PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
miscinit.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * miscinit.c
4  * miscellaneous initialization support stuff
5  *
6  * Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group
7  * Portions Copyright (c) 1994, Regents of the University of California
8  *
9  *
10  * IDENTIFICATION
11  * src/backend/utils/init/miscinit.c
12  *
13  *-------------------------------------------------------------------------
14  */
15 #include "postgres.h"
16 
17 #include <sys/param.h>
18 #include <signal.h>
19 #include <time.h>
20 #include <sys/file.h>
21 #include <sys/stat.h>
22 #include <sys/time.h>
23 #include <fcntl.h>
24 #include <unistd.h>
25 #include <grp.h>
26 #include <pwd.h>
27 #include <netinet/in.h>
28 #include <arpa/inet.h>
29 #ifdef HAVE_UTIME_H
30 #include <utime.h>
31 #endif
32 
33 #include "access/htup_details.h"
34 #include "catalog/pg_authid.h"
35 #include "libpq/libpq.h"
36 #include "mb/pg_wchar.h"
37 #include "miscadmin.h"
38 #include "pgstat.h"
39 #include "postmaster/autovacuum.h"
40 #include "postmaster/postmaster.h"
41 #include "storage/fd.h"
42 #include "storage/ipc.h"
43 #include "storage/latch.h"
44 #include "storage/pg_shmem.h"
45 #include "storage/proc.h"
46 #include "storage/procarray.h"
47 #include "utils/builtins.h"
48 #include "utils/guc.h"
49 #include "utils/memutils.h"
50 #include "utils/syscache.h"
51 #include "utils/varlena.h"
52 
53 
54 #define DIRECTORY_LOCK_FILE "postmaster.pid"
55 
57 
58 /* List of lock files to be removed at proc exit */
59 static List *lock_files = NIL;
60 
62 
63 /* ----------------------------------------------------------------
64  * ignoring system indexes support stuff
65  *
66  * NOTE: "ignoring system indexes" means we do not use the system indexes
67  * for lookups (either in hardwired catalog accesses or in planner-generated
68  * plans). We do, however, still update the indexes when a catalog
69  * modification is made.
70  * ----------------------------------------------------------------
71  */
72 
73 bool IgnoreSystemIndexes = false;
74 
75 
76 /* ----------------------------------------------------------------
77  * database path / name support stuff
78  * ----------------------------------------------------------------
79  */
80 
81 void
82 SetDatabasePath(const char *path)
83 {
84  /* This should happen only once per process */
87 }
88 
89 /*
90  * Set data directory, but make sure it's an absolute path. Use this,
91  * never set DataDir directly.
92  */
93 void
94 SetDataDir(const char *dir)
95 {
96  char *new;
97 
98  AssertArg(dir);
99 
100  /* If presented path is relative, convert to absolute */
101  new = make_absolute_path(dir);
102 
103  if (DataDir)
104  free(DataDir);
105  DataDir = new;
106 }
107 
108 /*
109  * Change working directory to DataDir. Most of the postmaster and backend
110  * code assumes that we are in DataDir so it can use relative paths to access
111  * stuff in and under the data directory. For convenience during path
112  * setup, however, we don't force the chdir to occur during SetDataDir.
113  */
114 void
116 {
118 
119  if (chdir(DataDir) < 0)
120  ereport(FATAL,
122  errmsg("could not change directory to \"%s\": %m",
123  DataDir)));
124 }
125 
126 
127 /* ----------------------------------------------------------------
128  * User ID state
129  *
130  * We have to track several different values associated with the concept
131  * of "user ID".
132  *
133  * AuthenticatedUserId is determined at connection start and never changes.
134  *
135  * SessionUserId is initially the same as AuthenticatedUserId, but can be
136  * changed by SET SESSION AUTHORIZATION (if AuthenticatedUserIsSuperuser).
137  * This is the ID reported by the SESSION_USER SQL function.
138  *
139  * OuterUserId is the current user ID in effect at the "outer level" (outside
140  * any transaction or function). This is initially the same as SessionUserId,
141  * but can be changed by SET ROLE to any role that SessionUserId is a
142  * member of. (XXX rename to something like CurrentRoleId?)
143  *
144  * CurrentUserId is the current effective user ID; this is the one to use
145  * for all normal permissions-checking purposes. At outer level this will
146  * be the same as OuterUserId, but it changes during calls to SECURITY
147  * DEFINER functions, as well as locally in some specialized commands.
148  *
149  * SecurityRestrictionContext holds flags indicating reason(s) for changing
150  * CurrentUserId. In some cases we need to lock down operations that are
151  * not directly controlled by privilege settings, and this provides a
152  * convenient way to do it.
153  * ----------------------------------------------------------------
154  */
159 
160 /* We also have to remember the superuser state of some of these levels */
161 static bool AuthenticatedUserIsSuperuser = false;
162 static bool SessionUserIsSuperuser = false;
163 
165 
166 /* We also remember if a SET ROLE is currently active */
167 static bool SetRoleIsActive = false;
168 
169 /*
170  * Initialize the basic environment for a postmaster child
171  *
172  * Should be called as early as possible after the child's startup.
173  */
174 void
176 {
177  IsUnderPostmaster = true; /* we are a postmaster subprocess now */
178 
179  MyProcPid = getpid(); /* reset MyProcPid */
180 
181  MyStartTime = time(NULL); /* set our start time in case we call elog */
182 
183  /*
184  * make sure stderr is in binary mode before anything can possibly be
185  * written to it, in case it's actually the syslogger pipe, so the pipe
186  * chunking protocol isn't disturbed. Non-logpipe data gets translated on
187  * redirection (e.g. via pg_ctl -l) anyway.
188  */
189 #ifdef WIN32
190  _setmode(fileno(stderr), _O_BINARY);
191 #endif
192 
193  /* We don't want the postmaster's proc_exit() handlers */
194  on_exit_reset();
195 
196  /* Initialize process-local latch support */
200 
201  /*
202  * If possible, make this process a group leader, so that the postmaster
203  * can signal any child processes too. Not all processes will have
204  * children, but for consistency we make all postmaster child processes do
205  * this.
206  */
207 #ifdef HAVE_SETSID
208  if (setsid() < 0)
209  elog(FATAL, "setsid() failed: %m");
210 #endif
211 }
212 
213 /*
214  * Initialize the basic environment for a standalone process.
215  *
216  * argv0 has to be suitable to find the program's executable.
