opensourcemirror
/
postgresql
mirror of git://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Releases Wiki Activity
postgresql/src/bin/pg_ctl/pg_ctl.c

2546 lines
65 KiB
C
Raw Blame History

/*-------------------------------------------------------------------------
*
* pg_ctl --- start/stops/restarts the PostgreSQL server
*
* Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group
*
* src/bin/pg_ctl/pg_ctl.c
*
*-------------------------------------------------------------------------
*/
#include "postgres_fe.h"
#include <fcntl.h>
#include <signal.h>
#include <time.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <unistd.h>
#ifdef HAVE_SYS_RESOURCE_H
#include <sys/time.h>
#include <sys/resource.h>
#endif
#include "catalog/pg_control.h"
#include "common/controldata_utils.h"
#include "common/file_perm.h"
#include "common/logging.h"
#include "common/string.h"
#include "getopt_long.h"
#include "utils/pidfile.h"
#ifdef WIN32 /* on Unix, we don't need libpq */
#include "pqexpbuffer.h"
#endif
/* PID can be negative for standalone backend */
typedef long pgpid_t;
typedef enum
{
SMART_MODE,
FAST_MODE,
IMMEDIATE_MODE
} ShutdownMode;
typedef enum
{
POSTMASTER_READY,
POSTMASTER_STILL_STARTING,
POSTMASTER_FAILED
} WaitPMResult;
typedef enum
{
NO_COMMAND = 0,
INIT_COMMAND,
START_COMMAND,
STOP_COMMAND,
RESTART_COMMAND,
RELOAD_COMMAND,
STATUS_COMMAND,
PROMOTE_COMMAND,
LOGROTATE_COMMAND,
KILL_COMMAND,
REGISTER_COMMAND,
UNREGISTER_COMMAND,
RUN_AS_SERVICE_COMMAND
} CtlCommand;
#define DEFAULT_WAIT 60
#define USEC_PER_SEC 1000000
#define WAITS_PER_SEC 10 /* should divide USEC_PER_SEC evenly */
static bool do_wait = true;
static int wait_seconds = DEFAULT_WAIT;
static bool wait_seconds_arg = false;
static bool silent_mode = false;
static ShutdownMode shutdown_mode = FAST_MODE;
static int sig = SIGINT; /* default */
static CtlCommand ctl_command = NO_COMMAND;
static char *pg_data = NULL;
static char *pg_config = NULL;
static char *pgdata_opt = NULL;
static char *post_opts = NULL;
static const char *progname;
static char *log_file = NULL;
static char *exec_path = NULL;
static char *event_source = NULL;
static char *register_servicename = "PostgreSQL"; /* FIXME: + version ID? */
static char *register_username = NULL;
static char *register_password = NULL;
static char *argv0 = NULL;
static bool allow_core_files = false;
static time_t start_time;
static char postopts_file[MAXPGPATH];
static char version_file[MAXPGPATH];
static char pid_file[MAXPGPATH];
static char backup_file[MAXPGPATH];
static char promote_file[MAXPGPATH];
static char logrotate_file[MAXPGPATH];
static volatile pgpid_t postmasterPID = -1;
static pgpid_t old_postmaster_pid = 0;
#ifdef WIN32
static DWORD pgctl_start_type = SERVICE_AUTO_START;
static SERVICE_STATUS status;
static SERVICE_STATUS_HANDLE hStatus = (SERVICE_STATUS_HANDLE) 0;
static HANDLE shutdownHandles[2];
#define shutdownEvent shutdownHandles[0]
#define postmasterProcess shutdownHandles[1]
#endif
static void write_stderr(const char *fmt,...) pg_attribute_printf(1, 2);
static void do_advice(void);
static void do_help(void);
static void set_mode(char *modeopt);
static void set_sig(char *signame);
static void do_init(void);
static void do_start(void);
static void do_stop(void);
static void do_restart(void);
static void do_reload(void);
static void do_status(void);
static void do_promote(void);
static void do_logrotate(void);
static void do_kill(pgpid_t pid);
static void print_msg(const char *msg);
static void adjust_data_dir(void);
#ifdef WIN32
#include <versionhelpers.h>
static bool pgwin32_IsInstalled(SC_HANDLE);
static char *pgwin32_CommandLine(bool);
static void pgwin32_doRegister(void);
static void pgwin32_doUnregister(void);
static void pgwin32_SetServiceStatus(DWORD);
static void WINAPI pgwin32_ServiceHandler(DWORD);
static void WINAPI pgwin32_ServiceMain(DWORD, LPTSTR *);
static void pgwin32_doRunAsService(void);
static int CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, bool as_service);
static PTOKEN_PRIVILEGES GetPrivilegesToDelete(HANDLE hToken);
#endif
static pgpid_t get_pgpid(bool is_status_request);
static char **readfile(const char *path, int *numlines);
static void free_readfile(char **optlines);
static pgpid_t start_postmaster(void);
static void read_post_opts(void);
static WaitPMResult wait_for_postmaster(pgpid_t pm_pid, bool do_checkpoint);
static bool postmaster_is_alive(pid_t pid);
#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
static void unlimit_core_size(void);
#endif
static DBState get_control_dbstate(void);
#ifdef WIN32
static void
write_eventlog(int level, const char *line)
{
static HANDLE evtHandle = INVALID_HANDLE_VALUE;
if (silent_mode && level == EVENTLOG_INFORMATION_TYPE)
return;
if (evtHandle == INVALID_HANDLE_VALUE)
{
evtHandle = RegisterEventSource(NULL,
event_source ? event_source : DEFAULT_EVENT_SOURCE);
if (evtHandle == NULL)
{
evtHandle = INVALID_HANDLE_VALUE;
return;
}
}
ReportEvent(evtHandle,
level,
0,
0, /* All events are Id 0 */
NULL,
1,
0,
&line,
NULL);
}
#endif
/*
* Write errors to stderr (or by equal means when stderr is
* not available).
*/
static void
write_stderr(const char *fmt,...)
{
va_list ap;
va_start(ap, fmt);
#ifndef WIN32
/* On Unix, we just fprintf to stderr */
vfprintf(stderr, fmt, ap);
#else
/*
* On Win32, we print to stderr if running on a console, or write to
* eventlog if running as a service
*/
if (pgwin32_is_service()) /* Running as a service */
{
char errbuf[2048]; /* Arbitrary size? */
vsnprintf(errbuf, sizeof(errbuf), fmt, ap);
write_eventlog(EVENTLOG_ERROR_TYPE, errbuf);
}
else
/* Not running as service, write to stderr */
vfprintf(stderr, fmt, ap);
#endif
va_end(ap);
}
/*
* Given an already-localized string, print it to stdout unless the
* user has specified that no messages should be printed.
*/
static void
print_msg(const char *msg)
{
if (!silent_mode)
{
fputs(msg, stdout);
fflush(stdout);
}
}
static pgpid_t
get_pgpid(bool is_status_request)
{
FILE *pidf;
long pid;
struct stat statbuf;
if (stat(pg_data, &statbuf) != 0)
{
if (errno == ENOENT)
write_stderr(_("%s: directory \"%s\" does not exist\n"), progname,
pg_data);
else
write_stderr(_("%s: could not access directory \"%s\": %s\n"), progname,
pg_data, strerror(errno));
/*
* The Linux Standard Base Core Specification 3.1 says this should
* return '4, program or service status is unknown'
* https://refspecs.linuxbase.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
*/
exit(is_status_request ? 4 : 1);
}
if (stat(version_file, &statbuf) != 0 && errno == ENOENT)
{
write_stderr(_("%s: directory \"%s\" is not a database cluster directory\n"),
progname, pg_data);
exit(is_status_request ? 4 : 1);
}
pidf = fopen(pid_file, "r");
if (pidf == NULL)
{
/* No pid file, not an error on startup */
if (errno == ENOENT)
return 0;
else
{
write_stderr(_("%s: could not open PID file \"%s\": %s\n"),
progname, pid_file, strerror(errno));
exit(1);
}
}
if (fscanf(pidf, "%ld", &pid) != 1)
{
/* Is the file empty? */
if (ftell(pidf) == 0 && feof(pidf))
write_stderr(_("%s: the PID file \"%s\" is empty\n"),
progname, pid_file);
else
write_stderr(_("%s: invalid data in PID file \"%s\"\n"),
progname, pid_file);
exit(1);
}
fclose(pidf);
return (pgpid_t) pid;
}
/*
* get the lines from a text file - return NULL if file can't be opened
*
* Trailing newlines are deleted from the lines (this is a change from pre-v10)
*
* *numlines is set to the number of line pointers returned; there is
* also an additional NULL pointer after the last real line.
*/
static char **
readfile(const char *path, int *numlines)
{
int fd;
int nlines;
char **result;
char *buffer;
char *linebegin;
int i;
int n;
int len;
struct stat statbuf;
*numlines = 0; /* in case of failure or empty file */
/*
* Slurp the file into memory.
*
* The file can change concurrently, so we read the whole file into memory
* with a single read() call. That's not guaranteed to get an atomic
* snapshot, but in practice, for a small file, it's close enough for the
* current use.
