1 /*-------------------------------------------------------------------------
4 * This program acts as a clearing house for requests to the
5 * POSTGRES system. Frontend programs send a startup message
6 * to the Postmaster and the postmaster uses the info in the
7 * message to setup a backend process.
9 * The postmaster also manages system-wide operations such as
10 * startup, shutdown, and periodic checkpoints. The postmaster
11 * itself doesn't do those operations, mind you --- it just forks
12 * off a subprocess to do them at the right times. It also takes
13 * care of resetting the system if a backend crashes.
15 * The postmaster process creates the shared memory and semaphore
16 * pools during startup, but as a rule does not touch them itself.
17 * In particular, it is not a member of the PROC array of backends
18 * and so it cannot participate in lock-manager operations. Keeping
19 * the postmaster away from shared memory operations makes it simpler
20 * and more reliable. The postmaster is almost always able to recover
21 * from crashes of individual backends by resetting shared memory;
22 * if it did much with shared memory then it would be prone to crashing
23 * along with the backends.
25 * When a request message is received, we now fork() immediately.
26 * The child process performs authentication of the request, and
27 * then becomes a backend if successful. This allows the auth code
28 * to be written in a simple single-threaded style (as opposed to the
29 * crufty "poor man's multitasking" code that used to be needed).
30 * More importantly, it ensures that blockages in non-multithreaded
31 * libraries like SSL or PAM cannot cause denial of service to other
35 * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
36 * Portions Copyright (c) 1994, Regents of the University of California
40 * $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.268 2002/03/02 20:46:12 tgl Exp $
45 * The Postmaster sets up a few shared memory data structures
46 * for the backends. It should at the very least initialize the
50 * The Postmaster shares memory with the backends but should avoid
51 * touching shared memory, so as not to become stuck if a crashing
52 * backend screws up locks or shared memory. Likewise, the Postmaster
53 * should never block on messages from frontend clients.
56 * The Postmaster cleans up after backends if they have an emergency
57 * exit and/or core dump.
59 *-------------------------------------------------------------------------
68 #include <sys/types.h>
71 #include <sys/socket.h>
75 #include <sys/param.h>
76 #include <netinet/in.h>
77 #include <arpa/inet.h>
81 #ifdef HAVE_SYS_SELECT_H
82 #include <sys/select.h>
89 #include "catalog/pg_database.h"
90 #include "commands/async.h"
91 #include "lib/dllist.h"
92 #include "libpq/auth.h"
93 #include "libpq/crypt.h"
94 #include "libpq/libpq.h"
95 #include "libpq/pqcomm.h"
96 #include "libpq/pqsignal.h"
97 #include "miscadmin.h"
98 #include "nodes/nodes.h"
99 #include "storage/fd.h"
100 #include "storage/ipc.h"
101 #include "storage/pmsignal.h"
102 #include "storage/proc.h"
103 #include "access/xlog.h"
104 #include "tcop/tcopprot.h"
105 #include "utils/exc.h"
106 #include "utils/guc.h"
107 #include "utils/memutils.h"
108 #include "utils/ps_status.h"
109 #include "bootstrap/bootstrap.h"
113 #define INVALID_SOCK (-1)
116 #ifdef HAVE_SIGPROCMASK
128 * List of active backends (or child processes anyway; we don't actually
129 * know whether a given child has become a backend or is still in the
130 * authorization phase). This is used mainly to keep track of how many
131 * children we have and send them appropriate signals when necessary.
135 pid_t pid; /* process id of backend */
136 long cancel_key; /* cancel key for cancels for this backend */
139 static Dllist *BackendList;
141 /* The socket number we are listening for connections on */
147 * MaxBackends is the limit on the number of backends we can start.
148 * The default is established by configure, but it can be altered at
149 * postmaster start with the postmaster's -N switch. Note
150 * that a larger MaxBackends value will increase the size of the shared
151 * memory area as well as cause the postmaster to grab more kernel
152 * semaphores, even if you never actually use that many backends.
154 int MaxBackends = DEF_MAXBACKENDS;
157 static char *progname = (char *) NULL;
162 static int ServerSock_INET = INVALID_SOCK; /* stream socket server */
164 #ifdef HAVE_UNIX_SOCKETS
165 static int ServerSock_UNIX = INVALID_SOCK; /* stream socket server */
169 static SSL_CTX *SSL_context = NULL; /* Global SSL context */
173 * Set by the -o option
175 static char ExtraOptions[MAXPGPATH];
178 * These globals control the behavior of the postmaster in case some
179 * backend dumps core. Normally, it kills all peers of the dead backend
180 * and reinitializes shared memory. By specifying -s or -n, we can have
181 * the postmaster stop (rather than kill) peers and not reinitialize
182 * shared data structures.
184 static bool Reinit = true;
185 static int SendStop = false;
187 /* still more option variables */
188 bool NetServer = false; /* listen on TCP/IP */
189 bool EnableSSL = false;
190 bool SilentMode = false; /* silent mode (-S) */
192 int PreAuthDelay = 0;
193 int AuthenticationTimeout = 60;
194 int CheckPointTimeout = 300;
196 bool HostnameLookup; /* for ps display */
198 bool Log_connections = false;
200 /* Startup/shutdown state */
201 static pid_t StartupPID = 0,
204 static time_t checkpointed = 0;
207 #define SmartShutdown 1
208 #define FastShutdown 2
210 static int Shutdown = NoShutdown;
212 static bool FatalError = false; /* T if recovering from backend crash */
215 * State for assigning random salts and cancel keys.
216 * Also, the global MyCancelKey passes the cancel key assigned to a given
217 * backend from the postmaster to that backend (via fork).
220 static unsigned int random_seed = 0;
226 #ifdef HAVE_INT_OPTRESET
231 * postmaster.c - function prototypes
233 static void pmdaemonize(int argc, char *argv[]);
234 static Port *ConnCreate(int serverFd);
235 static void ConnFree(Port *port);
236 static void reset_shared(unsigned short port);
237 static void SIGHUP_handler(SIGNAL_ARGS);
238 static void pmdie(SIGNAL_ARGS);
239 static void reaper(SIGNAL_ARGS);
240 static void sigusr1_handler(SIGNAL_ARGS);
241 static void dummy_handler(SIGNAL_ARGS);
242 static void CleanupProc(int pid, int exitstatus);
243 static void LogChildExit(const char *procname, int pid, int exitstatus);
244 static int DoBackend(Port *port);
245 static void ExitPostmaster(int status);
246 static void usage(const char *);
247 static int ServerLoop(void);
248 static int BackendStartup(Port *port);
249 static int ProcessStartupPacket(Port *port, bool SSLdone);
250 static void processCancelRequest(Port *port, void *pkt);
251 static int initMasks(fd_set *rmask, fd_set *wmask);
252 static void report_fork_failure_to_client(Port *port, int errnum);
255 CAC_OK, CAC_STARTUP, CAC_SHUTDOWN, CAC_RECOVERY, CAC_TOOMANY
257 static enum CAC_state canAcceptConnections(void);
258 static long PostmasterRandom(void);
259 static void RandomSalt(char *cryptSalt, char *md5Salt);
260 static void SignalChildren(int signal);
261 static int CountChildren(void);
262 static bool CreateOptsFile(int argc, char *argv[]);
263 static pid_t SSDataBase(int xlop);
265 postmaster_error(const char *fmt,...)
266 /* This lets gcc check the format string for consistency. */
267 __attribute__((format(printf, 1, 2)));
269 #define StartupDataBase() SSDataBase(BS_XLOG_STARTUP)
270 #define CheckPointDataBase() SSDataBase(BS_XLOG_CHECKPOINT)
271 #define ShutdownDataBase() SSDataBase(BS_XLOG_SHUTDOWN)
274 static void InitSSL(void);
275 static const char *SSLerrmessage(void);
280 checkDataDir(const char *checkdir)
282 char path[MAXPGPATH];
285 struct stat stat_buf;
288 if (checkdir == NULL)
290 fprintf(stderr, gettext(
291 "%s does not know where to find the database system data.\n"
292 "You must specify the directory that contains the database system\n"
293 "either by specifying the -D invocation option or by setting the\n"
294 "PGDATA environment variable.\n\n"),
300 * Check if the directory has group or world access. If so, reject.