217  */
218 void
220 {
222 
223  MyProcPid = getpid(); /* reset MyProcPid */
224 
225  MyStartTime = time(NULL); /* set our start time in case we call elog */
226 
227  /* Initialize process-local latch support */
231 
232  /* Compute paths, no postmaster to inherit from */
233  if (my_exec_path[0] == '\0')
234  {
235  if (find_my_exec(argv0, my_exec_path) < 0)
236  elog(FATAL, "%s: could not locate my own executable path",
237  argv0);
238  }
239 
240  if (pkglib_path[0] == '\0')
242 }
243 
244 void
246 {
247  Assert(MyLatch == &LocalLatchData);
248  Assert(MyProc != NULL);
249 
251 
252  if (FeBeWaitSet)
254 
255  /*
256  * Set the shared latch as the local one might have been set. This
257  * shouldn't normally be necessary as code is supposed to check the
258  * condition before waiting for the latch, but a bit care can't hurt.
259  */
260  SetLatch(MyLatch);
261 }
262 
263 void
265 {
266  Assert(MyLatch != &LocalLatchData);
268 
270 
271  if (FeBeWaitSet)
273 
274  SetLatch(MyLatch);
275 }
276 
277 /*
278  * GetUserId - get the current effective user ID.
279  *
280  * Note: there's no SetUserId() anymore; use SetUserIdAndSecContext().
281  */
282 Oid
284 {
286  return CurrentUserId;
287 }
288 
289 
290 /*
291  * GetOuterUserId/SetOuterUserId - get/set the outer-level user ID.
292  */
293 Oid
295 {
297  return OuterUserId;
298 }
299 
300 
301 static void
303 {
305  AssertArg(OidIsValid(userid));
306  OuterUserId = userid;
307 
308  /* We force the effective user ID to match, too */
309  CurrentUserId = userid;
310 }
311 
312 
313 /*
314  * GetSessionUserId/SetSessionUserId - get/set the session user ID.
315  */
316 Oid
318 {
320  return SessionUserId;
321 }
322 
323 
324 static void
326 {
328  AssertArg(OidIsValid(userid));
329  SessionUserId = userid;
331  SetRoleIsActive = false;
332 
333  /* We force the effective user IDs to match, too */
334  OuterUserId = userid;
335  CurrentUserId = userid;
336 }
337 
338 /*
339  * GetAuthenticatedUserId - get the authenticated user ID
340  */
341 Oid
343 {
345  return AuthenticatedUserId;
346 }
347 
348 
349 /*
350  * GetUserIdAndSecContext/SetUserIdAndSecContext - get/set the current user ID
351  * and the SecurityRestrictionContext flags.
352  *
353  * Currently there are three valid bits in SecurityRestrictionContext:
354  *
355  * SECURITY_LOCAL_USERID_CHANGE indicates that we are inside an operation
356  * that is temporarily changing CurrentUserId via these functions. This is
357  * needed to indicate that the actual value of CurrentUserId is not in sync
358  * with guc.c's internal state, so SET ROLE has to be disallowed.
359  *
360  * SECURITY_RESTRICTED_OPERATION indicates that we are inside an operation
361  * that does not wish to trust called user-defined functions at all. This
362  * bit prevents not only SET ROLE, but various other changes of session state
363  * that normally is unprotected but might possibly be used to subvert the
364  * calling session later. An example is replacing an existing prepared
365  * statement with new code, which will then be executed with the outer
366  * session's permissions when the prepared statement is next used. Since
367  * these restrictions are fairly draconian, we apply them only in contexts
368  * where the called functions are really supposed to be side-effect-free
369  * anyway, such as VACUUM/ANALYZE/REINDEX.
370  *
371  * SECURITY_NOFORCE_RLS indicates that we are inside an operation which should
372  * ignore the FORCE ROW LEVEL SECURITY per-table indication. This is used to
373  * ensure that FORCE RLS does not mistakenly break referential integrity
374  * checks. Note that this is intentionally only checked when running as the
375  * owner of the table (which should always be the case for referential
376  * integrity checks).
377  *
378  * Unlike GetUserId, GetUserIdAndSecContext does *not* Assert that the current
379  * value of CurrentUserId is valid; nor does SetUserIdAndSecContext require
380  * the new value to be valid. In fact, these routines had better not
381  * ever throw any kind of error. This is because they are used by
382  * StartTransaction and AbortTransaction to save/restore the settings,
383  * and during the first transaction within a backend, the value to be saved
384  * and perhaps restored is indeed invalid. We have to be able to get
385  * through AbortTransaction without asserting in case InitPostgres fails.
386  */
387 void
388 GetUserIdAndSecContext(Oid *userid, int *sec_context)
389 {
390  *userid = CurrentUserId;
391  *sec_context = SecurityRestrictionContext;
392 }
393 
394 void
395 SetUserIdAndSecContext(Oid userid, int sec_context)
396 {
397  CurrentUserId = userid;
398  SecurityRestrictionContext = sec_context;
399 }
400 
401 
402 /*
403  * InLocalUserIdChange - are we inside a local change of CurrentUserId?
404  */
405 bool
407 {
409 }
410 
411 /*
412  * InSecurityRestrictedOperation - are we inside a security-restricted command?
413  */
414 bool
416 {
418 }
419 
420 /*
421  * InNoForceRLSOperation - are we ignoring FORCE ROW LEVEL SECURITY ?
422  */
423 bool
425 {
427 }
428 
429 
430 /*
431  * These are obsolete versions of Get/SetUserIdAndSecContext that are
432  * only provided for bug-compatibility with some rather dubious code in
433  * pljava. We allow the userid to be set, but only when not inside a
434  * security restriction context.
435  */
436 void
437 GetUserIdAndContext(Oid *userid, bool *sec_def_context)
438 {
439  *userid = CurrentUserId;
440  *sec_def_context = InLocalUserIdChange();
441 }
442 
443 void
444 SetUserIdAndContext(Oid userid, bool sec_def_context)
445 {
446  /* We throw the same error SET ROLE would. */
448  ereport(ERROR,
449  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
450  errmsg("cannot set parameter \"%s\" within security-restricted operation",
451  "role")));
452  CurrentUserId = userid;
453  if (sec_def_context)
455  else
457 }
458 
459 
460 /*
461  * Check whether specified role has explicit REPLICATION privilege
462  */
463 bool
465 {
466  bool result = false;
467  HeapTuple utup;
468 
469  utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
470  if (HeapTupleIsValid(utup))
471  {
472  result = ((Form_pg_authid) GETSTRUCT(utup))->rolreplication;
473  ReleaseSysCache(utup);
474  }
475  return result;
476 }
477 
478 /*
479  * Initialize user identity during normal backend startup
480  */
481 void
482 InitializeSessionUserId(const char *rolename, Oid roleid)
483 {
484  HeapTuple roleTup;
485  Form_pg_authid rform;
486  char *rname;
487 
488  /*
489  * Don't do scans if we're bootstrapping, none of the system catalogs
490  * exist yet, and they should be owned by postgres anyway.