*/
fd = open(path, O_RDONLY | PG_BINARY, 0);
if (fd < 0)
return NULL;
if (fstat(fd, &statbuf) < 0)
{
close(fd);
return NULL;
}
if (statbuf.st_size == 0)
{
/* empty file */
close(fd);
result = (char **) pg_malloc(sizeof(char *));
*result = NULL;
return result;
}
buffer = pg_malloc(statbuf.st_size + 1);
len = read(fd, buffer, statbuf.st_size + 1);
close(fd);
if (len != statbuf.st_size)
{
/* oops, the file size changed between fstat and read */
free(buffer);
return NULL;
}
/*
* Count newlines. We expect there to be a newline after each full line,
* including one at the end of file. If there isn't a newline at the end,
* any characters after the last newline will be ignored.
*/
nlines = 0;
for (i = 0; i < len; i++)
{
if (buffer[i] == '\n')
nlines++;
}
/* set up the result buffer */
result = (char **) pg_malloc((nlines + 1) * sizeof(char *));
*numlines = nlines;
/* now split the buffer into lines */
linebegin = buffer;
n = 0;
for (i = 0; i < len; i++)
{
if (buffer[i] == '\n')
{
int slen = &buffer[i] - linebegin;
char *linebuf = pg_malloc(slen + 1);
memcpy(linebuf, linebegin, slen);
/* we already dropped the \n, but get rid of any \r too */
if (slen > 0 && linebuf[slen - 1] == '\r')
slen--;
linebuf[slen] = '\0';
result[n++] = linebuf;
linebegin = &buffer[i + 1];
}
}
result[n] = NULL;
free(buffer);
return result;
}
/*
* Free memory allocated for optlines through readfile()
*/
static void
free_readfile(char **optlines)
{
char *curr_line = NULL;
int i = 0;
if (!optlines)
return;
while ((curr_line = optlines[i++]))
free(curr_line);
free(optlines);
return;
}
/*
* start/test/stop routines
*/
/*
* Start the postmaster and return its PID.
*
* Currently, on Windows what we return is the PID of the shell process
* that launched the postmaster (and, we trust, is waiting for it to exit).
* So the PID is usable for "is the postmaster still running" checks,
* but cannot be compared directly to postmaster.pid.
*
* On Windows, we also save aside a handle to the shell process in
* "postmasterProcess", which the caller should close when done with it.
*/
static pgpid_t
start_postmaster(void)
{
char cmd[MAXPGPATH];
#ifndef WIN32
pgpid_t pm_pid;
/* Flush stdio channels just before fork, to avoid double-output problems */
fflush(stdout);
fflush(stderr);
pm_pid = fork();
if (pm_pid < 0)
{
/* fork failed */
write_stderr(_("%s: could not start server: %s\n"),
progname, strerror(errno));
exit(1);
}
if (pm_pid > 0)
{
/* fork succeeded, in parent */
return pm_pid;
}
/* fork succeeded, in child */
/*
* If possible, detach the postmaster process from the launching process
* group and make it a group leader, so that it doesn't get signaled along
* with the current group that launched it.
*/
#ifdef HAVE_SETSID
if (setsid() < 0)
{
write_stderr(_("%s: could not start server due to setsid() failure: %s\n"),
progname, strerror(errno));
exit(1);
}
#endif
/*
* Since there might be quotes to handle here, it is easier simply to pass
* everything to a shell to process them.
*
* Since we aren't telling the shell to directly exec the postmaster,
* the returned PID is a parent process, the same as on Windows.
*/
if (log_file != NULL)
snprintf(cmd, MAXPGPATH, "exec < \"%s\" >> \"%s\" 2>&1; \"%s\" %s%s; echo postmaster exit status is $?",
DEVNULL, log_file, exec_path, pgdata_opt, post_opts);
else
snprintf(cmd, MAXPGPATH, "exec < \"%s\" 2>&1; \"%s\" %s%s; echo postmaster exit status is $?",
DEVNULL, exec_path, pgdata_opt, post_opts);
(void) execl("/bin/sh", "/bin/sh", "-c", cmd, (char *) NULL);
/* exec failed */
write_stderr(_("%s: could not start server: %s\n"),
progname, strerror(errno));
exit(1);
return 0; /* keep dumb compilers quiet */
#else /* WIN32 */
/*
* As with the Unix case, it's easiest to use the shell (CMD.EXE) to
* handle redirection etc. Unfortunately CMD.EXE lacks any equivalent of
* "exec", so we don't get to find out the postmaster's PID immediately.
*/
PROCESS_INFORMATION pi;
if (log_file != NULL)
snprintf(cmd, MAXPGPATH, "CMD /C \"\"%s\" %s%s < \"%s\" >> \"%s\" 2>&1\"",
exec_path, pgdata_opt, post_opts, DEVNULL, log_file);
else
snprintf(cmd, MAXPGPATH, "CMD /C \"\"%s\" %s%s < \"%s\" 2>&1\"",
exec_path, pgdata_opt, post_opts, DEVNULL);
if (!CreateRestrictedProcess(cmd, &pi, false))
{
write_stderr(_("%s: could not start server: error code %lu\n"),
progname, (unsigned long) GetLastError());
exit(1);
}
/* Don't close command process handle here; caller must do so */
postmasterProcess = pi.hProcess;
CloseHandle(pi.hThread);
return pi.dwProcessId; /* Shell's PID, not postmaster's! */
#endif /* WIN32 */
}
/*
* Wait for the postmaster to become ready.
*
* On Unix, pm_pid is the PID of the just-launched postmaster. On Windows,
* it may be the PID of an ancestor shell process, so we can't check the
* contents of postmaster.pid quite as carefully.
*
* On Windows, the static variable postmasterProcess is an implicit argument
* to this routine; it contains a handle to the postmaster process or an
* ancestor shell process thereof.
*
* Note that the checkpoint parameter enables a Windows service control
* manager checkpoint, it's got nothing to do with database checkpoints!!
*/
static WaitPMResult
wait_for_postmaster(pgpid_t pm_pid, bool do_checkpoint)
{
int i;
for (i = 0; i < wait_seconds * WAITS_PER_SEC; i++)
{
char **optlines;
int numlines;
/*
* Try to read the postmaster.pid file. If it's not valid, or if the
* status line isn't there yet, just keep waiting.
*/
if ((optlines = readfile(pid_file, &numlines)) != NULL &&
numlines >= LOCK_FILE_LINE_PM_STATUS)
{
/* File is complete enough for us, parse it */
pgpid_t pmpid;
time_t pmstart;
/*
* Make sanity checks. If it's for the wrong PID, or the recorded
* start time is before pg_ctl started, then either we are looking
* at the wrong data directory, or this is a pre-existing pidfile
* that hasn't (yet?) been overwritten by our child postmaster.
* Allow 2 seconds slop for possible cross-process clock skew.
*/
pmpid = atol(optlines[LOCK_FILE_LINE_PID - 1]);
pmstart = atol(optlines[LOCK_FILE_LINE_START_TIME - 1]);
if (pmstart >= start_time - 2 &&
/* If pid is the value we saw before starting, assume it's stale */
pmpid > 0 && pmpid != old_postmaster_pid
)
{
/*
* OK, seems to be a valid pidfile from our child. Check the
* status line (this assumes a v10 or later server).
*/
char *pmstatus = optlines[LOCK_FILE_LINE_PM_STATUS - 1];
if (strcmp(pmstatus, PM_STATUS_READY) == 0 ||
strcmp(pmstatus, PM_STATUS_STANDBY) == 0)
{
/* postmaster is done starting up */
free_readfile(optlines);
return POSTMASTER_READY;
}
}
}
/*
* Free the results of readfile.
*
* This is safe to call even if optlines is NULL.
*/
free_readfile(optlines);
/*
* Check whether the child postmaster process is still alive. This
* lets us exit early if the postmaster fails during startup.
*
* We may be checking the postmaster's parent shell, but
* that's fine for this purpose.
*/
#ifndef WIN32
{
int exitstatus;
if (waitpid((pid_t) pm_pid, &exitstatus, WNOHANG) == (pid_t) pm_pid)
return POSTMASTER_FAILED;
}
#else
if (WaitForSingleObject(postmasterProcess, 0) == WAIT_OBJECT_0)
return POSTMASTER_FAILED;
#endif
/* Startup still in process; wait, printing a dot once per second */
if (i % WAITS_PER_SEC == 0)
{
#ifdef WIN32
if (do_checkpoint)
{
/*
* Increment the wait hint by 6 secs (connection timeout +
* sleep). We must do this to indicate to the SCM that our
* startup time is changing, otherwise it'll usually send a
* stop signal after 20 seconds, despite incrementing the
* checkpoint counter.
