_DEMAND_START;
2101 : else
2102 : {
2103 : write_stderr(_("%s: unrecognized start type \"%s\"\n"), progname, starttypeopt);
2104 : do_advice();
2105 : exit(1);
2106 : }
2107 : }
2108 : #endif
2109 :
2110 : /*
2111 : * adjust_data_dir
2112 : *
2113 : * If a configuration-only directory was specified, find the real data dir.
2114 : */
2115 : static void
2116 2422 : adjust_data_dir(void)
2117 : {
2118 : char filename[MAXPGPATH];
2119 : char *my_exec_path,
2120 : *cmd;
2121 : FILE *fd;
2122 :
2123 : /* do nothing if we're working without knowledge of data dir */
2124 2422 : if (pg_config == NULL)
2125 2422 : return;
2126 :
2127 : /* If there is no postgresql.conf, it can't be a config-only dir */
2128 2412 : snprintf(filename, sizeof(filename), "%s/postgresql.conf", pg_config);
2129 2412 : if ((fd = fopen(filename, "r")) == NULL)
2130 8 : return;
2131 2404 : fclose(fd);
2132 :
2133 : /* If PG_VERSION exists, it can't be a config-only dir */
2134 2404 : snprintf(filename, sizeof(filename), "%s/PG_VERSION", pg_config);
2135 2404 : if ((fd = fopen(filename, "r")) != NULL)
2136 : {
2137 2404 : fclose(fd);
2138 2404 : return;
2139 : }
2140 :
2141 : /* Must be a configuration directory, so find the data directory */
2142 :
2143 : /* we use a private my_exec_path to avoid interfering with later uses */
2144 0 : if (exec_path == NULL)
2145 0 : my_exec_path = find_other_exec_or_die(argv0, "postgres", PG_BACKEND_VERSIONSTR);
2146 : else
2147 0 : my_exec_path = pg_strdup(exec_path);
2148 :
2149 : /* it's important for -C to be the first option, see main.c */
2150 0 : cmd = psprintf("\"%s\" -C data_directory %s%s",
2151 : my_exec_path,
2152 0 : pgdata_opt ? pgdata_opt : "",
2153 0 : post_opts ? post_opts : "");
2154 0 : fflush(NULL);
2155 :
2156 0 : fd = popen(cmd, "r");
2157 0 : if (fd == NULL || fgets(filename, sizeof(filename), fd) == NULL || pclose(fd) != 0)
2158 : {
2159 0 : write_stderr(_("%s: could not determine the data directory using command \"%s\"\n"), progname, cmd);
2160 0 : exit(1);
2161 : }
2162 0 : free(my_exec_path);
2163 :
2164 : /* strip trailing newline and carriage return */
2165 0 : (void) pg_strip_crlf(filename);
2166 :
2167 0 : free(pg_data);
2168 0 : pg_data = pg_strdup(filename);
2169 0 : canonicalize_path(pg_data);
2170 : }
2171 :
2172 :
2173 : static DBState
2174 278 : get_control_dbstate(void)
2175 : {
2176 : DBState ret;
2177 : bool crc_ok;
2178 278 : ControlFileData *control_file_data = get_controlfile(pg_data, &crc_ok);
2179 :
2180 278 : if (!crc_ok)
2181 : {
2182 0 : write_stderr(_("%s: control file appears to be corrupt\n"), progname);
2183 0 : exit(1);
2184 : }
2185 :
2186 278 : ret = control_file_data->state;
2187 278 : pfree(control_file_data);
2188 278 : return ret;
2189 : }
2190 :
2191 :
2192 : int
2193 2452 : main(int argc, char **argv)
2194 : {
2195 : static struct option long_options[] = {
2196 : {"help", no_argument, NULL, '?'},
2197 : {"version", no_argument, NULL, 'V'},
2198 : {"log", required_argument, NULL, 'l'},
2199 : {"mode", required_argument, NULL, 'm'},
2200 : {"pgdata", required_argument, NULL, 'D'},
2201 : {"options", required_argument, NULL, 'o'},
2202 : {"silent", no_argument, NULL, 's'},
2203 : {"timeout", required_argument, NULL, 't'},
2204 : {"core-files", no_argument, NULL, 'c'},
2205 : {"wait", no_argument, NULL, 'w'},
2206 : {"no-wait", no_argument, NULL, 'W'},
2207 : {NULL, 0, NULL, 0}
2208 : };
2209 :
2210 : char *env_wait;
2211 : int option_index;
2212 : int c;
2213 2452 : pid_t killproc = 0;
2214 :
2215 2452 : pg_logging_init(argv[0]);
2216 2452 : progname = get_progname(argv[0]);
2217 2452 : set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pg_ctl"));
2218 2452 : start_time = time(NULL);
2219 :
2220 : /*
2221 : * save argv[0] so do_start() can look for the postmaster if necessary. we
2222 : * don't look for postmaster here because in many cases we won't need it.