491  */
493 
494  /* call only once */
496 
497  if (rolename != NULL)
498  {
499  roleTup = SearchSysCache1(AUTHNAME, PointerGetDatum(rolename));
500  if (!HeapTupleIsValid(roleTup))
501  ereport(FATAL,
502  (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
503  errmsg("role \"%s\" does not exist", rolename)));
504  }
505  else
506  {
507  roleTup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
508  if (!HeapTupleIsValid(roleTup))
509  ereport(FATAL,
510  (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
511  errmsg("role with OID %u does not exist", roleid)));
512  }
513 
514  rform = (Form_pg_authid) GETSTRUCT(roleTup);
515  roleid = HeapTupleGetOid(roleTup);
516  rname = NameStr(rform->rolname);
517 
518  AuthenticatedUserId = roleid;
519  AuthenticatedUserIsSuperuser = rform->rolsuper;
520 
521  /* This sets OuterUserId/CurrentUserId too */
523 
524  /* Also mark our PGPROC entry with the authenticated user id */
525  /* (We assume this is an atomic store so no lock is needed) */
526  MyProc->roleId = roleid;
527 
528  /*
529  * These next checks are not enforced when in standalone mode, so that
530  * there is a way to recover from sillinesses like "UPDATE pg_authid SET
531  * rolcanlogin = false;".
532  */
533  if (IsUnderPostmaster)
534  {
535  /*
536  * Is role allowed to login at all?
537  */
538  if (!rform->rolcanlogin)
539  ereport(FATAL,
540  (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
541  errmsg("role \"%s\" is not permitted to log in",
542  rname)));
543 
544  /*
545  * Check connection limit for this role.
546  *
547  * There is a race condition here --- we create our PGPROC before
548  * checking for other PGPROCs. If two backends did this at about the
549  * same time, they might both think they were over the limit, while
550  * ideally one should succeed and one fail. Getting that to work
551  * exactly seems more trouble than it is worth, however; instead we
552  * just document that the connection limit is approximate.
553  */
554  if (rform->rolconnlimit >= 0 &&
556  CountUserBackends(roleid) > rform->rolconnlimit)
557  ereport(FATAL,
558  (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
559  errmsg("too many connections for role \"%s\"",
560  rname)));
561  }
562 
563  /* Record username and superuser status as GUC settings too */
564  SetConfigOption("session_authorization", rname,
566  SetConfigOption("is_superuser",
567  AuthenticatedUserIsSuperuser ? "on" : "off",
569 
570  ReleaseSysCache(roleTup);
571 }
572 
573 
574 /*
575  * Initialize user identity during special backend startup
576  */
577 void
579 {
580  /*
581  * This function should only be called in single-user mode, in autovacuum
582  * workers, and in background workers.
583  */
585 
586  /* call only once */
588 
591 
593 }
594 
595 
596 /*
597  * Change session auth ID while running
598  *
599  * Only a superuser may set auth ID to something other than himself. Note
600  * that in case of multiple SETs in a single session, the original userid's
601  * superuserness is what matters. But we set the GUC variable is_superuser
602  * to indicate whether the *current* session userid is a superuser.
603  *
604  * Note: this is not an especially clean place to do the permission check.
605  * It's OK because the check does not require catalog access and can't
606  * fail during an end-of-transaction GUC reversion, but we may someday
607  * have to push it up into assign_session_authorization.
608  */
609 void
611 {
612  /* Must have authenticated already, else can't make permission check */
614 
615  if (userid != AuthenticatedUserId &&
617  ereport(ERROR,
618  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
619  errmsg("permission denied to set session authorization")));
620 
621  SetSessionUserId(userid, is_superuser);
622 
623  SetConfigOption("is_superuser",
624  is_superuser ? "on" : "off",
626 }
627 
628 /*
629  * Report current role id
630  * This follows the semantics of SET ROLE, ie return the outer-level ID
631  * not the current effective ID, and return InvalidOid when the setting
632  * is logically SET ROLE NONE.
633  */
634 Oid
636 {
637  if (SetRoleIsActive)
638  return OuterUserId;
639  else
640  return InvalidOid;
641 }
642 
643 /*
644  * Change Role ID while running (SET ROLE)
645  *
646  * If roleid is InvalidOid, we are doing SET ROLE NONE: revert to the
647  * session user authorization. In this case the is_superuser argument
648  * is ignored.
649  *
650  * When roleid is not InvalidOid, the caller must have checked whether
651  * the session user has permission to become that role. (We cannot check
652  * here because this routine must be able to execute in a failed transaction
653  * to restore a prior value of the ROLE GUC variable.)
654  */
655 void
657 {
658  /*
659  * Get correct info if it's SET ROLE NONE
660  *
661  * If SessionUserId hasn't been set yet, just do nothing --- the eventual
662  * SetSessionUserId call will fix everything. This is needed since we
663  * will get called during GUC initialization.
664  */
665  if (!OidIsValid(roleid))
666  {
668  return;
669 
670  roleid = SessionUserId;
671  is_superuser = SessionUserIsSuperuser;
672 
673  SetRoleIsActive = false;
674  }
675  else
676  SetRoleIsActive = true;
677 
678  SetOuterUserId(roleid);
679 
680  SetConfigOption("is_superuser",
681  is_superuser ? "on" : "off",
683 }
684 
685 
686 /*
687  * Get user name from user oid, returns NULL for nonexistent roleid if noerr
688  * is true.
689  */
690 char *
691 GetUserNameFromId(Oid roleid, bool noerr)
692 {
693  HeapTuple tuple;
694  char *result;
695 
696  tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
697  if (!HeapTupleIsValid(tuple))
698  {
699  if (!noerr)
700  ereport(ERROR,
701  (errcode(ERRCODE_UNDEFINED_OBJECT),
702  errmsg("invalid role OID: %u", roleid)));
703  result = NULL;
704  }
705  else
706  {
707  result = pstrdup(NameStr(((Form_pg_authid) GETSTRUCT(tuple))->rolname));
708  ReleaseSysCache(tuple);
709  }
710  return result;
711 }
712 
713 
714 /*-------------------------------------------------------------------------
715  * Interlock-file support
716  *
717  * These routines are used to create both a data-directory lockfile
718  * ($DATADIR/postmaster.pid) and Unix-socket-file lockfiles ($SOCKFILE.lock).
719  * Both kinds of files contain the same info initially, although we can add
720  * more information to a data-directory lockfile after it's created, using
721  * AddToDataDirLockFile(). See miscadmin.h for documentation of the contents
722  * of these lockfiles.
723  *
724  * On successful lockfile creation, a proc_exit callback to remove the
725  * lockfile is automatically created.
726  *-------------------------------------------------------------------------
727  */
728 
729 /*
730  * proc_exit callback to remove lockfiles.