*/
status.dwWaitHint += 6000;
status.dwCheckPoint++;
SetServiceStatus(hStatus, (LPSERVICE_STATUS) &status);
}
else
#endif
print_msg(".");
}
pg_usleep(USEC_PER_SEC / WAITS_PER_SEC);
}
/* out of patience; report that postmaster is still starting up */
return POSTMASTER_STILL_STARTING;
}
#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
static void
unlimit_core_size(void)
{
struct rlimit lim;
getrlimit(RLIMIT_CORE, &lim);
if (lim.rlim_max == 0)
{
write_stderr(_("%s: cannot set core file size limit; disallowed by hard limit\n"),
progname);
return;
}
else if (lim.rlim_max == RLIM_INFINITY || lim.rlim_cur < lim.rlim_max)
{
lim.rlim_cur = lim.rlim_max;
setrlimit(RLIMIT_CORE, &lim);
}
}
#endif
static void
read_post_opts(void)
{
if (post_opts == NULL)
{
post_opts = ""; /* default */
if (ctl_command == RESTART_COMMAND)
{
char **optlines;
int numlines;
optlines = readfile(postopts_file, &numlines);
if (optlines == NULL)
{
write_stderr(_("%s: could not read file \"%s\"\n"), progname, postopts_file);
exit(1);
}
else if (numlines != 1)
{
write_stderr(_("%s: option file \"%s\" must have exactly one line\n"),
progname, postopts_file);
exit(1);
}
else
{
char *optline;
char *arg1;
optline = optlines[0];
/*
* Are we at the first option, as defined by space and
* double-quote?
*/
if ((arg1 = strstr(optline, " \"")) != NULL)
{
*arg1 = '\0'; /* terminate so we get only program name */
post_opts = pg_strdup(arg1 + 1); /* point past whitespace */
}
if (exec_path == NULL)
exec_path = pg_strdup(optline);
}
/* Free the results of readfile. */
free_readfile(optlines);
}
}
}
/*
* SIGINT signal handler used while waiting for postmaster to start up.
* Forwards the SIGINT to the postmaster process, asking it to shut down,
* before terminating pg_ctl itself. This way, if the user hits CTRL-C while
* waiting for the server to start up, the server launch is aborted.
*/
static void
trap_sigint_during_startup(int sig)
{
if (postmasterPID != -1)
{
if (kill(postmasterPID, SIGINT) != 0)
write_stderr(_("%s: could not send stop signal (PID: %ld): %s\n"),
progname, (pgpid_t) postmasterPID, strerror(errno));
}
/*
* Clear the signal handler, and send the signal again, to terminate the
* process as normal.
*/
pqsignal(SIGINT, SIG_DFL);
raise(SIGINT);
}
static char *
find_other_exec_or_die(const char *argv0, const char *target, const char *versionstr)
{
int ret;
char *found_path;
found_path = pg_malloc(MAXPGPATH);
if ((ret = find_other_exec(argv0, target, versionstr, found_path)) < 0)
{
char full_path[MAXPGPATH];
if (find_my_exec(argv0, full_path) < 0)
strlcpy(full_path, progname, sizeof(full_path));
if (ret == -1)
write_stderr(_("The program \"%s\" is needed by %s "
"but was not found in the\n"
"same directory as \"%s\".\n"
"Check your installation.\n"),
target, progname, full_path);
else
write_stderr(_("The program \"%s\" was found by \"%s\"\n"
"but was not the same version as %s.\n"
"Check your installation.\n"),
target, full_path, progname);
exit(1);
}
return found_path;
}
static void
do_init(void)
{
char cmd[MAXPGPATH];
if (exec_path == NULL)
exec_path = find_other_exec_or_die(argv0, "initdb", "initdb (PostgreSQL) " PG_VERSION "\n");
if (pgdata_opt == NULL)
pgdata_opt = "";
if (post_opts == NULL)
post_opts = "";
if (!silent_mode)
snprintf(cmd, MAXPGPATH, "\"%s\" %s%s",
exec_path, pgdata_opt, post_opts);
else
snprintf(cmd, MAXPGPATH, "\"%s\" %s%s > \"%s\"",
exec_path, pgdata_opt, post_opts, DEVNULL);
if (system(cmd) != 0)
{
write_stderr(_("%s: database system initialization failed\n"), progname);
exit(1);
}
}
static void
do_start(void)
{
pgpid_t pm_pid;
if (ctl_command != RESTART_COMMAND)
{
old_postmaster_pid = get_pgpid(false);
if (old_postmaster_pid != 0)
write_stderr(_("%s: another server might be running; "
"trying to start server anyway\n"),
progname);
}
read_post_opts();
/* No -D or -D already added during server start */
if (ctl_command == RESTART_COMMAND || pgdata_opt == NULL)
pgdata_opt = "";
if (exec_path == NULL)
exec_path = find_other_exec_or_die(argv0, "postgres", PG_BACKEND_VERSIONSTR);
#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
if (allow_core_files)
unlimit_core_size();
#endif
/*
* If possible, tell the postmaster our parent shell's PID (see the
* comments in CreateLockFile() for motivation). Windows hasn't got
* getppid() unfortunately.
*/
#ifndef WIN32
{
static char env_var[32];
snprintf(env_var, sizeof(env_var), "PG_GRANDPARENT_PID=%d",
(int) getppid());
putenv(env_var);
}
#endif
pm_pid = start_postmaster();
if (do_wait)
{
/*
* If the user interrupts the startup (e.g. with CTRL-C), we'd like to
* abort the server launch. Install a signal handler that will
* forward SIGINT to the postmaster process, while we wait.
*
* (We don't bother to reset the signal handler after the launch, as
* we're about to exit, anyway.)
*/
postmasterPID = pm_pid;
pqsignal(SIGINT, trap_sigint_during_startup);
print_msg(_("waiting for server to start..."));
switch (wait_for_postmaster(pm_pid, false))
{
case POSTMASTER_READY:
print_msg(_(" done\n"));
print_msg(_("server started\n"));
break;
case POSTMASTER_STILL_STARTING:
print_msg(_(" stopped waiting\n"));
write_stderr(_("%s: server did not start in time\n"),
progname);
exit(1);
break;
case POSTMASTER_FAILED:
print_msg(_(" stopped waiting\n"));
write_stderr(_("%s: could not start server\n"
"Examine the log output.\n"),
progname);
exit(1);
break;
}
}
else
print_msg(_("server starting\n"));
#ifdef WIN32
/* Now we don't need the handle to the shell process anymore */
CloseHandle(postmasterProcess);
postmasterProcess = INVALID_HANDLE_VALUE;
#endif
}
static void
do_stop(void)
{
int cnt;
pgpid_t pid;
struct stat statbuf;
pid = get_pgpid(false);
if (pid == 0) /* no pid file */
{
write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
write_stderr(_("Is server running?\n"));
exit(1);
}
else if (pid < 0) /* standalone backend, not postmaster */
{
pid = -pid;
write_stderr(_("%s: cannot stop server; "
"single-user server is running (PID: %ld)\n"),
progname, pid);
exit(1);
}
if (kill((pid_t) pid, sig) != 0)
{
write_stderr(_("%s: could not send stop signal (PID: %ld): %s\n"), progname, pid,
strerror(errno));
exit(1);
}
if (!do_wait)
{
print_msg(_("server shutting down\n"));
return;
}
else
{
/*
* If backup_label exists, an online backup is running. Warn the user
* that smart shutdown will wait for it to finish. However, if the
* server is in archive recovery, we're recovering from an online
* backup instead of performing one.
*/
if (shutdown_mode == SMART_MODE &&
stat(backup_file, &statbuf) == 0 &&
get_control_dbstate() != DB_IN_ARCHIVE_RECOVERY)
{
print_msg(_("WARNING: online backup mode is active\n"
"Shutdown will not complete until pg_stop_backup() is called.\n\n"));
}
print_msg(_("waiting for server to shut down..."));
for (cnt = 0; cnt < wait_seconds * WAITS_PER_SEC; cnt++)
{
if ((pid = get_pgpid(false)) != 0)
{
if (cnt % WAITS_PER_SEC == 0)
print_msg(".");
pg_usleep(USEC_PER_SEC / WAITS_PER_SEC);
}
else
break;
}
if (pid != 0) /* pid file still exists */
{
print_msg(_(" failed\n"));
write_stderr(_("%s: server does not shut down\n"), progname);
if (shutdown_mode == SMART_MODE)
write_stderr(_("HINT: The \"-m fast\" option immediately disconnects sessions rather than\n"
"waiting for session-initiated disconnection.\n"));
exit(1);
}
print_msg(_(" done\n"));
print_msg(_("server stopped\n"));
}
}
/*
* restart/reload routines
*/
static void
do_restart(void)
{
int cnt;
pgpid_t pid;
struct stat statbuf;
pid = get_pgpid(false);
if (pid == 0) /* no pid file */
{
write_stderr(_("%s: PID file \"%s\" does not exist\n"),
progname, pid_file);
write_stderr(_("Is server running?\n"));
write_stderr(_("trying to start server anyway\n"));
do_start();
return;
}
else if (pid < 0) /* standalone backend, not postmaster */
{
pid = -pid;
if (postmaster_is_alive((pid_t) pid))
{
write_stderr(_("%s: cannot restart server; "
"single-user server is running (PID: %ld)\n"),
progname, pid);
write_stderr(_("Please terminate the single-user server and try again.\n"));
exit(1);
}
}
if (postmaster_is_alive((pid_t) pid))
{
if (kill((pid_t) pid, sig) != 0)
{
write_stderr(_("%s: could not send stop signal (PID: %ld): %s\n"), progname, pid,
strerror(errno));
exit(1);
}
/*
* If backup_label exists, an online backup is running. Warn the user
* that smart shutdown will wait for it to finish. However, if the
* server is in archive recovery, we're recovering from an online
* backup instead of performing one.