302 * XXX temporarily suppress check when on Windows, because there may
303 * not be proper support for Unix-y file permissions. Need to think
304 * of a reasonable check to apply on Windows.
308 if (stat(checkdir, &stat_buf) == -1)
311 elog(FATAL, "data directory %s was not found", checkdir);
313 elog(FATAL, "could not read permissions of directory %s: %m",
317 if (stat_buf.st_mode & (S_IRWXG | S_IRWXO))
318 elog(FATAL, "data directory %s has group or world access; permissions should be u=rwx (0700)",
321 #endif /* !__CYGWIN__ */
323 /* Look for PG_VERSION before looking for pg_control */
324 ValidatePgVersion(checkdir);
326 snprintf(path, sizeof(path), "%s/global/pg_control", checkdir);
328 fp = AllocateFile(path, PG_BINARY_R);
331 fprintf(stderr, gettext(
332 "%s does not find the database system.\n"
333 "Expected to find it in the PGDATA directory \"%s\",\n"
334 "but unable to open file \"%s\": %s\n\n"),
335 progname, checkdir, path, strerror(errno));
343 PostmasterMain(int argc, char *argv[])
347 char original_extraoptions[MAXPGPATH];
348 char *potential_DataDir = NULL;
350 *original_extraoptions = '\0';
355 * Catch standard options before doing much else. This even works on
356 * systems without getopt_long.
360 if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
365 if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
367 puts("postmaster (PostgreSQL) " PG_VERSION);
373 * for security, no dir or file created can be group or other
376 umask((mode_t) 0077);
378 MyProcPid = getpid();
381 * Fire up essential subsystems: error and memory management
383 EnableExceptionHandling(true);
387 * By default, palloc() requests in the postmaster will be allocated
388 * in the PostmasterContext, which is space that can be recycled by
389 * backends. Allocated data that needs to be available to backends
390 * should be allocated in TopMemoryContext.
392 PostmasterContext = AllocSetContextCreate(TopMemoryContext,
394 ALLOCSET_DEFAULT_MINSIZE,
395 ALLOCSET_DEFAULT_INITSIZE,
396 ALLOCSET_DEFAULT_MAXSIZE);
397 MemoryContextSwitchTo(PostmasterContext);
399 IgnoreSystemIndexes(false);
404 ResetAllOptions(true);
406 /* PGPORT environment variable, if set, overrides GUC setting */
407 if (getenv("PGPORT"))
408 SetConfigOption("port", getenv("PGPORT"),
409 PGC_POSTMASTER, PGC_S_ARGV/*sortof*/);
411 potential_DataDir = getenv("PGDATA"); /* default value */
415 while ((opt = getopt(argc, argv, "A:a:B:b:c:D:d:Fh:ik:lm:MN:no:p:Ss-:")) != -1)
420 #ifdef USE_ASSERT_CHECKING
421 SetConfigOption("debug_assertions", optarg, PGC_POSTMASTER, PGC_S_ARGV);
423 postmaster_error("Assert checking is not compiled in.");
427 /* Can no longer set authentication method. */
430 SetConfigOption("shared_buffers", optarg, PGC_POSTMASTER, PGC_S_ARGV);
433 /* Can no longer set the backend executable file to use. */
436 potential_DataDir = optarg;
441 * Turn on debugging for the postmaster and the backend
442 * servers descended from it.
444 SetConfigOption("debug_level", optarg, PGC_POSTMASTER, PGC_S_ARGV);
447 SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV);
450 SetConfigOption("virtual_host", optarg, PGC_POSTMASTER, PGC_S_ARGV);
453 SetConfigOption("tcpip_socket", "true", PGC_POSTMASTER, PGC_S_ARGV);
456 SetConfigOption("unix_socket_directory", optarg, PGC_POSTMASTER, PGC_S_ARGV);
460 SetConfigOption("ssl", "true", PGC_POSTMASTER, PGC_S_ARGV);
464 /* Multiplexed backends no longer supported. */
469 * ignore this flag. This may be passed in because the
470 * program was run as 'postgres -M' instead of
475 /* The max number of backends to start. */
476 SetConfigOption("max_connections", optarg, PGC_POSTMASTER, PGC_S_ARGV);
479 /* Don't reinit shared mem after abnormal exit */
485 * Other options to pass to the backend on the command
486 * line -- useful only for debugging.
488 strcat(ExtraOptions, " ");
489 strcat(ExtraOptions, optarg);
490 strcpy(original_extraoptions, optarg);
493 SetConfigOption("port", optarg, PGC_POSTMASTER, PGC_S_ARGV);
498 * Start in 'S'ilent mode (disassociate from controlling
499 * tty). You may also think of this as 'S'ysV mode since
500 * it's most badly needed on SysV-derived systems like
503 SetConfigOption("silent_mode", "true", PGC_POSTMASTER, PGC_S_ARGV);
508 * In the event that some backend dumps core, send
509 * SIGSTOP, rather than SIGQUIT, to all its peers. This
510 * lets the wily post_hacker collect core dumps from
521 ParseLongOption(optarg, &name, &value);
525 elog(ERROR, "--%s requires argument", optarg);
527 elog(ERROR, "-c %s requires argument", optarg);
530 SetConfigOption(name, value, PGC_POSTMASTER, PGC_S_ARGV);
538 fprintf(stderr, gettext("Try '%s --help' for more information.\n"), progname);
544 * Postmaster accepts no non-option switch arguments.
548 postmaster_error("invalid argument -- %s", argv[optind]);
549 fprintf(stderr, gettext("Try '%s --help' for more information.\n"),
555 * Check for invalid combinations of switches
557 if (NBuffers < 2 * MaxBackends || NBuffers < 16)
560 * Do not accept -B so small that backends are likely to starve
561 * for lack of buffers. The specific choices here are somewhat
564 postmaster_error("The number of buffers (-B) must be at least twice the number of allowed connections (-N) and at least 16.");
568 checkDataDir(potential_DataDir); /* issues error messages */
569 SetDataDir(potential_DataDir);
571 ProcessConfigFile(PGC_POSTMASTER);
574 * Now that we are done processing the postmaster arguments, reset
575 * getopt(3) library so that it will work correctly in subprocesses.
578 #ifdef HAVE_INT_OPTRESET
579 optreset = 1; /* some systems need this too */
582 /* For debugging: display postmaster environment */
585 extern char **environ;
588 fprintf(stderr, "%s: PostmasterMain: initial environ dump:\n",
590 fprintf(stderr, "-----------------------------------------\n");
591 for (p = environ; *p; ++p)
592 fprintf(stderr, "\t%s\n", *p);
593 fprintf(stderr, "-----------------------------------------\n");
597 * On some systems our dynloader code needs the executable's pathname.
599 if (FindExec(pg_pathname, progname, "postgres") < 0)
600 elog(FATAL, "%s: could not locate executable, bailing out...",
604 * Initialize SSL library, if specified.
607 if (EnableSSL && !NetServer)
609 postmaster_error("For SSL, TCP/IP connections must be enabled.");
610 fprintf(stderr, gettext("Try '%s --help' for more information.\n"), progname);
618 * Fork away from controlling terminal, if -S specified.
620 * Must do this before we grab any interlock files, else the interlocks
621 * will show the wrong PID.
624 pmdaemonize(argc, argv);
627 * Create lockfile for data directory.