731  */
732 static void
734 {
735  ListCell *l;
736 
737  foreach(l, lock_files)
738  {
739  char *curfile = (char *) lfirst(l);
740 
741  unlink(curfile);
742  /* Should we complain if the unlink fails? */
743  }
744  /* Since we're about to exit, no need to reclaim storage */
745  lock_files = NIL;
746 
747  /*
748  * Lock file removal should always be the last externally visible action
749  * of a postmaster or standalone backend, while we won't come here at all
750  * when exiting postmaster child processes. Therefore, this is a good
751  * place to log completion of shutdown. We could alternatively teach
752  * proc_exit() to do it, but that seems uglier. In a standalone backend,
753  * use NOTICE elevel to be less chatty.
754  */
756  (errmsg("database system is shut down")));
757 }
758 
759 /*
760  * Create a lockfile.
761  *
762  * filename is the path name of the lockfile to create.
763  * amPostmaster is used to determine how to encode the output PID.
764  * socketDir is the Unix socket directory path to include (possibly empty).
765  * isDDLock and refName are used to determine what error message to produce.
766  */
767 static void
768 CreateLockFile(const char *filename, bool amPostmaster,
769  const char *socketDir,
770  bool isDDLock, const char *refName)
771 {
772  int fd;
773  char buffer[MAXPGPATH * 2 + 256];
774  int ntries;
775  int len;
776  int encoded_pid;
777  pid_t other_pid;
778  pid_t my_pid,
779  my_p_pid,
780  my_gp_pid;
781  const char *envvar;
782 
783  /*
784  * If the PID in the lockfile is our own PID or our parent's or
785  * grandparent's PID, then the file must be stale (probably left over from
786  * a previous system boot cycle). We need to check this because of the
787  * likelihood that a reboot will assign exactly the same PID as we had in
788  * the previous reboot, or one that's only one or two counts larger and
789  * hence the lockfile's PID now refers to an ancestor shell process. We
790  * allow pg_ctl to pass down its parent shell PID (our grandparent PID)
791  * via the environment variable PG_GRANDPARENT_PID; this is so that
792  * launching the postmaster via pg_ctl can be just as reliable as
793  * launching it directly. There is no provision for detecting
794  * further-removed ancestor processes, but if the init script is written
795  * carefully then all but the immediate parent shell will be root-owned
796  * processes and so the kill test will fail with EPERM. Note that we
797  * cannot get a false negative this way, because an existing postmaster
798  * would surely never launch a competing postmaster or pg_ctl process
799  * directly.
800  */
801  my_pid = getpid();
802 
803 #ifndef WIN32
804  my_p_pid = getppid();
805 #else
806 
807  /*
808  * Windows hasn't got getppid(), but doesn't need it since it's not using
809  * real kill() either...
810  */
811  my_p_pid = 0;
812 #endif
813 
814  envvar = getenv("PG_GRANDPARENT_PID");
815  if (envvar)
816  my_gp_pid = atoi(envvar);
817  else
818  my_gp_pid = 0;
819 
820  /*
821  * We need a loop here because of race conditions. But don't loop forever
822  * (for example, a non-writable $PGDATA directory might cause a failure
823  * that won't go away). 100 tries seems like plenty.
824  */
825  for (ntries = 0;; ntries++)
826  {
827  /*
828  * Try to create the lock file --- O_EXCL makes this atomic.
829  *
830  * Think not to make the file protection weaker than 0600. See
831  * comments below.
832  */
833  fd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600);
834  if (fd >= 0)
835  break; /* Success; exit the retry loop */
836 
837  /*
838  * Couldn't create the pid file. Probably it already exists.
839  */
840  if ((errno != EEXIST && errno != EACCES) || ntries > 100)
841  ereport(FATAL,
843  errmsg("could not create lock file \"%s\": %m",
844  filename)));
845 
846  /*
847  * Read the file to get the old owner's PID. Note race condition
848  * here: file might have been deleted since we tried to create it.
849  */
850  fd = open(filename, O_RDONLY, 0600);
851  if (fd < 0)
852  {
853  if (errno == ENOENT)
854  continue; /* race condition; try again */
855  ereport(FATAL,
857  errmsg("could not open lock file \"%s\": %m",
858  filename)));
859  }
861  if ((len = read(fd, buffer, sizeof(buffer) - 1)) < 0)
862  ereport(FATAL,
864  errmsg("could not read lock file \"%s\": %m",
865  filename)));
867  close(fd);
868 
869  if (len == 0)
870  {
871  ereport(FATAL,
872  (errcode(ERRCODE_LOCK_FILE_EXISTS),
873  errmsg("lock file \"%s\" is empty", filename),
874  errhint("Either another server is starting, or the lock file is the remnant of a previous server startup crash.")));
875  }
876 
877  buffer[len] = '\0';
878  encoded_pid = atoi(buffer);
879 
880  /* if pid < 0, the pid is for postgres, not postmaster */
881  other_pid = (pid_t) (encoded_pid < 0 ? -encoded_pid : encoded_pid);
882 
883  if (other_pid <= 0)
884  elog(FATAL, "bogus data in lock file \"%s\": \"%s\"",
885  filename, buffer);
886 
887  /*
888  * Check to see if the other process still exists
889  *
890  * Per discussion above, my_pid, my_p_pid, and my_gp_pid can be
891  * ignored as false matches.
892  *
893  * Normally kill() will fail with ESRCH if the given PID doesn't
894  * exist.
895  *
896  * We can treat the EPERM-error case as okay because that error
897  * implies that the existing process has a different userid than we
898  * do, which means it cannot be a competing postmaster. A postmaster
899  * cannot successfully attach to a data directory owned by a userid
900  * other than its own. (This is now checked directly in
901  * checkDataDir(), but has been true for a long time because of the
902  * restriction that the data directory isn't group- or
903  * world-accessible.) Also, since we create the lockfiles mode 600,
904  * we'd have failed above if the lockfile belonged to another userid
905  * --- which means that whatever process kill() is reporting about
906  * isn't the one that made the lockfile. (NOTE: this last
907  * consideration is the only one that keeps us from blowing away a
908  * Unix socket file belonging to an instance of Postgres being run by
909  * someone else, at least on machines where /tmp hasn't got a
910  * stickybit.)
911  */
912  if (other_pid != my_pid && other_pid != my_p_pid &&
913  other_pid != my_gp_pid)
914  {
915  if (kill(other_pid, 0) == 0 ||
916  (errno != ESRCH && errno != EPERM))
917  {
918  /* lockfile belongs to a live process */
919  ereport(FATAL,
920  (errcode(ERRCODE_LOCK_FILE_EXISTS),
921  errmsg("lock file \"%s\" already exists",
922  filename),
923  isDDLock ?
924  (encoded_pid < 0 ?
925  errhint("Is another postgres (PID %d) running in data directory \"%s\"?",
926  (int) other_pid, refName) :
927  errhint("Is another postmaster (PID %d) running in data directory \"%s\"?",
928  (int) other_pid, refName)) :
929  (encoded_pid < 0 ?