*/
if (shutdown_mode == SMART_MODE &&
stat(backup_file, &statbuf) == 0 &&
get_control_dbstate() != DB_IN_ARCHIVE_RECOVERY)
{
print_msg(_("WARNING: online backup mode is active\n"
"Shutdown will not complete until pg_stop_backup() is called.\n\n"));
}
print_msg(_("waiting for server to shut down..."));
/* always wait for restart */
for (cnt = 0; cnt < wait_seconds * WAITS_PER_SEC; cnt++)
{
if ((pid = get_pgpid(false)) != 0)
{
if (cnt % WAITS_PER_SEC == 0)
print_msg(".");
pg_usleep(USEC_PER_SEC / WAITS_PER_SEC);
}
else
break;
}
if (pid != 0) /* pid file still exists */
{
print_msg(_(" failed\n"));
write_stderr(_("%s: server does not shut down\n"), progname);
if (shutdown_mode == SMART_MODE)
write_stderr(_("HINT: The \"-m fast\" option immediately disconnects sessions rather than\n"
"waiting for session-initiated disconnection.\n"));
exit(1);
}
print_msg(_(" done\n"));
print_msg(_("server stopped\n"));
}
else
{
write_stderr(_("%s: old server process (PID: %ld) seems to be gone\n"),
progname, pid);
write_stderr(_("starting server anyway\n"));
}
do_start();
}
static void
do_reload(void)
{
pgpid_t pid;
pid = get_pgpid(false);
if (pid == 0) /* no pid file */
{
write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
write_stderr(_("Is server running?\n"));
exit(1);
}
else if (pid < 0) /* standalone backend, not postmaster */
{
pid = -pid;
write_stderr(_("%s: cannot reload server; "
"single-user server is running (PID: %ld)\n"),
progname, pid);
write_stderr(_("Please terminate the single-user server and try again.\n"));
exit(1);
}
if (kill((pid_t) pid, sig) != 0)
{
write_stderr(_("%s: could not send reload signal (PID: %ld): %s\n"),
progname, pid, strerror(errno));
exit(1);
}
print_msg(_("server signaled\n"));
}
/*
* promote
*/
static void
do_promote(void)
{
FILE *prmfile;
pgpid_t pid;
pid = get_pgpid(false);
if (pid == 0) /* no pid file */
{
write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
write_stderr(_("Is server running?\n"));
exit(1);
}
else if (pid < 0) /* standalone backend, not postmaster */
{
pid = -pid;
write_stderr(_("%s: cannot promote server; "
"single-user server is running (PID: %ld)\n"),
progname, pid);
exit(1);
}
if (get_control_dbstate() != DB_IN_ARCHIVE_RECOVERY)
{
write_stderr(_("%s: cannot promote server; "
"server is not in standby mode\n"),
progname);
exit(1);
}
/*
* For 9.3 onwards, "fast" promotion is performed. Promotion with a full
* checkpoint is still possible by writing a file called
* "fallback_promote" instead of "promote"
*/
snprintf(promote_file, MAXPGPATH, "%s/promote", pg_data);
if ((prmfile = fopen(promote_file, "w")) == NULL)
{
write_stderr(_("%s: could not create promote signal file \"%s\": %s\n"),
progname, promote_file, strerror(errno));
exit(1);
}
if (fclose(prmfile))
{
write_stderr(_("%s: could not write promote signal file \"%s\": %s\n"),
progname, promote_file, strerror(errno));
exit(1);
}
sig = SIGUSR1;
if (kill((pid_t) pid, sig) != 0)
{
write_stderr(_("%s: could not send promote signal (PID: %ld): %s\n"),
progname, pid, strerror(errno));
if (unlink(promote_file) != 0)
write_stderr(_("%s: could not remove promote signal file \"%s\": %s\n"),
progname, promote_file, strerror(errno));
exit(1);
}
if (do_wait)
{
DBState state = DB_STARTUP;
int cnt;
print_msg(_("waiting for server to promote..."));
for (cnt = 0; cnt < wait_seconds * WAITS_PER_SEC; cnt++)
{
state = get_control_dbstate();
if (state == DB_IN_PRODUCTION)
break;
if (cnt % WAITS_PER_SEC == 0)
print_msg(".");
pg_usleep(USEC_PER_SEC / WAITS_PER_SEC);
}
if (state == DB_IN_PRODUCTION)
{
print_msg(_(" done\n"));
print_msg(_("server promoted\n"));
}
else
{
print_msg(_(" stopped waiting\n"));
write_stderr(_("%s: server did not promote in time\n"),
progname);
exit(1);
}
}
else
print_msg(_("server promoting\n"));
}
/*
* log rotate
*/
static void
do_logrotate(void)
{
FILE *logrotatefile;
pgpid_t pid;
pid = get_pgpid(false);
if (pid == 0) /* no pid file */
{
write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
write_stderr(_("Is server running?\n"));
exit(1);
}
else if (pid < 0) /* standalone backend, not postmaster */
{
pid = -pid;
write_stderr(_("%s: cannot rotate log file; "
"single-user server is running (PID: %ld)\n"),
progname, pid);
exit(1);
}
snprintf(logrotate_file, MAXPGPATH, "%s/logrotate", pg_data);
if ((logrotatefile = fopen(logrotate_file, "w")) == NULL)
{
write_stderr(_("%s: could not create log rotation signal file \"%s\": %s\n"),
progname, logrotate_file, strerror(errno));
exit(1);
}
if (fclose(logrotatefile))
{
write_stderr(_("%s: could not write log rotation signal file \"%s\": %s\n"),
progname, logrotate_file, strerror(errno));
exit(1);
}
sig = SIGUSR1;
if (kill((pid_t) pid, sig) != 0)
{
write_stderr(_("%s: could not send log rotation signal (PID: %ld): %s\n"),
progname, pid, strerror(errno));
if (unlink(logrotate_file) != 0)
write_stderr(_("%s: could not remove log rotation signal file \"%s\": %s\n"),
progname, logrotate_file, strerror(errno));
exit(1);
}
print_msg(_("server signaled to rotate log file\n"));
}
/*
* utility routines
*/
static bool
postmaster_is_alive(pid_t pid)
{
/*
* Test to see if the process is still there. Note that we do not
* consider an EPERM failure to mean that the process is still there;
* EPERM must mean that the given PID belongs to some other userid, and
* considering the permissions on $PGDATA, that means it's not the
* postmaster we are after.
*
* Don't believe that our own PID or parent shell's PID is the postmaster,
* either. (Windows hasn't got getppid(), though.)