629 * We want to do this before we try to grab the input sockets, because
630 * the data directory interlock is more reliable than the socket-file
631 * interlock (thanks to whoever decided to put socket files in /tmp
632 * :-(). For the same reason, it's best to grab the TCP socket before
635 if (!CreateDataDirLockFile(DataDir, true))
639 * Remove old temporary files. At this point there can be no other
640 * Postgres processes running in this directory, so this should be
646 * Establish input sockets.
650 status = StreamServerPort(AF_INET, VirtualHost,
651 (unsigned short) PostPortNumber,
654 if (status != STATUS_OK)
656 postmaster_error("cannot create INET stream port");
661 #ifdef HAVE_UNIX_SOCKETS
662 status = StreamServerPort(AF_UNIX, VirtualHost,
663 (unsigned short) PostPortNumber,
666 if (status != STATUS_OK)
668 postmaster_error("cannot create UNIX stream port");
676 * Set up shared memory and semaphores.
678 reset_shared(PostPortNumber);
681 * Initialize the list of active backends.
683 BackendList = DLNewList();
686 * Record postmaster options. We delay this till now to avoid
687 * recording bogus options (eg, NBuffers too high for available
690 if (!CreateOptsFile(argc, argv))
694 * Set up signal handlers for the postmaster process.
696 * CAUTION: when changing this list, check for side-effects on the
697 * signal handling setup of child processes. See tcop/postgres.c,
698 * bootstrap/bootstrap.c, and postmaster/pgstat.c.
701 PG_SETMASK(&BlockSig);
703 pqsignal(SIGHUP, SIGHUP_handler); /* reread config file and have
704 * children do same */
705 pqsignal(SIGINT, pmdie); /* send SIGTERM and ShutdownDataBase */
706 pqsignal(SIGQUIT, pmdie); /* send SIGQUIT and die */
707 pqsignal(SIGTERM, pmdie); /* wait for children and ShutdownDataBase */
708 pqsignal(SIGALRM, SIG_IGN); /* ignored */
709 pqsignal(SIGPIPE, SIG_IGN); /* ignored */
710 pqsignal(SIGUSR1, sigusr1_handler); /* message from child process */
711 pqsignal(SIGUSR2, dummy_handler); /* unused, reserve for children */
712 pqsignal(SIGCHLD, reaper); /* handle child termination */
713 pqsignal(SIGTTIN, SIG_IGN); /* ignored */
714 pqsignal(SIGTTOU, SIG_IGN); /* ignored */
717 * Reset whereToSendOutput from Debug (its starting state) to None.
718 * This prevents elog from sending messages to stderr unless the
719 * syslog/stderr switch permits. We don't do this until the
720 * postmaster is fully launched, since startup failures may as well be
721 * reported to stderr.
723 whereToSendOutput = None;
726 * On many platforms, the first call of localtime() incurs significant
727 * overhead to load timezone info from the system configuration files.
728 * By doing it once in the postmaster, we avoid having to do it in every
729 * started child process. The savings are not huge, but they add up...
732 time_t now = time(NULL);
734 (void) localtime(&now);
738 * Initialize and startup the statistics collector process
740 if (pgstat_init() < 0)
742 if (pgstat_start() < 0)
746 * Load cached files for client authentication.
748 load_hba_and_ident();
749 load_password_cache();
752 * We're ready to rock and roll...
754 StartupPID = StartupDataBase();
756 status = ServerLoop();
759 * ServerLoop probably shouldn't ever return, but if it does, close
762 ExitPostmaster(status != STATUS_OK);
764 return 0; /* not reached */
768 pmdaemonize(int argc, char *argv[])
773 struct itimerval prof_itimer;
777 /* see comments in BackendStartup */
778 getitimer(ITIMER_PROF, &prof_itimer);
782 if (pid == (pid_t) -1)
784 postmaster_error("fork failed: %s", strerror(errno));
786 return; /* not reached */
790 /* Parent should just exit, without doing any atexit cleanup */
795 setitimer(ITIMER_PROF, &prof_itimer, NULL);
798 MyProcPid = getpid(); /* reset MyProcPid to child */
800 /* GH: If there's no setsid(), we hopefully don't need silent mode.
801 * Until there's a better solution.
806 postmaster_error("cannot disassociate from controlling TTY: %s",
811 i = open(NULL_DEV, O_RDWR | PG_BINARY);
821 * Print out help message
824 usage(const char *progname)
826 printf(gettext("%s is the PostgreSQL server.\n\n"), progname);
827 printf(gettext("Usage:\n %s [options...]\n\n"), progname);
828 printf(gettext("Options:\n"));
829 #ifdef USE_ASSERT_CHECKING
830 printf(gettext(" -A 1|0 enable/disable run-time assert checking\n"));
832 printf(gettext(" -B NBUFFERS number of shared buffers (default %d)\n"), DEF_NBUFFERS);
833 printf(gettext(" -c NAME=VALUE set run-time parameter\n"));
834 printf(gettext(" -d 1-5 debugging level\n"));
835 printf(gettext(" -D DATADIR database directory\n"));
836 printf(gettext(" -F turn fsync off\n"));
837 printf(gettext(" -h HOSTNAME host name or IP address to listen on\n"));
838 printf(gettext(" -i enable TCP/IP connections\n"));
839 printf(gettext(" -k DIRECTORY Unix-domain socket location\n"));
841 printf(gettext(" -l enable SSL connections\n"));
843 printf(gettext(" -N MAX-CONNECT maximum number of allowed connections (default %d)\n"),
845 printf(gettext(" -o OPTIONS pass 'OPTIONS' to each backend server\n"));
846 printf(gettext(" -p PORT port number to listen on (default %d)\n"), DEF_PGPORT);
847 printf(gettext(" -S silent mode (start in background without logging output)\n"));
849 printf(gettext("\nDeveloper options:\n"));
850 printf(gettext(" -n do not reinitialize shared memory after abnormal exit\n"));
851 printf(gettext(" -s send SIGSTOP to all backend servers if one dies\n"));
853 printf(gettext("\nPlease read the documentation for the complete list of run-time\n"
854 "configuration settings and how to set them on the command line or in\n"
855 "the configuration file.\n\n"
856 "Report bugs to <pgsql-bugs@postgresql.org>.\n"));
869 gettimeofday(&now, &tz);
871 nSockets = initMasks(&readmask, &writemask);
878 struct timeval timeout;
881 * The timeout for the select() below is normally set on the basis
882 * of the time to the next checkpoint. However, if for some
883 * reason we don't have a next-checkpoint time, time out after 60
884 * seconds. This keeps checkpoint scheduling from locking up when
885 * we get new connection requests infrequently (since we are
886 * likely to detect checkpoint completion just after enabling
887 * signals below, after we've already made the decision about how
888 * long to wait this time).
893 if (CheckPointPID == 0 && checkpointed &&
894 Shutdown == NoShutdown && !FatalError && random_seed != 0)
896 time_t now = time(NULL);
898 if (CheckPointTimeout + checkpointed > now)
901 * Not time for checkpoint yet, so set select timeout
903 timeout.tv_sec = CheckPointTimeout + checkpointed - now;
907 /* Time to make the checkpoint... */
908 CheckPointPID = CheckPointDataBase();
911 * if fork failed, schedule another try at 0.1 normal
914 if (CheckPointPID == 0)
916 timeout.tv_sec = CheckPointTimeout / 10;
917 checkpointed = now + timeout.tv_sec - CheckPointTimeout;
923 * Wait for something to happen.
925 memcpy((char *) &rmask, (char *) &readmask, sizeof(fd_set));
926 memcpy((char *) &wmask, (char *) &writemask, sizeof(fd_set));
928 PG_SETMASK(&UnBlockSig);
930 if (select(nSockets, &rmask, &wmask, (fd_set *) NULL, &timeout) < 0)
932 PG_SETMASK(&BlockSig);
933 if (errno == EINTR || errno == EWOULDBLOCK)
935 elog(DEBUG, "ServerLoop: select failed: %m");
940 * Block all signals until we wait again. (This makes it safe for
941 * our signal handlers to do nontrivial work.)