2223 : */
2224 2452 : argv0 = argv[0];
2225 :
2226 : /* Set restrictive mode mask until PGDATA permissions are checked */
2227 2452 : umask(PG_MODE_MASK_OWNER);
2228 :
2229 : /* support --help and --version even if invoked as root */
2230 2452 : if (argc > 1)
2231 : {
2232 2452 : if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
2233 : {
2234 2 : do_help();
2235 2 : exit(0);
2236 : }
2237 2450 : else if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
2238 : {
2239 26 : puts("pg_ctl (PostgreSQL) " PG_VERSION);
2240 26 : exit(0);
2241 : }
2242 : }
2243 :
2244 : /*
2245 : * Disallow running as root, to forestall any possible security holes.
2246 : */
2247 : #ifndef WIN32
2248 2424 : if (geteuid() == 0)
2249 : {
2250 0 : write_stderr(_("%s: cannot be run as root\n"
2251 : "Please log in (using, e.g., \"su\") as the "
2252 : "(unprivileged) user that will\n"
2253 : "own the server process.\n"),
2254 : progname);
2255 0 : exit(1);
2256 : }
2257 : #endif
2258 :
2259 2424 : env_wait = getenv("PGCTLTIMEOUT");
2260 2424 : if (env_wait != NULL)
2261 0 : wait_seconds = atoi(env_wait);
2262 :
2263 : /* process command-line options */
2264 9036 : while ((c = getopt_long(argc, argv, "cD:e:l:m:N:o:p:P:sS:t:U:wW",
2265 : long_options, &option_index)) != -1)
2266 : {
2267 6614 : switch (c)
2268 : {
2269 2412 : case 'D':
2270 : {
2271 : char *pgdata_D;
2272 :
2273 2412 : pgdata_D = pg_strdup(optarg);
2274 2412 : canonicalize_path(pgdata_D);
2275 2412 : setenv("PGDATA", pgdata_D, 1);
2276 :
2277 : /*
2278 : * We could pass PGDATA just in an environment variable
2279 : * but we do -D too for clearer postmaster 'ps' display
2280 : */
2281 2412 : pgdata_opt = psprintf("-D \"%s\" ", pgdata_D);
2282 2412 : free(pgdata_D);
2283 2412 : break;
2284 : }
2285 0 : case 'e':
2286 0 : event_source = pg_strdup(optarg);
2287 0 : break;
2288 1146 : case 'l':
2289 1146 : log_file = pg_strdup(optarg);
2290 1146 : break;
2291 894 : case 'm':
2292 894 : set_mode(optarg);
2293 894 : break;
2294 0 : case 'N':
2295 0 : register_servicename = pg_strdup(optarg);
2296 0 : break;
2297 920 : case 'o':
2298 : /* append option? */
2299 920 : if (!post_opts)
2300 920 : post_opts = pg_strdup(optarg);
2301 : else
2302 : {
2303 0 : char *old_post_opts = post_opts;
2304 :
2305 0 : post_opts = psprintf("%s %s", old_post_opts, optarg);
2306 0 : free(old_post_opts);
2307 : }
2308 920 : break;
2309 0 : case 'p':
2310 0 : exec_path = pg_strdup(optarg);
2311 0 : break;
2312 0 : case 'P':
2313 0 : register_password = pg_strdup(optarg);
2314 0 : break;
2315 160 : case 's':
2316 160 : silent_mode = true;
2317 160 : break;
2318 0 : case 'S':
2319 : #ifdef WIN32
2320 : set_starttype(optarg);
2321 : #else
2322 0 : write_stderr(_("%s: -S option not supported on this platform\n"),