*/
if (pid == getpid())
return false;
#ifndef WIN32
if (pid == getppid())
return false;
#endif
if (kill(pid, 0) == 0)
return true;
return false;
}
static void
do_status(void)
{
pgpid_t pid;
pid = get_pgpid(true);
/* Is there a pid file? */
if (pid != 0)
{
/* standalone backend? */
if (pid < 0)
{
pid = -pid;
if (postmaster_is_alive((pid_t) pid))
{
printf(_("%s: single-user server is running (PID: %ld)\n"),
progname, pid);
return;
}
}
else
/* must be a postmaster */
{
if (postmaster_is_alive((pid_t) pid))
{
char **optlines;
char **curr_line;
int numlines;
printf(_("%s: server is running (PID: %ld)\n"),
progname, pid);
optlines = readfile(postopts_file, &numlines);
if (optlines != NULL)
{
for (curr_line = optlines; *curr_line != NULL; curr_line++)
puts(*curr_line);
/* Free the results of readfile */
free_readfile(optlines);
}
return;
}
}
}
printf(_("%s: no server running\n"), progname);
/*
* The Linux Standard Base Core Specification 3.1 says this should return
* '3, program is not running'
* https://refspecs.linuxbase.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
*/
exit(3);
}
static void
do_kill(pgpid_t pid)
{
if (kill((pid_t) pid, sig) != 0)
{
write_stderr(_("%s: could not send signal %d (PID: %ld): %s\n"),
progname, sig, pid, strerror(errno));
exit(1);
}
}
#ifdef WIN32
static bool
pgwin32_IsInstalled(SC_HANDLE hSCM)
{
SC_HANDLE hService = OpenService(hSCM, register_servicename, SERVICE_QUERY_CONFIG);
bool bResult = (hService != NULL);
if (bResult)
CloseServiceHandle(hService);
return bResult;
}
static char *
pgwin32_CommandLine(bool registration)
{
PQExpBuffer cmdLine = createPQExpBuffer();
char cmdPath[MAXPGPATH];
int ret;
if (registration)
{
ret = find_my_exec(argv0, cmdPath);
if (ret != 0)
{
write_stderr(_("%s: could not find own program executable\n"), progname);
exit(1);
}
}
else
{
ret = find_other_exec(argv0, "postgres", PG_BACKEND_VERSIONSTR,
cmdPath);
if (ret != 0)
{
write_stderr(_("%s: could not find postgres program executable\n"), progname);
exit(1);
}
}
/* if path does not end in .exe, append it */
if (strlen(cmdPath) < 4 ||
pg_strcasecmp(cmdPath + strlen(cmdPath) - 4, ".exe") != 0)
snprintf(cmdPath + strlen(cmdPath), sizeof(cmdPath) - strlen(cmdPath),
".exe");
/* use backslashes in path to avoid problems with some third-party tools */
make_native_path(cmdPath);
/* be sure to double-quote the executable's name in the command */
appendPQExpBuffer(cmdLine, "\"%s\"", cmdPath);
/* append assorted switches to the command line, as needed */
if (registration)
appendPQExpBuffer(cmdLine, " runservice -N \"%s\"",
register_servicename);
if (pg_config)
{
/* We need the -D path to be absolute */
char *dataDir;
if ((dataDir = make_absolute_path(pg_config)) == NULL)
{
/* make_absolute_path already reported the error */
exit(1);
}
make_native_path(dataDir);
appendPQExpBuffer(cmdLine, " -D \"%s\"", dataDir);
free(dataDir);
}
if (registration && event_source != NULL)
appendPQExpBuffer(cmdLine, " -e \"%s\"", event_source);
if (registration && do_wait)
appendPQExpBufferStr(cmdLine, " -w");
/* Don't propagate a value from an environment variable. */
if (registration && wait_seconds_arg && wait_seconds != DEFAULT_WAIT)
appendPQExpBuffer(cmdLine, " -t %d", wait_seconds);
if (registration && silent_mode)
appendPQExpBufferStr(cmdLine, " -s");
if (post_opts)
{
if (registration)
appendPQExpBuffer(cmdLine, " -o \"%s\"", post_opts);
else
appendPQExpBuffer(cmdLine, " %s", post_opts);
}
return cmdLine->data;
}
static void
pgwin32_doRegister(void)
{
SC_HANDLE hService;
SC_HANDLE hSCM = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCM == NULL)
{
write_stderr(_("%s: could not open service manager\n"), progname);
exit(1);
}
if (pgwin32_IsInstalled(hSCM))
{
CloseServiceHandle(hSCM);
write_stderr(_("%s: service \"%s\" already registered\n"), progname, register_servicename);
exit(1);
}
if ((hService = CreateService(hSCM, register_servicename, register_servicename,
SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS,
pgctl_start_type, SERVICE_ERROR_NORMAL,
pgwin32_CommandLine(true),
NULL, NULL, "RPCSS\0", register_username, register_password)) == NULL)
{
CloseServiceHandle(hSCM);
write_stderr(_("%s: could not register service \"%s\": error code %lu\n"),
progname, register_servicename,
(unsigned long) GetLastError());
exit(1);
}
CloseServiceHandle(hService);
CloseServiceHandle(hSCM);
}
static void
pgwin32_doUnregister(void)
{
SC_HANDLE hService;
SC_HANDLE hSCM = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCM == NULL)
{
write_stderr(_("%s: could not open service manager\n"), progname);
exit(1);
}
if (!pgwin32_IsInstalled(hSCM))
{
CloseServiceHandle(hSCM);
write_stderr(_("%s: service \"%s\" not registered\n"), progname, register_servicename);
exit(1);
}
if ((hService = OpenService(hSCM, register_servicename, DELETE)) == NULL)
{
CloseServiceHandle(hSCM);
write_stderr(_("%s: could not open service \"%s\": error code %lu\n"),
progname, register_servicename,
(unsigned long) GetLastError());
exit(1);
}
if (!DeleteService(hService))
{
CloseServiceHandle(hService);
CloseServiceHandle(hSCM);
write_stderr(_("%s: could not unregister service \"%s\": error code %lu\n"),
progname, register_servicename,
(unsigned long) GetLastError());
exit(1);
}
CloseServiceHandle(hService);
CloseServiceHandle(hSCM);
}
static void
pgwin32_SetServiceStatus(DWORD currentState)
{
status.dwCurrentState = currentState;
SetServiceStatus(hStatus, (LPSERVICE_STATUS) &status);
}
static void WINAPI
pgwin32_ServiceHandler(DWORD request)
{
switch (request)
{
case SERVICE_CONTROL_STOP:
case SERVICE_CONTROL_SHUTDOWN:
/*
* We only need a short wait hint here as it just needs to wait
* for the next checkpoint. They occur every 5 seconds during
* shutdown
*/
status.dwWaitHint = 10000;
pgwin32_SetServiceStatus(SERVICE_STOP_PENDING);
SetEvent(shutdownEvent);
return;
case SERVICE_CONTROL_PAUSE:
/* Win32 config reloading */
status.dwWaitHint = 5000;
kill(postmasterPID, SIGHUP);
return;
/* FIXME: These could be used to replace other signals etc */
case SERVICE_CONTROL_CONTINUE:
case SERVICE_CONTROL_INTERROGATE:
default:
break;
}
}
static void WINAPI
pgwin32_ServiceMain(DWORD argc, LPTSTR *argv)
{
PROCESS_INFORMATION pi;
DWORD ret;
/* Initialize variables */
status.dwWin32ExitCode = S_OK;
status.dwCheckPoint = 0;
status.dwWaitHint = 60000;
status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
status.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN | SERVICE_ACCEPT_PAUSE_CONTINUE;
status.dwServiceSpecificExitCode = 0;
status.dwCurrentState = SERVICE_START_PENDING;
memset(&pi, 0, sizeof(pi));
read_post_opts();
/* Register the control request handler */
if ((hStatus = RegisterServiceCtrlHandler(register_servicename, pgwin32_ServiceHandler)) == (SERVICE_STATUS_HANDLE) 0)
return;
if ((shutdownEvent = CreateEvent(NULL, true, false, NULL)) == NULL)
return;
/* Start the postmaster */
pgwin32_SetServiceStatus(SERVICE_START_PENDING);
if (!CreateRestrictedProcess(pgwin32_CommandLine(false), &pi, true))
{
pgwin32_SetServiceStatus(SERVICE_STOPPED);
return;
}
postmasterPID = pi.dwProcessId;
postmasterProcess = pi.hProcess;
CloseHandle(pi.hThread);
if (do_wait)
{
write_eventlog(EVENTLOG_INFORMATION_TYPE, _("Waiting for server startup...\n"));
if (wait_for_postmaster(postmasterPID, true) != POSTMASTER_READY)
{
write_eventlog(EVENTLOG_ERROR_TYPE, _("Timed out waiting for server startup\n"));
pgwin32_SetServiceStatus(SERVICE_STOPPED);
return;
}
write_eventlog(EVENTLOG_INFORMATION_TYPE, _("Server started and accepting connections\n"));
}
pgwin32_SetServiceStatus(SERVICE_RUNNING);
/* Wait for quit... */
ret = WaitForMultipleObjects(2, shutdownHandles, FALSE, INFINITE);
pgwin32_SetServiceStatus(SERVICE_STOP_PENDING);
switch (ret)
{
case WAIT_OBJECT_0: /* shutdown event */
{
/*
* status.dwCheckPoint can be incremented by
* wait_for_postmaster(), so it might not start from 0.
*/
int maxShutdownCheckPoint = status.dwCheckPoint + 12;
kill(postmasterPID, SIGINT);
/*
* Increment the checkpoint and try again. Abort after 12
* checkpoints as the postmaster has probably hung.
*/
while (WaitForSingleObject(postmasterProcess, 5000) == WAIT_TIMEOUT && status.dwCheckPoint < maxShutdownCheckPoint)
{
status.dwCheckPoint++;
SetServiceStatus(hStatus, (LPSERVICE_STATUS) &status);
}
break;
}
case (WAIT_OBJECT_0 + 1): /* postmaster went down */
break;
default:
/* shouldn't get here? */
break;
}
CloseHandle(shutdownEvent);
CloseHandle(postmasterProcess);
pgwin32_SetServiceStatus(SERVICE_STOPPED);
}
static void
pgwin32_doRunAsService(void)
{
SERVICE_TABLE_ENTRY st[] = {{register_servicename, pgwin32_ServiceMain},
{NULL, NULL}};
if (StartServiceCtrlDispatcher(st) == 0)
{
write_stderr(_("%s: could not start service \"%s\": error code %lu\n"),
progname, register_servicename,
(unsigned long) GetLastError());
exit(1);
}
}
/*
* Mingw headers are incomplete, and so are the libraries. So we have to load
* a whole lot of API functions dynamically. Since we have to do this anyway,
* also load the couple of functions that *do* exist in mingw headers but not
* on NT4. That way, we don't break on NT4.