943 PG_SETMASK(&BlockSig);
946 * Select a random seed at the time of first receiving a request.
948 while (random_seed == 0)
950 gettimeofday(&later, &tz);
953 * We are not sure how much precision is in tv_usec, so we
954 * swap the nibbles of 'later' and XOR them with 'now'. On the
955 * off chance that the result is 0, we loop until it isn't.
957 random_seed = now.tv_usec ^
958 ((later.tv_usec << 16) |
959 ((later.tv_usec >> 16) & 0xffff));
963 * New connection pending on our well-known port's socket? If so,
964 * fork a child process to deal with it.
967 #ifdef HAVE_UNIX_SOCKETS
968 if (ServerSock_UNIX != INVALID_SOCK
969 && FD_ISSET(ServerSock_UNIX, &rmask))
971 port = ConnCreate(ServerSock_UNIX);
974 BackendStartup(port);
977 * We no longer need the open socket or port structure in
980 StreamClose(port->sock);
986 if (ServerSock_INET != INVALID_SOCK
987 && FD_ISSET(ServerSock_INET, &rmask))
989 port = ConnCreate(ServerSock_INET);
992 BackendStartup(port);
995 * We no longer need the open socket or port structure in
998 StreamClose(port->sock);
1007 * Initialise the read and write masks for select() for the well-known ports
1008 * we are listening on. Return the number of sockets to listen on.
1012 initMasks(fd_set *rmask, fd_set *wmask)
1019 #ifdef HAVE_UNIX_SOCKETS
1020 if (ServerSock_UNIX != INVALID_SOCK)
1022 FD_SET(ServerSock_UNIX, rmask);
1024 if (ServerSock_UNIX > nsocks)
1025 nsocks = ServerSock_UNIX;
1029 if (ServerSock_INET != INVALID_SOCK)
1031 FD_SET(ServerSock_INET, rmask);
1032 if (ServerSock_INET > nsocks)
1033 nsocks = ServerSock_INET;
1041 * Read the startup packet and do something according to it.
1043 * Returns STATUS_OK or STATUS_ERROR, or might call elog(FATAL) and
1044 * not return at all.
1046 * (Note that elog(FATAL) stuff is sent to the client, so only use it
1047 * if that's what you want. Return STATUS_ERROR if you don't want to
1048 * send anything to the client, which would typically be appropriate
1049 * if we detect a communications failure.)
1052 ProcessStartupPacket(Port *port, bool SSLdone)
1054 StartupPacket *packet;
1059 if (pq_getbytes((char *) &len, 4) == EOF)
1061 elog(DEBUG, "incomplete startup packet");
1062 return STATUS_ERROR;
1068 if (len < sizeof(len) || len > sizeof(len) + sizeof(StartupPacket))
1069 elog(FATAL, "invalid length of startup packet");
1073 if (pq_getbytes(buf, len) == EOF)
1075 elog(DEBUG, "incomplete startup packet");
1076 return STATUS_ERROR;
1082 * The first field is either a protocol version number or a special
1085 port->proto = ntohl(packet->protoVersion);
1087 if (port->proto == CANCEL_REQUEST_CODE)
1089 processCancelRequest(port, packet);
1090 return 127; /* XXX */
1093 if (port->proto == NEGOTIATE_SSL_CODE && !SSLdone)
1098 /* No SSL when disabled or on Unix sockets */
1099 if (!EnableSSL || port->laddr.sa.sa_family != AF_INET)
1102 SSLok = 'S'; /* Support for SSL */
1104 SSLok = 'N'; /* No support for SSL */
1106 if (send(port->sock, &SSLok, 1, 0) != 1)
1108 elog(DEBUG, "failed to send SSL negotiation response: %s",
1110 return STATUS_ERROR; /* close the connection */
1116 if (!(port->ssl = SSL_new(SSL_context)) ||
1117 !SSL_set_fd(port->ssl, port->sock) ||
1118 SSL_accept(port->ssl) <= 0)
1120 elog(DEBUG, "failed to initialize SSL connection: %s (%m)",
1122 return STATUS_ERROR;
1126 /* regular startup packet, cancel, etc packet should follow... */
1127 /* but not another SSL negotiation request */
1128 return ProcessStartupPacket(port, true);
1131 /* Could add additional special packet types here */
1134 /* Check we can handle the protocol the frontend is using. */
1136 if (PG_PROTOCOL_MAJOR(port->proto) < PG_PROTOCOL_MAJOR(PG_PROTOCOL_EARLIEST) ||
1137 PG_PROTOCOL_MAJOR(port->proto) > PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST) ||
1138 (PG_PROTOCOL_MAJOR(port->proto) == PG_PROTOCOL_MAJOR(PG_PROTOCOL_LATEST) &&
1139 PG_PROTOCOL_MINOR(port->proto) > PG_PROTOCOL_MINOR(PG_PROTOCOL_LATEST)))
1140 elog(FATAL, "unsupported frontend protocol");
1143 * Get the parameters from the startup packet as C strings. The
1144 * packet destination was cleared first so a short packet has zeros
1145 * silently added and a long packet is silently truncated.
1147 StrNCpy(port->database, packet->database, sizeof(port->database));
1148 StrNCpy(port->user, packet->user, sizeof(port->user));
1149 StrNCpy(port->options, packet->options, sizeof(port->options));
1150 StrNCpy(port->tty, packet->tty, sizeof(port->tty));
1152 /* The database defaults to the user name. */
1153 if (port->database[0] == '\0')
1154 StrNCpy(port->database, packet->user, sizeof(port->database));
1157 * Truncate given database and user names to length of a Postgres
1158 * name. This avoids lookup failures when overlength names are given.
1160 if ((int) sizeof(port->database) >= NAMEDATALEN)
1161 port->database[NAMEDATALEN - 1] = '\0';
1162 if ((int) sizeof(port->user) >= NAMEDATALEN)
1163 port->user[NAMEDATALEN - 1] = '\0';
1165 /* Check a user name was given. */
1166 if (port->user[0] == '\0')
1167 elog(FATAL, "no PostgreSQL user name specified in startup packet");
1170 * If we're going to reject the connection due to database state, say
1171 * so now instead of wasting cycles on an authentication exchange.
1172 * (This also allows a pg_ping utility to be written.)
1174 cac = canAcceptConnections();
1179 elog(FATAL, "The database system is starting up");
1182 elog(FATAL, "The database system is shutting down");
1185 elog(FATAL, "The database system is in recovery mode");
1188 elog(FATAL, "Sorry, too many clients already");
1200 * The client has sent a cancel request packet, not a normal
1201 * start-a-new-connection packet. Perform the necessary processing.
1202 * Nothing is sent back to the client.
1205 processCancelRequest(Port *port, void *pkt)
1207 CancelRequestPacket *canc = (CancelRequestPacket *) pkt;
1209 long cancelAuthCode;
1213 backendPID = (int) ntohl(canc->backendPID);
1214 cancelAuthCode = (long) ntohl(canc->cancelAuthCode);
1216 if (backendPID == CheckPointPID)
1219 elog(DEBUG, "processCancelRequest: CheckPointPID in cancel request for process %d", backendPID);
1223 /* See if we have a matching backend */
1225 for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
1227 bp = (Backend *) DLE_VAL(curr);
1228 if (bp->pid == backendPID)
1230 if (bp->cancel_key == cancelAuthCode)
1232 /* Found a match; signal that backend to cancel current op */
1234 elog(DEBUG, "processing cancel request: sending SIGINT to process %d",
1236 kill(bp->pid, SIGINT);
1240 /* Right PID, wrong key: no way, Jose */
1242 elog(DEBUG, "bad key in cancel request for process %d",
1249 /* No matching backend */
1251 elog(DEBUG, "bad pid in cancel request for process %d", backendPID);
1255 * canAcceptConnections --- check to see if database state allows connections.