2323 : progname);
2324 0 : exit(1);
2325 : #endif
2326 : break;
2327 0 : case 't':
2328 0 : wait_seconds = atoi(optarg);
2329 0 : wait_seconds_arg = true;
2330 0 : break;
2331 0 : case 'U':
2332 0 : if (strchr(optarg, '\\'))
2333 0 : register_username = pg_strdup(optarg);
2334 : else
2335 : /* Prepend .\ for local accounts */
2336 0 : register_username = psprintf(".\\%s", optarg);
2337 0 : break;
2338 1078 : case 'w':
2339 1078 : do_wait = true;
2340 1078 : break;
2341 2 : case 'W':
2342 2 : do_wait = false;
2343 2 : break;
2344 0 : case 'c':
2345 0 : allow_core_files = true;
2346 0 : break;
2347 2 : default:
2348 : /* getopt_long already issued a suitable error message */
2349 2 : do_advice();
2350 2 : exit(1);
2351 : }
2352 : }
2353 :
2354 : /* Process an action */
2355 2422 : if (optind < argc)
2356 : {
2357 2422 : if (strcmp(argv[optind], "init") == 0
2358 2422 : || strcmp(argv[optind], "initdb") == 0)
2359 2 : ctl_command = INIT_COMMAND;
2360 2420 : else if (strcmp(argv[optind], "start") == 0)
2361 924 : ctl_command = START_COMMAND;
2362 1496 : else if (strcmp(argv[optind], "stop") == 0)
2363 1062 : ctl_command = STOP_COMMAND;
2364 434 : else if (strcmp(argv[optind], "restart") == 0)
2365 164 : ctl_command = RESTART_COMMAND;
2366 270 : else if (strcmp(argv[optind], "reload") == 0)
2367 176 : ctl_command = RELOAD_COMMAND;
2368 94 : else if (strcmp(argv[optind], "status") == 0)
2369 6 : ctl_command = STATUS_COMMAND;
2370 88 : else if (strcmp(argv[optind], "promote") == 0)
2371 76 : ctl_command = PROMOTE_COMMAND;
2372 12 : else if (strcmp(argv[optind], "logrotate") == 0)
2373 2 : ctl_command = LOGROTATE_COMMAND;
2374 10 : else if (strcmp(argv[optind], "kill") == 0)
2375 : {
2376 10 : if (argc - optind < 3)
2377 : {
2378 0 : write_stderr(_("%s: missing arguments for kill mode\n"), progname);
2379 0 : do_advice();
2380 0 : exit(1);
2381 : }
2382 10 : ctl_command = KILL_COMMAND;
2383 10 : set_sig(argv[++optind]);
2384 10 : killproc = atol(argv[++optind]);
2385 : }
2386 : #ifdef WIN32
2387 : else if (strcmp(argv[optind], "register") == 0)
2388 : ctl_command = REGISTER_COMMAND;
2389 : else if (strcmp(argv[optind], "unregister") == 0)
2390 : ctl_command = UNREGISTER_COMMAND;
2391 : else if (strcmp(argv[optind], "runservice") == 0)
2392 : ctl_command = RUN_AS_SERVICE_COMMAND;
2393 : #endif
2394 : else
2395 : {
2396 0 : write_stderr(_("%s: unrecognized operation mode \"%s\"\n"), progname, argv[optind]);
2397 0 : do_advice();
2398 0 : exit(1);
2399 : }
2400 2422 : optind++;
2401 : }
2402 :
2403 2422 : if (optind < argc)
2404 : {
2405 0 : write_stderr(_("%s: too many command-line arguments (first is \"%s\")\n"), progname, argv[optind]);
2406 0 : do_advice();
2407 0 : exit(1);
2408 : }
2409 :
2410 2422 : if (ctl_command == NO_COMMAND)