*/
typedef BOOL (WINAPI * __CreateRestrictedToken) (HANDLE, DWORD, DWORD, PSID_AND_ATTRIBUTES, DWORD, PLUID_AND_ATTRIBUTES, DWORD, PSID_AND_ATTRIBUTES, PHANDLE);
typedef BOOL (WINAPI * __IsProcessInJob) (HANDLE, HANDLE, PBOOL);
typedef HANDLE (WINAPI * __CreateJobObject) (LPSECURITY_ATTRIBUTES, LPCTSTR);
typedef BOOL (WINAPI * __SetInformationJobObject) (HANDLE, JOBOBJECTINFOCLASS, LPVOID, DWORD);
typedef BOOL (WINAPI * __AssignProcessToJobObject) (HANDLE, HANDLE);
typedef BOOL (WINAPI * __QueryInformationJobObject) (HANDLE, JOBOBJECTINFOCLASS, LPVOID, DWORD, LPDWORD);
/*
* Create a restricted token, a job object sandbox, and execute the specified
* process with it.
*
* Returns 0 on success, non-zero on failure, same as CreateProcess().
*
* On NT4, or any other system not containing the required functions, will
* launch the process under the current token without doing any modifications.
*
* NOTE! Job object will only work when running as a service, because it's
* automatically destroyed when pg_ctl exits.
*/
static int
CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, bool as_service)
{
int r;
BOOL b;
STARTUPINFO si;
HANDLE origToken;
HANDLE restrictedToken;
SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
SID_AND_ATTRIBUTES dropSids[2];
PTOKEN_PRIVILEGES delPrivs;
/* Functions loaded dynamically */
__CreateRestrictedToken _CreateRestrictedToken = NULL;
__IsProcessInJob _IsProcessInJob = NULL;
__CreateJobObject _CreateJobObject = NULL;
__SetInformationJobObject _SetInformationJobObject = NULL;
__AssignProcessToJobObject _AssignProcessToJobObject = NULL;
__QueryInformationJobObject _QueryInformationJobObject = NULL;
HANDLE Kernel32Handle;
HANDLE Advapi32Handle;
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
Advapi32Handle = LoadLibrary("ADVAPI32.DLL");
if (Advapi32Handle != NULL)
{
_CreateRestrictedToken = (__CreateRestrictedToken) GetProcAddress(Advapi32Handle, "CreateRestrictedToken");
}
if (_CreateRestrictedToken == NULL)
{
/*
* NT4 doesn't have CreateRestrictedToken, so just call ordinary
* CreateProcess
*/
write_stderr(_("%s: WARNING: cannot create restricted tokens on this platform\n"), progname);
if (Advapi32Handle != NULL)
FreeLibrary(Advapi32Handle);
return CreateProcess(NULL, cmd, NULL, NULL, FALSE, 0, NULL, NULL, &si, processInfo);
}
/* Open the current token to use as a base for the restricted one */
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &origToken))
{
/*
* Most Windows targets make DWORD a 32-bit unsigned long, but in case
* it doesn't cast DWORD before printing.
*/
write_stderr(_("%s: could not open process token: error code %lu\n"),
progname, (unsigned long) GetLastError());
return 0;
}
/* Allocate list of SIDs to remove */
ZeroMemory(&dropSids, sizeof(dropSids));
if (!AllocateAndInitializeSid(&NtAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0,
0, &dropSids[0].Sid) ||
!AllocateAndInitializeSid(&NtAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS, 0, 0, 0, 0, 0,
0, &dropSids[1].Sid))
{
write_stderr(_("%s: could not allocate SIDs: error code %lu\n"),
progname, (unsigned long) GetLastError());
return 0;
}
/* Get list of privileges to remove */
delPrivs = GetPrivilegesToDelete(origToken);
if (delPrivs == NULL)
/* Error message already printed */
return 0;
b = _CreateRestrictedToken(origToken,
0,
sizeof(dropSids) / sizeof(dropSids[0]),
dropSids,
delPrivs->PrivilegeCount, delPrivs->Privileges,
0, NULL,
&restrictedToken);
free(delPrivs);
FreeSid(dropSids[1].Sid);
FreeSid(dropSids[0].Sid);
CloseHandle(origToken);
FreeLibrary(Advapi32Handle);
if (!b)
{
write_stderr(_("%s: could not create restricted token: error code %lu\n"),
progname, (unsigned long) GetLastError());
return 0;
}
AddUserToTokenDacl(restrictedToken);
r = CreateProcessAsUser(restrictedToken, NULL, cmd, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, &si, processInfo);
Kernel32Handle = LoadLibrary("KERNEL32.DLL");
if (Kernel32Handle != NULL)
{
_IsProcessInJob = (__IsProcessInJob) GetProcAddress(Kernel32Handle, "IsProcessInJob");
_CreateJobObject = (__CreateJobObject) GetProcAddress(Kernel32Handle, "CreateJobObjectA");
_SetInformationJobObject = (__SetInformationJobObject) GetProcAddress(Kernel32Handle, "SetInformationJobObject");
_AssignProcessToJobObject = (__AssignProcessToJobObject) GetProcAddress(Kernel32Handle, "AssignProcessToJobObject");
_QueryInformationJobObject = (__QueryInformationJobObject) GetProcAddress(Kernel32Handle, "QueryInformationJobObject");
}
/* Verify that we found all functions */
if (_IsProcessInJob == NULL || _CreateJobObject == NULL || _SetInformationJobObject == NULL || _AssignProcessToJobObject == NULL || _QueryInformationJobObject == NULL)
{
/*
* IsProcessInJob() is not available on < WinXP, so there is no need
* to log the error every time in that case
*/
if (IsWindowsXPOrGreater())
/*
* Log error if we can't get version, or if we're on WinXP/2003 or
* newer
*/
write_stderr(_("%s: WARNING: could not locate all job object functions in system API\n"), progname);
}
else
{
BOOL inJob;
if (_IsProcessInJob(processInfo->hProcess, NULL, &inJob))
{
if (!inJob)
{
/*
* Job objects are working, and the new process isn't in one,
* so we can create one safely. If any problems show up when
* setting it, we're going to ignore them.
*/
HANDLE job;
char jobname[128];
sprintf(jobname, "PostgreSQL_%lu",
(unsigned long) processInfo->dwProcessId);
job = _CreateJobObject(NULL, jobname);
if (job)
{
JOBOBJECT_BASIC_LIMIT_INFORMATION basicLimit;
JOBOBJECT_BASIC_UI_RESTRICTIONS uiRestrictions;
JOBOBJECT_SECURITY_LIMIT_INFORMATION securityLimit;
ZeroMemory(&basicLimit, sizeof(basicLimit));
ZeroMemory(&uiRestrictions, sizeof(uiRestrictions));
ZeroMemory(&securityLimit, sizeof(securityLimit));
basicLimit.LimitFlags = JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION | JOB_OBJECT_LIMIT_PRIORITY_CLASS;
basicLimit.PriorityClass = NORMAL_PRIORITY_CLASS;
_SetInformationJobObject(job, JobObjectBasicLimitInformation, &basicLimit, sizeof(basicLimit));
uiRestrictions.UIRestrictionsClass = JOB_OBJECT_UILIMIT_DESKTOP | JOB_OBJECT_UILIMIT_DISPLAYSETTINGS |
JOB_OBJECT_UILIMIT_EXITWINDOWS | JOB_OBJECT_UILIMIT_READCLIPBOARD |
JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS | JOB_OBJECT_UILIMIT_WRITECLIPBOARD;
if (as_service)
{
if (!IsWindows7OrGreater())
{
/*
* On Windows 7 (and presumably later),
* JOB_OBJECT_UILIMIT_HANDLES prevents us from
* starting as a service. So we only enable it on
* Vista and earlier (version <= 6.0)
*/
uiRestrictions.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_HANDLES;
}
}
_SetInformationJobObject(job, JobObjectBasicUIRestrictions, &uiRestrictions, sizeof(uiRestrictions));
securityLimit.SecurityLimitFlags = JOB_OBJECT_SECURITY_NO_ADMIN | JOB_OBJECT_SECURITY_ONLY_TOKEN;
securityLimit.JobToken = restrictedToken;
_SetInformationJobObject(job, JobObjectSecurityLimitInformation, &securityLimit, sizeof(securityLimit));
_AssignProcessToJobObject(job, processInfo->hProcess);
}
}
}
}
CloseHandle(restrictedToken);
ResumeThread(processInfo->hThread);
FreeLibrary(Kernel32Handle);
/*
* We intentionally don't close the job object handle, because we want the
* object to live on until pg_ctl shuts down.
*/
return r;
}
/*
* Get a list of privileges to delete from the access token. We delete all privileges
* except SeLockMemoryPrivilege which is needed to use large pages, and
* SeChangeNotifyPrivilege which is enabled by default in DISABLE_MAX_PRIVILEGE.