1257 static enum CAC_state
1258 canAcceptConnections(void)
1260 /* Can't start backends when in startup/shutdown/recovery state. */
1261 if (Shutdown > NoShutdown)
1262 return CAC_SHUTDOWN;
1266 return CAC_RECOVERY;
1269 * Don't start too many children.
1271 * We allow more connections than we can have backends here because some
1272 * might still be authenticating; they might fail auth, or some
1273 * existing backend might exit before the auth cycle is completed. The
1274 * exact MaxBackends limit is enforced when a new backend tries to
1275 * join the shared-inval backend array.
1277 if (CountChildren() >= 2 * MaxBackends)
1285 * ConnCreate -- create a local connection data structure
1288 ConnCreate(int serverFd)
1292 if (!(port = (Port *) calloc(1, sizeof(Port))))
1294 elog(DEBUG, "ConnCreate: malloc failed");
1295 SignalChildren(SIGQUIT);
1299 if (StreamConnection(serverFd, port) != STATUS_OK)
1301 StreamClose(port->sock);
1308 * Precompute password salt values to use for this connection.
1309 * It's slightly annoying to do this long in advance of knowing
1310 * whether we'll need 'em or not, but we must do the random()
1311 * calls before we fork, not after. Else the postmaster's random
1312 * sequence won't get advanced, and all backends would end up
1313 * using the same salt...
1315 RandomSalt(port->cryptSalt, port->md5Salt);
1323 * ConnFree -- free a local connection data structure
1326 ConnFree(Port *conn)
1330 SSL_free(conn->ssl);
1337 * ClosePostmasterPorts -- close all the postmaster's open sockets
1339 * This is called during child process startup to release file descriptors
1340 * that are not needed by that child process. The postmaster still has
1341 * them open, of course.
1344 ClosePostmasterPorts(bool pgstat_too)
1346 /* Close the listen sockets */
1348 StreamClose(ServerSock_INET);
1349 ServerSock_INET = INVALID_SOCK;
1350 #ifdef HAVE_UNIX_SOCKETS
1351 StreamClose(ServerSock_UNIX);
1352 ServerSock_UNIX = INVALID_SOCK;
1354 /* Close pgstat control sockets, unless we're starting pgstat itself */
1356 pgstat_close_sockets();
1361 * reset_shared -- reset shared memory and semaphores
1364 reset_shared(unsigned short port)
1367 * Reset assignment of shared mem and semaphore IPC keys. Doing this
1368 * means that in normal cases we'll assign the same keys on each
1369 * "cycle of life", and thereby avoid leaving dead IPC objects
1370 * floating around if the postmaster crashes and is restarted.
1372 IpcInitKeyAssignment(port);
1375 * Create or re-create shared memory and semaphores.
1377 CreateSharedMemoryAndSemaphores(false, MaxBackends);
1382 * SIGHUP -- reread config files, and tell children to do same
1385 SIGHUP_handler(SIGNAL_ARGS)
1387 int save_errno = errno;
1389 PG_SETMASK(&BlockSig);
1391 if (Shutdown <= SmartShutdown)
1393 SignalChildren(SIGHUP);
1394 ProcessConfigFile(PGC_SIGHUP);
1395 load_hba_and_ident();
1398 PG_SETMASK(&UnBlockSig);
1406 * pmdie -- signal handler for processing various postmaster signals.
1411 int save_errno = errno;
1413 PG_SETMASK(&BlockSig);
1416 elog(DEBUG, "pmdie %d", postgres_signal_arg);
1418 switch (postgres_signal_arg)
1425 * Wait for children to end their work and ShutdownDataBase.
1427 if (Shutdown >= SmartShutdown)
1429 Shutdown = SmartShutdown;
1430 elog(DEBUG, "smart shutdown request");
1431 if (DLGetHead(BackendList)) /* let reaper() handle this */
1435 * No children left. Shutdown data base system.
1437 if (StartupPID > 0 || FatalError) /* let reaper() handle
1440 if (ShutdownPID > 0)
1442 elog(REALLYFATAL, "shutdown process %d already running",
1447 ShutdownPID = ShutdownDataBase();
1455 * abort all children with SIGTERM (rollback active transactions
1456 * and exit) and ShutdownDataBase when they are gone.
1458 if (Shutdown >= FastShutdown)
1460 elog(DEBUG, "fast shutdown request");
1461 if (DLGetHead(BackendList)) /* let reaper() handle this */
1463 Shutdown = FastShutdown;
1466 elog(DEBUG, "aborting any active transactions");
1467 SignalChildren(SIGTERM);
1471 if (Shutdown > NoShutdown)
1473 Shutdown = FastShutdown;
1476 Shutdown = FastShutdown;
1479 * No children left. Shutdown data base system.
1481 if (StartupPID > 0 || FatalError) /* let reaper() handle
1484 if (ShutdownPID > 0)
1486 elog(REALLYFATAL, "shutdown process %d already running",
1491 ShutdownPID = ShutdownDataBase();
1497 * Immediate Shutdown:
1499 * abort all children with SIGQUIT and exit without attempt to
1500 * properly shutdown data base system.
1502 elog(DEBUG, "immediate shutdown request");
1503 if (ShutdownPID > 0)
1504 kill(ShutdownPID, SIGQUIT);
1506 kill(StartupPID, SIGQUIT);
1507 if (DLGetHead(BackendList))
1508 SignalChildren(SIGQUIT);
1513 PG_SETMASK(&UnBlockSig);
1519 * Reaper -- signal handler to cleanup after a backend (child) dies.
1524 int save_errno = errno;
1527 int status; /* backend exit status */
1530 union wait status; /* backend exit status */
1533 int pid; /* process id of dead backend */
1535 PG_SETMASK(&BlockSig);
1538 elog(DEBUG, "reaping dead processes");
1540 while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
1542 exitstatus = status;
1544 while ((pid = wait3(&status, WNOHANG, NULL)) > 0)
1546 exitstatus = status.w_status;
1550 * Check if this child was the statistics collector. If so, start
1553 if (pgstat_ispgstat(pid))
1555 LogChildExit(gettext("statistics collector process"),
1562 * Check if this child was a shutdown or startup process.
1564 if (ShutdownPID > 0 && pid == ShutdownPID)
1566 if (exitstatus != 0)
1568 LogChildExit(gettext("shutdown process"),
1575 if (StartupPID > 0 && pid == StartupPID)
1577 if (exitstatus != 0)
1579 LogChildExit(gettext("startup process"),
1581 elog(DEBUG, "aborting startup due to startup process failure");
1585 FatalError = false; /* done with recovery */
1586 if (Shutdown > NoShutdown)
1588 if (ShutdownPID > 0)
1590 elog(STOP, "startup process %d died while shutdown process %d already running",
1591 pid, (int) ShutdownPID);
1594 ShutdownPID = ShutdownDataBase();
1598 * Startup succeeded - remember its ID and RedoRecPtr
1603 * Arrange for first checkpoint to occur after standard delay.
1606 checkpointed = time(NULL);
1611 CleanupProc(pid, exitstatus);
1617 * Wait for all children exit, then reset shmem and
1620 if (DLGetHead(BackendList) || StartupPID > 0 || ShutdownPID > 0)
1622 elog(DEBUG, "all server processes terminated; reinitializing shared memory and semaphores");
1625 reset_shared(PostPortNumber);
1627 StartupPID = StartupDataBase();
1632 if (Shutdown > NoShutdown)
1634 if (DLGetHead(BackendList))
1636 if (StartupPID > 0 || ShutdownPID > 0)
1638 ShutdownPID = ShutdownDataBase();
1642 PG_SETMASK(&UnBlockSig);
1648 * CleanupProc -- cleanup after terminated backend.
1650 * Remove all local state associated with backend.
1653 CleanupProc(int pid,
1654 int exitstatus) /* child's exit status. */
1661 LogChildExit(gettext("child process"), pid, exitstatus);
1664 * If a backend dies in an ugly way (i.e. exit status not 0) then we
1665 * must signal all other backends to quickdie. If exit status is zero
1666 * we assume everything is hunky dory and simply remove the backend
1667 * from the active backend list.