2411 : {
2412 0 : write_stderr(_("%s: no operation specified\n"), progname);
2413 0 : do_advice();
2414 0 : exit(1);
2415 : }
2416 :
2417 : /* Note we put any -D switch into the env var above */
2418 2422 : pg_config = getenv("PGDATA");
2419 2422 : if (pg_config)
2420 : {
2421 2412 : pg_config = pg_strdup(pg_config);
2422 2412 : canonicalize_path(pg_config);
2423 2412 : pg_data = pg_strdup(pg_config);
2424 : }
2425 :
2426 : /* -D might point at config-only directory; if so find the real PGDATA */
2427 2422 : adjust_data_dir();
2428 :
2429 : /* Complain if -D needed and not provided */
2430 2422 : if (pg_config == NULL &&
2431 10 : ctl_command != KILL_COMMAND && ctl_command != UNREGISTER_COMMAND)
2432 : {
2433 0 : write_stderr(_("%s: no database directory specified and environment variable PGDATA unset\n"),
2434 : progname);
2435 0 : do_advice();
2436 0 : exit(1);
2437 : }
2438 :
2439 2422 : if (ctl_command == RELOAD_COMMAND)
2440 : {
2441 176 : sig = SIGHUP;
2442 176 : do_wait = false;
2443 : }
2444 :
2445 2422 : if (pg_data)
2446 : {
2447 2412 : snprintf(postopts_file, MAXPGPATH, "%s/postmaster.opts", pg_data);
2448 2412 : snprintf(version_file, MAXPGPATH, "%s/PG_VERSION", pg_data);
2449 2412 : snprintf(pid_file, MAXPGPATH, "%s/postmaster.pid", pg_data);
2450 2412 : snprintf(backup_file, MAXPGPATH, "%s/backup_label", pg_data);
2451 :
2452 : /*
2453 : * Set mask based on PGDATA permissions,
2454 : *
2455 : * Don't error here if the data directory cannot be stat'd. This is
2456 : * handled differently based on the command and we don't want to
2457 : * interfere with that logic.
2458 : */
2459 2412 : if (GetDataDirectoryCreatePerm(pg_data))
2460 2404 : umask(pg_mode_mask);
2461 : }
2462 :
2463 2422 : switch (ctl_command)
2464 : {
2465 2 : case INIT_COMMAND:
2466 2 : do_init();
2467 2 : break;
2468 6 : case STATUS_COMMAND:
2469 6 : do_status();
2470 2 : break;
2471 924 : case START_COMMAND:
2472 924 : do_start();
2473 912 : break;
2474 1062 : case STOP_COMMAND:
2475 1062 : do_stop();
2476 1060 : break;
2477 164 : case RESTART_COMMAND:
2478 164 : do_restart();
2479 160 : break;
2480 176 : case RELOAD_COMMAND:
2481 176 : do_reload();
2482 176 : break;
2483 76 : case PROMOTE_COMMAND:
2484 76 : do_promote();
2485 70 : break;
2486 2 : case LOGROTATE_COMMAND:
2487 2 : do_logrotate();
2488 2 : break;
2489 10 : case KILL_COMMAND:
2490 10 : do_kill(killproc);
2491 10 : break;
2492 : #ifdef WIN32
2493 : case REGISTER_COMMAND:
2494 : pgwin32_doRegister();
2495 : break;
2496 : case UNREGISTER_COMMAND:
2497 : pgwin32_doUnregister();
2498 : break;
2499 : case RUN_AS_SERVICE_COMMAND:
2500 : pgwin32_doRunAsService();
2501 : break;
2502 : #endif
2503 0 : default:
2504 0 : break;
2505 : }
2506 :
2507 2394 : exit(0);
2508 : }
|