*/
static PTOKEN_PRIVILEGES
GetPrivilegesToDelete(HANDLE hToken)
{
int i,
j;
DWORD length;
PTOKEN_PRIVILEGES tokenPrivs;
LUID luidLockPages;
LUID luidChangeNotify;
if (!LookupPrivilegeValue(NULL, SE_LOCK_MEMORY_NAME, &luidLockPages) ||
!LookupPrivilegeValue(NULL, SE_CHANGE_NOTIFY_NAME, &luidChangeNotify))
{
write_stderr(_("%s: could not get LUIDs for privileges: error code %lu\n"),
progname, (unsigned long) GetLastError());
return NULL;
}
if (!GetTokenInformation(hToken, TokenPrivileges, NULL, 0, &length) &&
GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
write_stderr(_("%s: could not get token information: error code %lu\n"),
progname, (unsigned long) GetLastError());
return NULL;
}
tokenPrivs = (PTOKEN_PRIVILEGES) pg_malloc_extended(length,
MCXT_ALLOC_NO_OOM);
if (tokenPrivs == NULL)
{
write_stderr(_("%s: out of memory\n"), progname);
return NULL;
}
if (!GetTokenInformation(hToken, TokenPrivileges, tokenPrivs, length, &length))
{
write_stderr(_("%s: could not get token information: error code %lu\n"),
progname, (unsigned long) GetLastError());
free(tokenPrivs);
return NULL;
}
for (i = 0; i < tokenPrivs->PrivilegeCount; i++)
{
if (memcmp(&tokenPrivs->Privileges[i].Luid, &luidLockPages, sizeof(LUID)) == 0 ||
memcmp(&tokenPrivs->Privileges[i].Luid, &luidChangeNotify, sizeof(LUID)) == 0)
{
for (j = i; j < tokenPrivs->PrivilegeCount - 1; j++)
tokenPrivs->Privileges[j] = tokenPrivs->Privileges[j + 1];
tokenPrivs->PrivilegeCount--;
}
}
return tokenPrivs;
}
#endif /* WIN32 */
static void
do_advice(void)
{
write_stderr(_("Try \"%s --help\" for more information.\n"), progname);
}
static void
do_help(void)
{
printf(_("%s is a utility to initialize, start, stop, or control a PostgreSQL server.\n\n"), progname);
printf(_("Usage:\n"));
printf(_(" %s init[db] [-D DATADIR] [-s] [-o OPTIONS]\n"), progname);
printf(_(" %s start [-D DATADIR] [-l FILENAME] [-W] [-t SECS] [-s]\n"
" [-o OPTIONS] [-p PATH] [-c]\n"), progname);
printf(_(" %s stop [-D DATADIR] [-m SHUTDOWN-MODE] [-W] [-t SECS] [-s]\n"), progname);
printf(_(" %s restart [-D DATADIR] [-m SHUTDOWN-MODE] [-W] [-t SECS] [-s]\n"
" [-o OPTIONS] [-c]\n"), progname);
printf(_(" %s reload [-D DATADIR] [-s]\n"), progname);
printf(_(" %s status [-D DATADIR]\n"), progname);
printf(_(" %s promote [-D DATADIR] [-W] [-t SECS] [-s]\n"), progname);
printf(_(" %s logrotate [-D DATADIR] [-s]\n"), progname);
printf(_(" %s kill SIGNALNAME PID\n"), progname);
#ifdef WIN32
printf(_(" %s register [-D DATADIR] [-N SERVICENAME] [-U USERNAME] [-P PASSWORD]\n"
" [-S START-TYPE] [-e SOURCE] [-W] [-t SECS] [-s] [-o OPTIONS]\n"), progname);
printf(_(" %s unregister [-N SERVICENAME]\n"), progname);
#endif
printf(_("\nCommon options:\n"));
printf(_(" -D, --pgdata=DATADIR location of the database storage area\n"));
#ifdef WIN32
printf(_(" -e SOURCE event source for logging when running as a service\n"));
#endif
printf(_(" -s, --silent only print errors, no informational messages\n"));
printf(_(" -t, --timeout=SECS seconds to wait when using -w option\n"));
printf(_(" -V, --version output version information, then exit\n"));
printf(_(" -w, --wait wait until operation completes (default)\n"));
printf(_(" -W, --no-wait do not wait until operation completes\n"));
printf(_(" -?, --help show this help, then exit\n"));
printf(_("If the -D option is omitted, the environment variable PGDATA is used.\n"));
printf(_("\nOptions for start or restart:\n"));
#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
printf(_(" -c, --core-files allow postgres to produce core files\n"));
#else
printf(_(" -c, --core-files not applicable on this platform\n"));
#endif
printf(_(" -l, --log=FILENAME write (or append) server log to FILENAME\n"));
printf(_(" -o, --options=OPTIONS command line options to pass to postgres\n"
" (PostgreSQL server executable) or initdb\n"));
printf(_(" -p PATH-TO-POSTGRES normally not necessary\n"));
printf(_("\nOptions for stop or restart:\n"));
printf(_(" -m, --mode=MODE MODE can be \"smart\", \"fast\", or \"immediate\"\n"));
printf(_("\nShutdown modes are:\n"));
printf(_(" smart quit after all clients have disconnected\n"));
printf(_(" fast quit directly, with proper shutdown (default)\n"));
printf(_(" immediate quit without complete shutdown; will lead to recovery on restart\n"));
printf(_("\nAllowed signal names for kill:\n"));
printf(" ABRT HUP INT KILL QUIT TERM USR1 USR2\n");
#ifdef WIN32
printf(_("\nOptions for register and unregister:\n"));
printf(_(" -N SERVICENAME service name with which to register PostgreSQL server\n"));
printf(_(" -P PASSWORD password of account to register PostgreSQL server\n"));
printf(_(" -U USERNAME user name of account to register PostgreSQL server\n"));
printf(_(" -S START-TYPE service start type to register PostgreSQL server\n"));
printf(_("\nStart types are:\n"));
printf(_(" auto start service automatically during system startup (default)\n"));
printf(_(" demand start service on demand\n"));
#endif
printf(_("\nReport bugs to <pgsql-bugs@lists.postgresql.org>.\n"));
}
static void
set_mode(char *modeopt)
{
if (strcmp(modeopt, "s") == 0 || strcmp(modeopt, "smart") == 0)
{
shutdown_mode = SMART_MODE;
sig = SIGTERM;
}
else if (strcmp(modeopt, "f") == 0 || strcmp(modeopt, "fast") == 0)
{
shutdown_mode = FAST_MODE;
sig = SIGINT;
}
else if (strcmp(modeopt, "i") == 0 || strcmp(modeopt, "immediate") == 0)
{
shutdown_mode = IMMEDIATE_MODE;
sig = SIGQUIT;
}
else
{
write_stderr(_("%s: unrecognized shutdown mode \"%s\"\n"), progname, modeopt);
do_advice();
exit(1);
}
}
static void
set_sig(char *signame)
{
if (strcmp(signame, "HUP") == 0)
sig = SIGHUP;
else if (strcmp(signame, "INT") == 0)
sig = SIGINT;
else if (strcmp(signame, "QUIT") == 0)
sig = SIGQUIT;
else if (strcmp(signame, "ABRT") == 0)
sig = SIGABRT;
else if (strcmp(signame, "KILL") == 0)
sig = SIGKILL;
else if (strcmp(signame, "TERM") == 0)
sig = SIGTERM;
else if (strcmp(signame, "USR1") == 0)
sig = SIGUSR1;
else if (strcmp(signame, "USR2") == 0)
sig = SIGUSR2;
else
{
write_stderr(_("%s: unrecognized signal name \"%s\"\n"), progname, signame);
do_advice();
exit(1);
}
}
#ifdef WIN32
static void
set_starttype(char *starttypeopt)
{
if (strcmp(starttypeopt, "a") == 0 || strcmp(starttypeopt, "auto") == 0)
pgctl_start_type = SERVICE_AUTO_START;
else if (strcmp(starttypeopt, "d") == 0 || strcmp(starttypeopt, "demand") == 0)
pgctl_start_type = SERVICE_DEMAND_START;
else
{
write_stderr(_("%s: unrecognized start type \"%s\"\n"), progname, starttypeopt);
do_advice();
exit(1);
}
}
#endif
/*
* adjust_data_dir
*
* If a configuration-only directory was specified, find the real data dir.