930  errhint("Is another postgres (PID %d) using socket file \"%s\"?",
931  (int) other_pid, refName) :
932  errhint("Is another postmaster (PID %d) using socket file \"%s\"?",
933  (int) other_pid, refName))));
934  }
935  }
936 
937  /*
938  * No, the creating process did not exist. However, it could be that
939  * the postmaster crashed (or more likely was kill -9'd by a clueless
940  * admin) but has left orphan backends behind. Check for this by
941  * looking to see if there is an associated shmem segment that is
942  * still in use.
943  *
944  * Note: because postmaster.pid is written in multiple steps, we might
945  * not find the shmem ID values in it; we can't treat that as an
946  * error.
947  */
948  if (isDDLock)
949  {
950  char *ptr = buffer;
951  unsigned long id1,
952  id2;
953  int lineno;
954 
955  for (lineno = 1; lineno < LOCK_FILE_LINE_SHMEM_KEY; lineno++)
956  {
957  if ((ptr = strchr(ptr, '\n')) == NULL)
958  break;
959  ptr++;
960  }
961 
962  if (ptr != NULL &&
963  sscanf(ptr, "%lu %lu", &id1, &id2) == 2)
964  {
965  if (PGSharedMemoryIsInUse(id1, id2))
966  ereport(FATAL,
967  (errcode(ERRCODE_LOCK_FILE_EXISTS),
968  errmsg("pre-existing shared memory block "
969  "(key %lu, ID %lu) is still in use",
970  id1, id2),
971  errhint("If you're sure there are no old "
972  "server processes still running, remove "
973  "the shared memory block "
974  "or just delete the file \"%s\".",
975  filename)));
976  }
977  }
978 
979  /*
980  * Looks like nobody's home. Unlink the file and try again to create
981  * it. Need a loop because of possible race condition against other
982  * would-be creators.
983  */
984  if (unlink(filename) < 0)
985  ereport(FATAL,
987  errmsg("could not remove old lock file \"%s\": %m",
988  filename),
989  errhint("The file seems accidentally left over, but "
990  "it could not be removed. Please remove the file "
991  "by hand and try again.")));
992  }
993 
994  /*
995  * Successfully created the file, now fill it. See comment in miscadmin.h
996  * about the contents. Note that we write the same first five lines into
997  * both datadir and socket lockfiles; although more stuff may get added to
998  * the datadir lockfile later.
999  */
1000  snprintf(buffer, sizeof(buffer), "%d\n%s\n%ld\n%d\n%s\n",
1001  amPostmaster ? (int) my_pid : -((int) my_pid),
1002  DataDir,
1003  (long) MyStartTime,
1005  socketDir);
1006 
1007  /*
1008  * In a standalone backend, the next line (LOCK_FILE_LINE_LISTEN_ADDR)
1009  * will never receive data, so fill it in as empty now.
1010  */
1011  if (isDDLock && !amPostmaster)
1012  strlcat(buffer, "\n", sizeof(buffer));
1013 
1014  errno = 0;
1016  if (write(fd, buffer, strlen(buffer)) != strlen(buffer))
1017  {
1018  int save_errno = errno;
1019 
1020  close(fd);
1021  unlink(filename);
1022  /* if write didn't set errno, assume problem is no disk space */
1023  errno = save_errno ? save_errno : ENOSPC;
1024  ereport(FATAL,
1026  errmsg("could not write lock file \"%s\": %m", filename)));
1027  }
1029 
1031  if (pg_fsync(fd) != 0)
1032  {
1033  int save_errno = errno;
1034 
1035  close(fd);
1036  unlink(filename);
1037  errno = save_errno;
1038  ereport(FATAL,
1040  errmsg("could not write lock file \"%s\": %m", filename)));
1041  }
1043  if (close(fd) != 0)
1044  {
1045  int save_errno = errno;
1046 
1047  unlink(filename);
1048  errno = save_errno;
1049  ereport(FATAL,
1051  errmsg("could not write lock file \"%s\": %m", filename)));
1052  }
1053 
1054  /*
1055  * Arrange to unlink the lock file(s) at proc_exit. If this is the first
1056  * one, set up the on_proc_exit function to do it; then add this lock file
1057  * to the list of files to unlink.
1058  */
1059  if (lock_files == NIL)
1061 
1062  /*
1063  * Use lcons so that the lock files are unlinked in reverse order of
1064  * creation; this is critical!
1065  */
1066  lock_files = lcons(pstrdup(filename), lock_files);
1067 }
1068 
1069 /*
1070  * Create the data directory lockfile.
1071  *
1072  * When this is called, we must have already switched the working
1073  * directory to DataDir, so we can just use a relative path. This
1074  * helps ensure that we are locking the directory we should be.
1075  *
1076  * Note that the socket directory path line is initially written as empty.
1077  * postmaster.c will rewrite it upon creating the first Unix socket.
1078  */
1079 void
1080 CreateDataDirLockFile(bool amPostmaster)
1081 {
1082  CreateLockFile(DIRECTORY_LOCK_FILE, amPostmaster, "", true, DataDir);
1083 }
1084 
1085 /*
1086  * Create a lockfile for the specified Unix socket file.
1087  */
1088 void
1089 CreateSocketLockFile(const char *socketfile, bool amPostmaster,
1090  const char *socketDir)
1091 {
1092  char lockfile[MAXPGPATH];
1093 
1094  snprintf(lockfile, sizeof(lockfile), "%s.lock", socketfile);
1095  CreateLockFile(lockfile, amPostmaster, socketDir, false, socketfile);
1096 }
1097 
1098 /*
1099  * TouchSocketLockFiles -- mark socket lock files as recently accessed
1100  *
1101  * This routine should be called every so often to ensure that the socket
1102  * lock files have a recent mod or access date. That saves them
1103  * from being removed by overenthusiastic /tmp-directory-cleaner daemons.
1104  * (Another reason we should never have put the socket file in /tmp...)
1105  */
1106 void
1108 {
1109  ListCell *l;
1110 
1111  foreach(l, lock_files)
1112  {
1113  char *socketLockFile = (char *) lfirst(l);
1114 
1115  /* No need to touch the data directory lock file, we trust */
1116  if (strcmp(socketLockFile, DIRECTORY_LOCK_FILE) == 0)
1117  continue;
1118 
1119  /*
1120  * utime() is POSIX standard, utimes() is a common alternative; if we
1121  * have neither, fall back to actually reading the file (which only
1122  * sets the access time not mod time, but that should be enough in
1123  * most cases). In all paths, we ignore errors.