1669 if (exitstatus == 0)
1671 curr = DLGetHead(BackendList);
1674 bp = (Backend *) DLE_VAL(curr);
1682 curr = DLGetSucc(curr);
1685 if (pid == CheckPointPID)
1690 checkpointed = time(NULL);
1691 /* Update RedoRecPtr for future child backends */
1701 /* below here we're dealing with a non-normal exit */
1703 /* Make log entry unless we did so already */
1706 LogChildExit(gettext("server process"), pid, exitstatus);
1707 elog(DEBUG, "terminating any other active server processes");
1710 curr = DLGetHead(BackendList);
1713 next = DLGetSucc(curr);
1714 bp = (Backend *) DLE_VAL(curr);
1718 * This backend is still alive. Unless we did so already,
1719 * tell it to commit hara-kiri.
1721 * SIGQUIT is the special signal that says exit without proc_exit
1722 * and let the user know what's going on. But if SendStop is
1723 * set (-s on command line), then we send SIGSTOP instead, so
1724 * that we can get core dumps from all backends by hand.
1729 elog(DEBUG, "CleanupProc: sending %s to process %d",
1730 (SendStop ? "SIGSTOP" : "SIGQUIT"),
1732 kill(bp->pid, (SendStop ? SIGSTOP : SIGQUIT));
1738 * Found entry for freshly-dead backend, so remove it.
1747 if (pid == CheckPointPID)
1755 * Tell the collector about backend termination
1764 * Log the death of a child process.
1767 LogChildExit(const char *procname, int pid, int exitstatus)
1770 * translator: the first %s in these messages is a noun phrase
1771 * describing a child process, such as "server process"
1773 if (WIFEXITED(exitstatus))
1774 elog(DEBUG, "%s (pid %d) exited with exit code %d",
1775 procname, pid, WEXITSTATUS(exitstatus));
1776 else if (WIFSIGNALED(exitstatus))
1777 elog(DEBUG, "%s (pid %d) was terminated by signal %d",
1778 procname, pid, WTERMSIG(exitstatus));
1780 elog(DEBUG, "%s (pid %d) exited with unexpected status %d",
1781 procname, pid, exitstatus);
1785 * Send a signal to all backend children.
1788 SignalChildren(int signal)
1794 curr = DLGetHead(BackendList);
1797 next = DLGetSucc(curr);
1798 bp = (Backend *) DLE_VAL(curr);
1800 if (bp->pid != MyProcPid)
1803 elog(DEBUG, "SignalChildren: sending signal %d to process %d",
1804 signal, (int) bp->pid);
1806 kill(bp->pid, signal);
1814 * BackendStartup -- start backend process
1816 * returns: STATUS_ERROR if the fork failed, STATUS_OK otherwise.
1819 BackendStartup(Port *port)
1821 Backend *bn; /* for backend cleanup */
1823 #ifdef LINUX_PROFILE
1824 struct itimerval prof_itimer;
1828 * Compute the cancel key that will be assigned to this backend. The
1829 * backend will have its own copy in the forked-off process' value of
1830 * MyCancelKey, so that it can transmit the key to the frontend.
1832 MyCancelKey = PostmasterRandom();
1835 * Make room for backend data structure. Better before the fork() so
1836 * we can handle failure cleanly.
1838 bn = (Backend *) malloc(sizeof(Backend));
1841 elog(DEBUG, "out of memory; connection startup aborted");
1842 return STATUS_ERROR;
1846 * Flush stdio channels just before fork, to avoid double-output
1847 * problems. Ideally we'd use fflush(NULL) here, but there are still a
1848 * few non-ANSI stdio libraries out there (like SunOS 4.1.x) that
1849 * coredump if we do. Presently stdout and stderr are the only stdio
1850 * output channels used by the postmaster, so fflush'ing them should
1856 #ifdef LINUX_PROFILE
1858 * Linux's fork() resets the profiling timer in the child process.
1859 * If we want to profile child processes then we need to save and restore
1860 * the timer setting. This is a waste of time if not profiling, however,
1861 * so only do it if commanded by specific -DLINUX_PROFILE switch.
1863 getitimer(ITIMER_PROF, &prof_itimer);
1867 /* Specific beos actions before backend startup */
1868 beos_before_backend_startup();
1873 if (pid == 0) /* child */
1877 #ifdef LINUX_PROFILE
1878 setitimer(ITIMER_PROF, &prof_itimer, NULL);
1882 /* Specific beos backend startup actions */
1883 beos_backend_startup();
1887 status = DoBackend(port);
1890 elog(DEBUG, "connection startup failed");
1897 /* in parent, error */
1900 int save_errno = errno;
1903 /* Specific beos backend startup actions */
1904 beos_backend_startup_failed();
1907 elog(DEBUG, "connection startup failed (fork failure): %s",
1908 strerror(save_errno));
1909 report_fork_failure_to_client(port, save_errno);
1910 return STATUS_ERROR;
1913 /* in parent, normal */
1915 elog(DEBUG, "BackendStartup: forked pid=%d socket=%d",
1916 (int) pid, port->sock);
1919 * Everything's been successful, it's safe to add this backend to our
1923 bn->cancel_key = MyCancelKey;
1924 DLAddHead(BackendList, DLNewElem(bn));
1931 * Try to report backend fork() failure to client before we close the
1932 * connection. Since we do not care to risk blocking the postmaster on
1933 * this connection, we set the connection to non-blocking and try only once.
1935 * This is grungy special-purpose code; we cannot use backend libpq since
1936 * it's not up and running.
1939 report_fork_failure_to_client(Port *port, int errnum)
1946 /* Format the error message packet */
1947 snprintf(buffer, sizeof(buffer), "E%s%s\n",
1948 gettext("Server process fork() failed: "),
1951 /* Set port to non-blocking. Don't do send() if this fails */
1953 if (ioctl(port->sock, FIONBIO, &on) != 0)
1956 if (fcntl(port->sock, F_SETFL, O_NONBLOCK) < 0)
1960 send(port->sock, buffer, strlen(buffer)+1, 0);
1965 * split_opts -- split a string of options and append it to an argv array
1967 * NB: the string is destructively modified!
1969 * Since no current POSTGRES arguments require any quoting characters,
1970 * we can use the simple-minded tactic of assuming each set of space-
1971 * delimited characters is a separate argv element.
1973 * If you don't like that, well, we *used* to pass the whole option string
1974 * as ONE argument to execl(), which was even less intelligent...
1977 split_opts(char **argv, int *argcp, char *s)
1981 while (isspace((unsigned char) *s))
1985 argv[(*argcp)++] = s;
1986 while (*s && !isspace((unsigned char) *s))
1994 * DoBackend -- perform authentication, and if successful, set up the
1995 * backend's argument list and invoke backend main().
1997 * This used to perform an execv() but we no longer exec the backend;
1998 * it's the same executable as the postmaster.
2001 * Shouldn't return at all.
2002 * If PostgresMain() fails, return status.
2005 DoBackend(Port *port)
2008 char *av[ARGV_SIZE * 2];
2010 char debugbuf[ARGV_SIZE];
2011 char protobuf[ARGV_SIZE];
2012 char dbbuf[ARGV_SIZE];
2013 char optbuf[ARGV_SIZE];
2014 char ttybuf[ARGV_SIZE];
2021 * Let's clean up ourselves as the postmaster child
2024 IsUnderPostmaster = true; /* we are a postmaster subprocess now */
2026 /* We don't want the postmaster's proc_exit() handlers */
2030 * Signal handlers setting is moved to tcop/postgres...
2033 /* Close the postmaster's other sockets */
2034 ClosePostmasterPorts(true);
2036 /* Save port etc. for ps status */
2039 /* Reset MyProcPid to new backend's pid */
2040 MyProcPid = getpid();
2043 * Initialize libpq and enable reporting of elog errors to the client.