*/
static void
adjust_data_dir(void)
{
char cmd[MAXPGPATH],
filename[MAXPGPATH],
*my_exec_path;
FILE *fd;
/* do nothing if we're working without knowledge of data dir */
if (pg_config == NULL)
return;
/* If there is no postgresql.conf, it can't be a config-only dir */
snprintf(filename, sizeof(filename), "%s/postgresql.conf", pg_config);
if ((fd = fopen(filename, "r")) == NULL)
return;
fclose(fd);
/* If PG_VERSION exists, it can't be a config-only dir */
snprintf(filename, sizeof(filename), "%s/PG_VERSION", pg_config);
if ((fd = fopen(filename, "r")) != NULL)
{
fclose(fd);
return;
}
/* Must be a configuration directory, so find the data directory */
/* we use a private my_exec_path to avoid interfering with later uses */
if (exec_path == NULL)
my_exec_path = find_other_exec_or_die(argv0, "postgres", PG_BACKEND_VERSIONSTR);
else
my_exec_path = pg_strdup(exec_path);
/* it's important for -C to be the first option, see main.c */
snprintf(cmd, MAXPGPATH, "\"%s\" -C data_directory %s%s",
my_exec_path,
pgdata_opt ? pgdata_opt : "",
post_opts ? post_opts : "");
fd = popen(cmd, "r");
if (fd == NULL || fgets(filename, sizeof(filename), fd) == NULL)
{
write_stderr(_("%s: could not determine the data directory using command \"%s\"\n"), progname, cmd);
exit(1);
}
pclose(fd);
free(my_exec_path);
/* strip trailing newline and carriage return */
(void) pg_strip_crlf(filename);
free(pg_data);
pg_data = pg_strdup(filename);
canonicalize_path(pg_data);
}
static DBState
get_control_dbstate(void)
{
DBState ret;
bool crc_ok;
ControlFileData *control_file_data = get_controlfile(pg_data, &crc_ok);
if (!crc_ok)
{
write_stderr(_("%s: control file appears to be corrupt\n"), progname);
exit(1);
}
ret = control_file_data->state;
pfree(control_file_data);
return ret;
}
int
main(int argc, char **argv)
{
static struct option long_options[] = {
{"help", no_argument, NULL, '?'},
{"version", no_argument, NULL, 'V'},
{"log", required_argument, NULL, 'l'},
{"mode", required_argument, NULL, 'm'},
{"pgdata", required_argument, NULL, 'D'},
{"options", required_argument, NULL, 'o'},
{"silent", no_argument, NULL, 's'},
{"timeout", required_argument, NULL, 't'},
{"core-files", no_argument, NULL, 'c'},
{"wait", no_argument, NULL, 'w'},
{"no-wait", no_argument, NULL, 'W'},
{NULL, 0, NULL, 0}
};
char *env_wait;
int option_index;
int c;
pgpid_t killproc = 0;
pg_logging_init(argv[0]);
progname = get_progname(argv[0]);
set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pg_ctl"));
start_time = time(NULL);
/*
* save argv[0] so do_start() can look for the postmaster if necessary. we
* don't look for postmaster here because in many cases we won't need it.
*/
argv0 = argv[0];
/* Set restrictive mode mask until PGDATA permissions are checked */
umask(PG_MODE_MASK_OWNER);
/* support --help and --version even if invoked as root */
if (argc > 1)
{
if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
{
do_help();
exit(0);
}
else if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
{
puts("pg_ctl (PostgreSQL) " PG_VERSION);
exit(0);
}
}
/*
* Disallow running as root, to forestall any possible security holes.
*/
#ifndef WIN32
if (geteuid() == 0)
{
write_stderr(_("%s: cannot be run as root\n"
"Please log in (using, e.g., \"su\") as the "
"(unprivileged) user that will\n"
"own the server process.\n"),
progname);
exit(1);
}
#endif
env_wait = getenv("PGCTLTIMEOUT");
if (env_wait != NULL)
wait_seconds = atoi(env_wait);
/*
* 'Action' can be before or after args so loop over both. Some
* getopt_long() implementations will reorder argv[] to place all flags
* first (GNU?), but we don't rely on it. Our /port version doesn't do
* that.
*/
optind = 1;
/* process command-line options */
while (optind < argc)
{
while ((c = getopt_long(argc, argv, "cD:e:l:m:N:o:p:P:sS:t:U:wW",
long_options, &option_index)) != -1)
{
switch (c)
{
case 'D':
{
char *pgdata_D;
char *env_var;
pgdata_D = pg_strdup(optarg);
canonicalize_path(pgdata_D);
env_var = psprintf("PGDATA=%s", pgdata_D);
putenv(env_var);
/*
* We could pass PGDATA just in an environment
* variable but we do -D too for clearer postmaster
* 'ps' display
*/
pgdata_opt = psprintf("-D \"%s\" ", pgdata_D);
break;
}
case 'e':
event_source = pg_strdup(optarg);
break;
case 'l':
log_file = pg_strdup(optarg);
break;
case 'm':
set_mode(optarg);
break;
case 'N':
register_servicename = pg_strdup(optarg);
break;
case 'o':
/* append option? */
if (!post_opts)
post_opts = pg_strdup(optarg);
else
{
char *old_post_opts = post_opts;
post_opts = psprintf("%s %s", old_post_opts, optarg);
free(old_post_opts);
}
break;
case 'p':
exec_path = pg_strdup(optarg);
break;
case 'P':
register_password = pg_strdup(optarg);
break;
case 's':
silent_mode = true;
break;
case 'S':
#ifdef WIN32
set_starttype(optarg);
#else
write_stderr(_("%s: -S option not supported on this platform\n"),
progname);
exit(1);
#endif
break;
case 't':
wait_seconds = atoi(optarg);
wait_seconds_arg = true;
break;
case 'U':
if (strchr(optarg, '\\'))
register_username = pg_strdup(optarg);
else
/* Prepend .\ for local accounts */
register_username = psprintf(".\\%s", optarg);
break;
case 'w':
do_wait = true;
break;
case 'W':
do_wait = false;
break;
case 'c':
allow_core_files = true;
break;
default:
/* getopt_long already issued a suitable error message */
do_advice();
exit(1);
}
}
/* Process an action */
if (optind < argc)
{
if (ctl_command != NO_COMMAND)
{
write_stderr(_("%s: too many command-line arguments (first is \"%s\")\n"), progname, argv[optind]);
do_advice();
exit(1);
}
if (strcmp(argv[optind], "init") == 0
|| strcmp(argv[optind], "initdb") == 0)
ctl_command = INIT_COMMAND;
else if (strcmp(argv[optind], "start") == 0)
ctl_command = START_COMMAND;
else if (strcmp(argv[optind], "stop") == 0)
ctl_command = STOP_COMMAND;
else if (strcmp(argv[optind], "restart") == 0)
ctl_command = RESTART_COMMAND;
else if (strcmp(argv[optind], "reload") == 0)
ctl_command = RELOAD_COMMAND;
else if (strcmp(argv[optind], "status") == 0)
ctl_command = STATUS_COMMAND;
else if (strcmp(argv[optind], "promote") == 0)
ctl_command = PROMOTE_COMMAND;
else if (strcmp(argv[optind], "logrotate") == 0)
ctl_command = LOGROTATE_COMMAND;
else if (strcmp(argv[optind], "kill") == 0)
{
if (argc - optind < 3)
{
write_stderr(_("%s: missing arguments for kill mode\n"), progname);
do_advice();
exit(1);
}
ctl_command = KILL_COMMAND;
set_sig(argv[++optind]);
killproc = atol(argv[++optind]);
}
#ifdef WIN32
else if (strcmp(argv[optind], "register") == 0)
ctl_command = REGISTER_COMMAND;
else if (strcmp(argv[optind], "unregister") == 0)
ctl_command = UNREGISTER_COMMAND;
else if (strcmp(argv[optind], "runservice") == 0)
ctl_command = RUN_AS_SERVICE_COMMAND;
#endif
else
{
write_stderr(_("%s: unrecognized operation mode \"%s\"\n"), progname, argv[optind]);
do_advice();
exit(1);
}
optind++;
}
}
if (ctl_command == NO_COMMAND)
{
write_stderr(_("%s: no operation specified\n"), progname);
do_advice();
exit(1);
}
/* Note we put any -D switch into the env var above */
pg_config = getenv("PGDATA");
if (pg_config)
{
pg_config = pg_strdup(pg_config);
canonicalize_path(pg_config);
pg_data = pg_strdup(pg_config);
}
/* -D might point at config-only directory; if so find the real PGDATA */
adjust_data_dir();
/* Complain if -D needed and not provided */
if (pg_config == NULL &&
ctl_command != KILL_COMMAND && ctl_command != UNREGISTER_COMMAND)
{
write_stderr(_("%s: no database directory specified and environment variable PGDATA unset\n"),
progname);
do_advice();
exit(1);
}
if (ctl_command == RELOAD_COMMAND)
{
sig = SIGHUP;
do_wait = false;
}
if (pg_data)
{
snprintf(postopts_file, MAXPGPATH, "%s/postmaster.opts", pg_data);
snprintf(version_file, MAXPGPATH, "%s/PG_VERSION", pg_data);
snprintf(pid_file, MAXPGPATH, "%s/postmaster.pid", pg_data);
snprintf(backup_file, MAXPGPATH, "%s/backup_label", pg_data);
/*
* Set mask based on PGDATA permissions,
*
* Don't error here if the data directory cannot be stat'd. This is
* handled differently based on the command and we don't want to
* interfere with that logic.
*/
if (GetDataDirectoryCreatePerm(pg_data))
umask(pg_mode_mask);
}
switch (ctl_command)
{
case INIT_COMMAND:
do_init();
break;
case STATUS_COMMAND:
do_status();
break;
case START_COMMAND:
do_start();
break;
case STOP_COMMAND:
do_stop();
break;
case RESTART_COMMAND:
do_restart();
break;
case RELOAD_COMMAND:
do_reload();
break;
case PROMOTE_COMMAND:
do_promote();
break;
case LOGROTATE_COMMAND:
do_logrotate();
break;
case KILL_COMMAND:
do_kill(killproc);
break;
#ifdef WIN32
case REGISTER_COMMAND:
pgwin32_doRegister();
break;
case UNREGISTER_COMMAND:
pgwin32_doUnregister();
break;
case RUN_AS_SERVICE_COMMAND:
pgwin32_doRunAsService();
break;
#endif
default:
break;
}
exit(0);
}
Reference in New Issue View Git Blame Copy Permalink