1124  */
1125 #ifdef HAVE_UTIME
1126  utime(socketLockFile, NULL);
1127 #else /* !HAVE_UTIME */
1128 #ifdef HAVE_UTIMES
1129  utimes(socketLockFile, NULL);
1130 #else /* !HAVE_UTIMES */
1131  int fd;
1132  char buffer[1];
1133 
1134  fd = open(socketLockFile, O_RDONLY | PG_BINARY, 0);
1135  if (fd >= 0)
1136  {
1137  read(fd, buffer, sizeof(buffer));
1138  close(fd);
1139  }
1140 #endif /* HAVE_UTIMES */
1141 #endif /* HAVE_UTIME */
1142  }
1143 }
1144 
1145 
1146 /*
1147  * Add (or replace) a line in the data directory lock file.
1148  * The given string should not include a trailing newline.
1149  *
1150  * Note: because we don't truncate the file, if we were to rewrite a line
1151  * with less data than it had before, there would be garbage after the last
1152  * line. We don't ever actually do that, so not worth adding another kernel
1153  * call to cover the possibility.
1154  */
1155 void
1156 AddToDataDirLockFile(int target_line, const char *str)
1157 {
1158  int fd;
1159  int len;
1160  int lineno;
1161  char *srcptr;
1162  char *destptr;
1163  char srcbuffer[BLCKSZ];
1164  char destbuffer[BLCKSZ];
1165 
1166  fd = open(DIRECTORY_LOCK_FILE, O_RDWR | PG_BINARY, 0);
1167  if (fd < 0)
1168  {
1169  ereport(LOG,
1171  errmsg("could not open file \"%s\": %m",
1173  return;
1174  }
1176  len = read(fd, srcbuffer, sizeof(srcbuffer) - 1);
1178  if (len < 0)
1179  {
1180  ereport(LOG,
1182  errmsg("could not read from file \"%s\": %m",
1184  close(fd);
1185  return;
1186  }
1187  srcbuffer[len] = '\0';
1188 
1189  /*
1190  * Advance over lines we are not supposed to rewrite, then copy them to
1191  * destbuffer.
1192  */
1193  srcptr = srcbuffer;
1194  for (lineno = 1; lineno < target_line; lineno++)
1195  {
1196  if ((srcptr = strchr(srcptr, '\n')) == NULL)
1197  {
1198  elog(LOG, "incomplete data in \"%s\": found only %d newlines while trying to add line %d",
1199  DIRECTORY_LOCK_FILE, lineno - 1, target_line);
1200  close(fd);
1201  return;
1202  }
1203  srcptr++;
1204  }
1205  memcpy(destbuffer, srcbuffer, srcptr - srcbuffer);
1206  destptr = destbuffer + (srcptr - srcbuffer);
1207 
1208  /*
1209  * Write or rewrite the target line.
1210  */
1211  snprintf(destptr, destbuffer + sizeof(destbuffer) - destptr, "%s\n", str);
1212  destptr += strlen(destptr);
1213 
1214  /*
1215  * If there are more lines in the old file, append them to destbuffer.
1216  */
1217  if ((srcptr = strchr(srcptr, '\n')) != NULL)
1218  {
1219  srcptr++;
1220  snprintf(destptr, destbuffer + sizeof(destbuffer) - destptr, "%s",
1221  srcptr);
1222  }
1223 
1224  /*
1225  * And rewrite the data. Since we write in a single kernel call, this
1226  * update should appear atomic to onlookers.
1227  */
1228  len = strlen(destbuffer);
1229  errno = 0;
1231  if (lseek(fd, (off_t) 0, SEEK_SET) != 0 ||
1232  (int) write(fd, destbuffer, len) != len)
1233  {
1235  /* if write didn't set errno, assume problem is no disk space */
1236  if (errno == 0)
1237  errno = ENOSPC;
1238  ereport(LOG,
1240  errmsg("could not write to file \"%s\": %m",
1242  close(fd);
1243  return;
1244  }
1247  if (pg_fsync(fd) != 0)
1248  {
1249  ereport(LOG,
1251  errmsg("could not write to file \"%s\": %m",
1253  }
1255  if (close(fd) != 0)
1256  {
1257  ereport(LOG,
1259  errmsg("could not write to file \"%s\": %m",
1261  }
1262 }
1263 
1264 
1265 /*
1266  * Recheck that the data directory lock file still exists with expected
1267  * content. Return TRUE if the lock file appears OK, FALSE if it isn't.
1268  *
1269  * We call this periodically in the postmaster. The idea is that if the
1270  * lock file has been removed or replaced by another postmaster, we should
1271  * do a panic database shutdown. Therefore, we should return TRUE if there
1272  * is any doubt: we do not want to cause a panic shutdown unnecessarily.
1273  * Transient failures like EINTR or ENFILE should not cause us to fail.
1274  * (If there really is something wrong, we'll detect it on a future recheck.)
1275  */
1276 bool
1278 {
1279  int fd;
1280  int len;
1281  long file_pid;
1282  char buffer[BLCKSZ];
1283 
1284  fd = open(DIRECTORY_LOCK_FILE, O_RDWR | PG_BINARY, 0);
1285  if (fd < 0)
1286  {
1287  /*
1288  * There are many foreseeable false-positive error conditions. For
1289  * safety, fail only on enumerated clearly-something-is-wrong
1290  * conditions.
1291  */
1292  switch (errno)
1293  {
1294  case ENOENT:
1295  case ENOTDIR:
1296  /* disaster */
1297  ereport(LOG,
1299  errmsg("could not open file \"%s\": %m",
1301  return false;
1302  default:
1303  /* non-fatal, at least for now */
1304  ereport(LOG,
1306  errmsg("could not open file \"%s\": %m; continuing anyway",
1308  return true;
1309  }
1310  }
1312  len = read(fd, buffer, sizeof(buffer) - 1);
1314  if (len < 0)
1315  {
1316  ereport(LOG,
1318  errmsg("could not read from file \"%s\": %m",
1320  close(fd);
1321  return true; /* treat read failure as nonfatal */
1322  }
1323  buffer[len] = '\0';
1324  close(fd);
1325  file_pid = atol(buffer);
1326  if (file_pid == getpid())
1327  return true; /* all is well */
1328 
1329  /* Trouble: someone's overwritten the lock file */
1330  ereport(LOG,
1331  (errmsg("lock file \"%s\" contains wrong PID: %ld instead of %ld",
1332  DIRECTORY_LOCK_FILE, file_pid, (long) getpid())));
1333  return false;
1334 }
1335 
1336 
1337 /*-------------------------------------------------------------------------
1338  * Version checking support
1339  *-------------------------------------------------------------------------
1340  */
1341 
1342 /*
1343  * Determine whether the PG_VERSION file in directory `path' indicates
1344  * a data version compatible with the version of this program.
1345  *
1346  * If compatible, return. Otherwise, ereport(FATAL).