2044 * Must do this now because authentication uses libpq to send
2047 pq_init(); /* initialize libpq to talk to client */
2048 whereToSendOutput = Remote; /* now safe to elog to client */
2051 * We arrange for a simple exit(0) if we receive SIGTERM or SIGQUIT
2052 * during any client authentication related communication. Otherwise
2053 * the postmaster cannot shutdown the database FAST or IMMED cleanly
2054 * if a buggy client blocks a backend during authentication. We also
2055 * will exit(0) after a time delay, so that a broken client can't hog
2056 * a connection indefinitely.
2058 * PreAuthDelay is a debugging aid for investigating problems in the
2059 * authentication cycle: it can be set in postgresql.conf to allow
2060 * time to attach to the newly-forked backend with a debugger. (See
2061 * also the -W backend switch, which we allow clients to pass through
2062 * PGOPTIONS, but it is not honored until after authentication.)
2064 pqsignal(SIGTERM, authdie);
2065 pqsignal(SIGQUIT, authdie);
2066 pqsignal(SIGALRM, authdie);
2067 PG_SETMASK(&AuthBlockSig);
2069 if (PreAuthDelay > 0)
2070 sleep(PreAuthDelay);
2072 if (!enable_sigalrm_interrupt(AuthenticationTimeout * 1000))
2073 elog(FATAL, "DoBackend: Unable to set timer for auth timeout");
2076 * Receive the startup packet (which might turn out to be a cancel
2079 status = ProcessStartupPacket(port, false);
2081 if (status != STATUS_OK)
2082 return 0; /* cancel request processed, or error */
2085 * Now that we have the user and database name, we can set the process
2086 * title for ps. It's good to do this as early as possible in
2089 * But first, we need the remote host name.
2091 if (port->raddr.sa.sa_family == AF_INET)
2093 unsigned short remote_port;
2096 remote_port = ntohs(port->raddr.in.sin_port);
2097 host_addr = inet_ntoa(port->raddr.in.sin_addr);
2103 struct hostent *host_ent;
2105 host_ent = gethostbyaddr((char *) &port->raddr.in.sin_addr,
2106 sizeof(port->raddr.in.sin_addr),
2111 remote_host = palloc(strlen(host_addr) + strlen(host_ent->h_name) + 3);
2112 sprintf(remote_host, "%s[%s]", host_ent->h_name, host_addr);
2116 if (remote_host == NULL)
2117 remote_host = pstrdup(host_addr);
2121 char *str = palloc(strlen(remote_host) + 7);
2123 sprintf(str, "%s:%hu", remote_host, remote_port);
2131 remote_host = "[local]";
2135 * Set process parameters for ps display.
2137 init_ps_display(port->user, port->database, remote_host);
2138 set_ps_display("authentication");
2141 * Now perform authentication exchange.
2143 ClientAuthentication(port); /* might not return, if failure */
2146 * Done with authentication. Disable timeout, and prevent
2147 * SIGTERM/SIGQUIT again until backend startup is complete.
2149 if (!disable_sigalrm_interrupt())
2150 elog(FATAL, "DoBackend: Unable to disable timer for auth timeout");
2151 PG_SETMASK(&BlockSig);
2153 if (Log_connections)
2154 elog(DEBUG, "connection: host=%s user=%s database=%s",
2155 remote_host, port->user, port->database);
2158 * Don't want backend to be able to see the postmaster random number
2159 * generator state. We have to clobber the static random_seed *and*
2160 * start a new random sequence in the random() library function.
2163 gettimeofday(&now, &tz);
2164 srandom((unsigned int) now.tv_usec);
2167 * Now, build the argv vector that will be given to PostgresMain.
2169 * The layout of the command line is
2170 * postgres [secure switches] -p databasename [insecure switches]
2171 * where the switches after -p come from the client request.
2175 av[ac++] = "postgres";
2178 * Pass the requested debugging level along to the backend. Level one
2179 * debugging in the postmaster traces postmaster connection activity,
2180 * and levels two and higher are passed along to the backend. This
2181 * allows us to watch only the postmaster or the postmaster and the
2186 sprintf(debugbuf, "-d%d", DebugLvl);
2187 av[ac++] = debugbuf;
2191 * Pass any backend switches specified with -o in the postmaster's own
2192 * command line. We assume these are secure. (It's OK to mangle
2193 * ExtraOptions since we are now in the child process; this won't
2194 * change the postmaster's copy.)
2196 split_opts(av, &ac, ExtraOptions);
2198 /* Tell the backend what protocol the frontend is using. */
2199 sprintf(protobuf, "-v%u", port->proto);
2200 av[ac++] = protobuf;
2203 * Tell the backend it is being called from the postmaster, and which
2204 * database to use. -p marks the end of secure switches.
2208 StrNCpy(dbbuf, port->database, ARGV_SIZE);
2212 * Pass the (insecure) option switches from the connection request.
2214 StrNCpy(optbuf, port->options, ARGV_SIZE);
2215 split_opts(av, &ac, optbuf);
2218 * Pass the (insecure) debug output file request.
2220 * NOTE: currently, this is useless code, since the backend will not
2221 * honor an insecure -o switch. I left it here since the backend
2222 * could be modified to allow insecure -o, given adequate checking
2223 * that the specified filename is something safe to write on.
2227 StrNCpy(ttybuf, port->tty, ARGV_SIZE);
2232 av[ac] = (char *) NULL;
2235 * Release postmaster's working memory context so that backend can
2236 * recycle the space. Note this does not trash *MyProcPort, because
2237 * ConnCreate() allocated that space with malloc() ... else we'd need
2238 * to copy the Port data here.
2240 MemoryContextSwitchTo(TopMemoryContext);
2241 MemoryContextDelete(PostmasterContext);
2242 PostmasterContext = NULL;
2245 * Debug: print arguments being passed to backend
2249 fprintf(stderr, "%s child[%d]: starting with (",
2250 progname, MyProcPid);
2251 for (i = 0; i < ac; ++i)
2252 fprintf(stderr, "%s ", av[i]);
2253 fprintf(stderr, ")\n");
2256 return (PostgresMain(ac, av, port->user));
2260 * ExitPostmaster -- cleanup
2262 * Do NOT call exit() directly --- always go through here!
2265 ExitPostmaster(int status)
2267 /* should cleanup shared memory and kill all backends */
2270 * Not sure of the semantics here. When the Postmaster dies, should
2271 * the backends all be killed? probably not.
2273 * MUST -- vadim 05-10-1999
2275 if (ServerSock_INET != INVALID_SOCK)
2276 StreamClose(ServerSock_INET);
2277 ServerSock_INET = INVALID_SOCK;
2278 #ifdef HAVE_UNIX_SOCKETS
2279 if (ServerSock_UNIX != INVALID_SOCK)
2280 StreamClose(ServerSock_UNIX);
2281 ServerSock_UNIX = INVALID_SOCK;
2288 * sigusr1_handler - handle signal conditions from child processes
2291 sigusr1_handler(SIGNAL_ARGS)
2293 int save_errno = errno;
2295 PG_SETMASK(&BlockSig);
2297 if (CheckPostmasterSignal(PMSIGNAL_DO_CHECKPOINT))
2300 * Request to schedule a checkpoint
2302 * Ignore request if checkpoint is already running or checkpointing
2303 * is currently disabled
2305 if (CheckPointPID == 0 && checkpointed &&
2306 Shutdown == NoShutdown && !FatalError && random_seed != 0)
2308 CheckPointPID = CheckPointDataBase();
2309 /* note: if fork fails, CheckPointPID stays 0; nothing happens */
2313 if (CheckPostmasterSignal(PMSIGNAL_PASSWORD_CHANGE))
2316 * Password file has changed.