1347  */
1348 void
1349 ValidatePgVersion(const char *path)
1350 {
1351  char full_path[MAXPGPATH];
1352  FILE *file;
1353  int ret;
1354  long file_major;
1355  long my_major;
1356  char *endptr;
1357  char file_version_string[64];
1358  const char *my_version_string = PG_VERSION;
1359 
1360  my_major = strtol(my_version_string, &endptr, 10);
1361 
1362  snprintf(full_path, sizeof(full_path), "%s/PG_VERSION", path);
1363 
1364  file = AllocateFile(full_path, "r");
1365  if (!file)
1366  {
1367  if (errno == ENOENT)
1368  ereport(FATAL,
1369  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1370  errmsg("\"%s\" is not a valid data directory",
1371  path),
1372  errdetail("File \"%s\" is missing.", full_path)));
1373  else
1374  ereport(FATAL,
1376  errmsg("could not open file \"%s\": %m", full_path)));
1377  }
1378 
1379  file_version_string[0] = '\0';
1380  ret = fscanf(file, "%63s", file_version_string);
1381  file_major = strtol(file_version_string, &endptr, 10);
1382 
1383  if (ret != 1 || endptr == file_version_string)
1384  ereport(FATAL,
1385  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1386  errmsg("\"%s\" is not a valid data directory",
1387  path),
1388  errdetail("File \"%s\" does not contain valid data.",
1389  full_path),
1390  errhint("You might need to initdb.")));
1391 
1392  FreeFile(file);
1393 
1394  if (my_major != file_major)
1395  ereport(FATAL,
1396  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1397  errmsg("database files are incompatible with server"),
1398  errdetail("The data directory was initialized by PostgreSQL version %s, "
1399  "which is not compatible with this version %s.",
1400  file_version_string, my_version_string)));
1401 }
1402 
1403 /*-------------------------------------------------------------------------
1404  * Library preload support
1405  *-------------------------------------------------------------------------
1406  */
1407 
1408 /*
1409  * GUC variables: lists of library names to be preloaded at postmaster
1410  * start and at backend start
1411  */
1415 
1416 /* Flag telling that we are loading shared_preload_libraries */
1418 
1419 /*
1420  * load the shared libraries listed in 'libraries'
1421  *
1422  * 'gucname': name of GUC variable, for error reports
1423  * 'restricted': if true, force libraries to be in $libdir/plugins/
1424  */
1425 static void
1426 load_libraries(const char *libraries, const char *gucname, bool restricted)
1427 {
1428  char *rawstring;
1429  List *elemlist;
1430  ListCell *l;
1431 
1432  if (libraries == NULL || libraries[0] == '\0')
1433  return; /* nothing to do */
1434 
1435  /* Need a modifiable copy of string */
1436  rawstring = pstrdup(libraries);
1437 
1438  /* Parse string into list of identifiers */
1439  if (!SplitIdentifierString(rawstring, ',', &elemlist))
1440  {
1441  /* syntax error in list */
1442  pfree(rawstring);
1443  list_free(elemlist);
1444  ereport(LOG,
1445  (errcode(ERRCODE_SYNTAX_ERROR),
1446  errmsg("invalid list syntax in parameter \"%s\"",
1447  gucname)));
1448  return;
1449  }
1450 
1451  foreach(l, elemlist)
1452  {
1453  char *tok = (char *) lfirst(l);
1454  char *filename;
1455 
1456  filename = pstrdup(tok);
1457  canonicalize_path(filename);
1458  /* If restricting, insert $libdir/plugins if not mentioned already */
1459  if (restricted && first_dir_separator(filename) == NULL)
1460  {
1461  char *expanded;
1462 
1463  expanded = psprintf("$libdir/plugins/%s", filename);
1464  pfree(filename);
1465  filename = expanded;
1466  }
1467  load_file(filename, restricted);
1468  ereport(DEBUG1,
1469  (errmsg("loaded library \"%s\"", filename)));
1470  pfree(filename);
1471  }
1472 
1473  pfree(rawstring);
1474  list_free(elemlist);
1475 }
1476 
1477 /*
1478  * process any libraries that should be preloaded at postmaster start
1479  */
1480 void
1482 {
1485  "shared_preload_libraries",
1486  false);
1488 }
1489 
1490 /*
1491  * process any libraries that should be preloaded at backend start
1492  */
1493 void
1495 {
1497  "session_preload_libraries",
1498  false);
1500  "local_preload_libraries",
1501  true);
1502 }
1503 
1504 void
1505 pg_bindtextdomain(const char *domain)
1506 {
1507 #ifdef ENABLE_NLS
1508  if (my_exec_path[0] != '\0')
1509  {
1510  char locale_path[MAXPGPATH];
1511 
1512  get_locale_path(my_exec_path, locale_path);
1513  bindtextdomain(domain, locale_path);
1514  pg_bind_textdomain_codeset(domain);
1515  }
1516 #endif
1517 }
bool InLocalUserIdChange(void)
Definition: miscinit.c:406
char * make_absolute_path(const char *path)
Definition: path.c:608
#define NIL
Definition: pg_list.h:69
void CreateSocketLockFile(const char *socketfile, bool amPostmaster, const char *socketDir)
Definition: miscinit.c:1089
bool IsPostmasterEnvironment
Definition: globals.c:99
static char * argv0
Definition: pg_ctl.c:89
#define DEBUG1
Definition: elog.h:25
int MyProcPid
Definition: globals.c:38
int errhint(const char *fmt,...)
Definition: elog.c:987
#define GETSTRUCT(TUP)
Definition: htup_details.h:656
#define AssertState(condition)
Definition: c.h:678
#define SECURITY_RESTRICTED_OPERATION
Definition: miscadmin.h:292
bool process_shared_preload_libraries_in_progress
Definition: miscinit.c:1417
void InitPostmasterChild(void)
Definition: miscinit.c:175
void SetUserIdAndSecContext(Oid userid, int sec_context)
Definition: miscinit.c:395
void SetDataDir(const char *dir)
Definition: miscinit.c:94
Oid GetUserId(void)
Definition: miscinit.c:283
#define write(a, b, c)
Definition: win32.h:19
void on_proc_exit(pg_on_exit_callback function, Datum arg)
Definition: ipc.c:292
void AddToDataDirLockFile(int target_line, const char *str)
Definition: miscinit.c:1156
PGPROC * MyProc
Definition: proc.c:67
#define PointerGetDatum(X)
Definition: postgres.h:562
static List * lock_files
Definition: miscinit.c:59
static Oid SessionUserId
Definition: miscinit.c:156
char * pstrdup(const char *in)
Definition: mcxt.c:1077
char * psprintf(const char *fmt,...)