2318 load_password_cache();
2321 if (CheckPostmasterSignal(PMSIGNAL_WAKEN_CHILDREN))
2324 * Send SIGUSR2 to all children (triggers AsyncNotifyHandler). See
2325 * storage/ipc/sinvaladt.c for the use of this.
2327 if (Shutdown == NoShutdown)
2328 SignalChildren(SIGUSR2);
2331 PG_SETMASK(&UnBlockSig);
2338 * Dummy signal handler
2340 * We use this for signals that we don't actually use in the postmaster,
2341 * but we do use in backends. If we SIG_IGN such signals in the postmaster,
2342 * then a newly started backend might drop a signal that arrives before it's
2343 * able to reconfigure its signal processing. (See notes in postgres.c.)
2346 dummy_handler(SIGNAL_ARGS)
2352 * CharRemap: given an int in range 0..61, produce textual encoding of it
2353 * per crypt(3) conventions.
2377 RandomSalt(char *cryptSalt, char *md5Salt)
2379 long rand = PostmasterRandom();
2381 cryptSalt[0] = CharRemap(rand % 62);
2382 cryptSalt[1] = CharRemap(rand / 62);
2385 * It's okay to reuse the first random value for one of the MD5 salt
2386 * bytes, since only one of the two salts will be sent to the client.
2387 * After that we need to compute more random bits.
2389 * We use % 255, sacrificing one possible byte value, so as to ensure
2390 * that all bits of the random() value participate in the result.
2391 * While at it, add one to avoid generating any null bytes.
2393 md5Salt[0] = (rand % 255) + 1;
2394 rand = PostmasterRandom();
2395 md5Salt[1] = (rand % 255) + 1;
2396 rand = PostmasterRandom();
2397 md5Salt[2] = (rand % 255) + 1;
2398 rand = PostmasterRandom();
2399 md5Salt[3] = (rand % 255) + 1;
2406 PostmasterRandom(void)
2408 static bool initialized = false;
2412 Assert(random_seed != 0);
2413 srandom(random_seed);
2421 * Count up number of child processes.
2430 for (curr = DLGetHead(BackendList); curr; curr = DLGetSucc(curr))
2432 bp = (Backend *) DLE_VAL(curr);
2433 if (bp->pid != MyProcPid)
2436 if (CheckPointPID != 0)
2444 * Initialize SSL library and structures
2451 SSL_load_error_strings();
2453 SSL_context = SSL_CTX_new(SSLv23_method());
2456 postmaster_error("failed to create SSL context: %s",
2460 snprintf(fnbuf, sizeof(fnbuf), "%s/server.crt", DataDir);
2461 if (!SSL_CTX_use_certificate_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
2463 postmaster_error("failed to load server certificate (%s): %s",
2464 fnbuf, SSLerrmessage());
2467 snprintf(fnbuf, sizeof(fnbuf), "%s/server.key", DataDir);
2468 if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
2470 postmaster_error("failed to load private key file (%s): %s",
2471 fnbuf, SSLerrmessage());
2474 if (!SSL_CTX_check_private_key(SSL_context))
2476 postmaster_error("check of private key failed: %s",
2483 * Obtain reason string for last SSL error
2485 * Some caution is needed here since ERR_reason_error_string will
2486 * return NULL if it doesn't recognize the error code. We don't
2487 * want to return NULL ever.
2492 unsigned long errcode;
2493 const char *errreason;
2494 static char errbuf[32];
2496 errcode = ERR_get_error();
2498 return "No SSL error reported";
2499 errreason = ERR_reason_error_string(errcode);
2500 if (errreason != NULL)
2502 snprintf(errbuf, sizeof(errbuf), "SSL error code %lu", errcode);
2506 #endif /* USE_SSL */
2509 * Fire off a subprocess for startup/shutdown/checkpoint.
2511 * Return value is subprocess' PID, or 0 if failed to start subprocess
2512 * (0 is returned only for checkpoint case).
2515 SSDataBase(int xlop)
2519 #ifdef LINUX_PROFILE
2520 struct itimerval prof_itimer;
2526 #ifdef LINUX_PROFILE
2527 /* see comments in BackendStartup */
2528 getitimer(ITIMER_PROF, &prof_itimer);
2532 /* Specific beos actions before backend startup */
2533 beos_before_backend_startup();
2536 if ((pid = fork()) == 0) /* child */
2538 const char *statmsg;
2539 char *av[ARGV_SIZE * 2];
2541 char nbbuf[ARGV_SIZE];
2542 char dbbuf[ARGV_SIZE];
2543 char xlbuf[ARGV_SIZE];
2545 #ifdef LINUX_PROFILE
2546 setitimer(ITIMER_PROF, &prof_itimer, NULL);
2550 /* Specific beos actions after backend startup */
2551 beos_backend_startup();
2554 IsUnderPostmaster = true; /* we are a postmaster subprocess
2557 /* Lose the postmaster's on-exit routines and port connections */
2560 /* Close the postmaster's sockets */
2561 ClosePostmasterPorts(true);
2564 * Identify myself via ps
2568 case BS_XLOG_STARTUP:
2569 statmsg = "startup subprocess";
2571 case BS_XLOG_CHECKPOINT:
2572 statmsg = "checkpoint subprocess";
2574 case BS_XLOG_SHUTDOWN:
2575 statmsg = "shutdown subprocess";
2578 statmsg = "??? subprocess";
2581 init_ps_display(statmsg, "", "");
2584 /* Set up command-line arguments for subprocess */
2585 av[ac++] = "postgres";
2589 sprintf(nbbuf, "-B%d", NBuffers);
2592 sprintf(xlbuf, "-x%d", xlop);
2597 StrNCpy(dbbuf, "template1", ARGV_SIZE);
2600 av[ac] = (char *) NULL;
2602 BootstrapMain(ac, av);
2610 /* Specific beos actions before backend startup */
2611 beos_backend_startup_failed();
2616 case BS_XLOG_STARTUP:
2617 elog(DEBUG, "could not launch startup process (fork failure): %s",
2620 case BS_XLOG_CHECKPOINT:
2621 elog(DEBUG, "could not launch checkpoint process (fork failure): %s",
2624 case BS_XLOG_SHUTDOWN:
2626 elog(DEBUG, "could not launch shutdown process (fork failure): %s",
2632 * fork failure is fatal during startup/shutdown, but there's no
2633 * need to choke if a routine checkpoint fails.
2635 if (xlop == BS_XLOG_CHECKPOINT)
2641 * The startup and shutdown processes are not considered normal
2642 * backends, but the checkpoint process is. Checkpoint must be added
2643 * to the list of backends.
2645 if (xlop == BS_XLOG_CHECKPOINT)
2647 if (!(bn = (Backend *) malloc(sizeof(Backend))))
2649 elog(DEBUG, "CheckPointDataBase: malloc failed");
2654 bn->cancel_key = PostmasterRandom();
2655 DLAddHead(BackendList, DLNewElem(bn));
2658 * Since this code is executed periodically, it's a fine place to
2659 * do other actions that should happen every now and then on no
2660 * particular schedule. Such as...
2662 TouchSocketLockFile();
2670 * Create the opts file
2673 CreateOptsFile(int argc, char *argv[])
2675 char fullprogname[MAXPGPATH];
2680 if (FindExec(fullprogname, argv[0], "postmaster") < 0)
2683 filename = palloc(strlen(DataDir) + 20);
2684 sprintf(filename, "%s/postmaster.opts", DataDir);
2686 fp = fopen(filename, "w");
2689 postmaster_error("cannot create file %s: %s",
2690 filename, strerror(errno));
2694 fprintf(fp, "%s", fullprogname);
2695 for (i = 1; i < argc; i++)
2696 fprintf(fp, " '%s'", argv[i]);
2701 postmaster_error("writing file %s failed", filename);
2712 postmaster_error(const char *fmt,...)
2716 fprintf(stderr, "%s: ", progname);
2718 vfprintf(stderr, gettext(fmt), ap);
2720 fprintf(stderr, "\n");