Definition: psprintf.c:46
void InitStandaloneProcess(const char *argv0)
Definition: miscinit.c:219
static Oid OuterUserId
Definition: miscinit.c:157
void ValidatePgVersion(const char *path)
Definition: miscinit.c:1349
static void SetOuterUserId(Oid userid)
Definition: miscinit.c:302
pg_time_t MyStartTime
Definition: globals.c:39
char * shared_preload_libraries_string
Definition: miscinit.c:1413
void canonicalize_path(char *path)
Definition: path.c:254
void TouchSocketLockFiles(void)
Definition: miscinit.c:1107
Oid roleId
Definition: proc.h:109
int errcode(int sqlerrcode)
Definition: elog.c:575
void ModifyWaitEvent(WaitEventSet *set, int pos, uint32 events, Latch *latch)
Definition: latch.c:685
bool InNoForceRLSOperation(void)
Definition: miscinit.c:424
#define DIRECTORY_LOCK_FILE
Definition: miscinit.c:54
int snprintf(char *str, size_t count, const char *fmt,...) pg_attribute_printf(3
bool IgnoreSystemIndexes
Definition: miscinit.c:73
static void CreateLockFile(const char *filename, bool amPostmaster, const char *socketDir, bool isDDLock, const char *refName)
Definition: miscinit.c:768
ProcessingMode Mode
Definition: miscinit.c:56
static void load_libraries(const char *libraries, const char *gucname, bool restricted)
Definition: miscinit.c:1426
WaitEventSet * FeBeWaitSet
Definition: pqcomm.c:167
#define LOG
Definition: elog.h:26
unsigned int Oid
Definition: postgres_ext.h:31
#define OidIsValid(objectId)
Definition: c.h:538
static int fd(const char *x, int i)
Definition: preproc-init.c:105
Oid GetSessionUserId(void)
Definition: miscinit.c:317
#define PG_BINARY
Definition: c.h:1038
void get_pkglib_path(const char *my_exec_path, char *ret_path)
Definition: path.c:758
#define SearchSysCache1(cacheId, key1)
Definition: syscache.h:149
Latch procLatch
Definition: proc.h:98
bool IsBackgroundWorker
Definition: globals.c:102
Oid GetCurrentRoleId(void)
Definition: miscinit.c:635
FormData_pg_authid * Form_pg_authid
Definition: pg_authid.h:72
void SwitchBackToLocalLatch(void)
Definition: miscinit.c:264
Oid GetOuterUserId(void)
Definition: miscinit.c:294
void pfree(void *pointer)
Definition: mcxt.c:950
#define ObjectIdGetDatum(X)
Definition: postgres.h:513
#define ERROR
Definition: elog.h:43
void CreateDataDirLockFile(bool amPostmaster)
Definition: miscinit.c:1080
Oid GetAuthenticatedUserId(void)
Definition: miscinit.c:342
int PostPortNumber
Definition: postmaster.c:194
void SetSessionAuthorization(Oid userid, bool is_superuser)
Definition: miscinit.c:610
void on_exit_reset(void)
Definition: ipc.c:396
static Latch LocalLatchData
Definition: miscinit.c:61
#define FATAL
Definition: elog.h:52
#define MAXPGPATH
int find_my_exec(const char *argv0, char *retpath)
Definition: exec.c:119
Definition: latch.h:110
static int SecurityRestrictionContext
Definition: miscinit.c:164
void SetConfigOption(const char *name, const char *value, GucContext context, GucSource source)
Definition: guc.c:6639
bool SplitIdentifierString(char *rawstring, char separator, List **namelist)
Definition: varlena.c:3115
void GetUserIdAndSecContext(Oid *userid, int *sec_context)
Definition: miscinit.c:388
bool IsUnderPostmaster
Definition: globals.c:100
int errdetail(const char *fmt,...)
Definition: elog.c:873
static bool AuthenticatedUserIsSuperuser
Definition: miscinit.c:161
int errcode_for_file_access(void)
Definition: elog.c:598
FILE * AllocateFile(const char *name, const char *mode)
Definition: fd.c:2057
void ChangeToDataDir(void)
Definition: miscinit.c:115
static void pgstat_report_wait_end(void)
Definition: pgstat.h:1203
bool IsAutoVacuumWorkerProcess(void)
Definition: autovacuum.c:2988
int unlink(const char *filename)
#define ereport(elevel, rest)
Definition: elog.h:122
#define AssertArg(condition)
Definition: c.h:677
MemoryContext TopMemoryContext
Definition: mcxt.c:43
void SetDatabasePath(const char *path)
Definition: miscinit.c:82
void GetUserIdAndContext(Oid *userid, bool *sec_def_context)
Definition: miscinit.c:437
char * local_preload_libraries_string
Definition: miscinit.c:1414
char my_exec_path[MAXPGPATH]
Definition: globals.c:63
void process_session_preload_libraries(void)
Definition: miscinit.c:1494
bool RecheckDataDirLockFile(void)
Definition: miscinit.c:1277
uintptr_t Datum
Definition: postgres.h:372
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1081
char * first_dir_separator(const char *filename)
Definition: path.c:103
void InitializeLatchSupport(void)
Definition: latch.c:156
#define SECURITY_LOCAL_USERID_CHANGE
Definition: miscadmin.h:291
void SwitchToSharedLatch(void)
Definition: miscinit.c:245
#define InvalidOid
Definition: postgres_ext.h:36
static bool SetRoleIsActive
Definition: miscinit.c:167
#define LOCK_FILE_LINE_SHMEM_KEY
Definition: miscadmin.h:452
static bool SessionUserIsSuperuser
Definition: miscinit.c:162
#define NOTICE
Definition: elog.h:37
bool is_superuser(void)
Definition: common.c:1996
#define free(a)
Definition: header.h:65
List * lcons(void *datum, List *list)
Definition: list.c:259
char * DatabasePath
Definition: globals.c:84
static Oid CurrentUserId
Definition: miscinit.c:158
void SetLatch(volatile Latch *latch)
Definition: latch.c:379
#define HeapTupleIsValid(tuple)
Definition: htup.h:77
#define NULL
Definition: c.h:229
char * GetUserNameFromId(Oid roleid, bool noerr)
Definition: miscinit.c:691
#define Assert(condition)
Definition: c.h:675
#define lfirst(lc)
Definition: pg_list.h:106
void InitializeSessionUserIdStandalone(void)
Definition: miscinit.c:578
bool InSecurityRestrictedOperation(void)
Definition: miscinit.c:415
void load_file(const char *filename, bool restricted)
Definition: dfmgr.c:133
void InitializeSessionUserId(const char *rolename, Oid roleid)
Definition: miscinit.c:482
static void pgstat_report_wait_start(uint32 wait_event_info)
Definition: pgstat.h:1179
ProcessingMode
Definition: miscadmin.h:356
bool has_rolreplication(Oid roleid)
Definition: miscinit.c:464
#define BOOTSTRAP_SUPERUSERID
Definition: pg_authid.h:104
void InitLatch(volatile Latch *latch)
Definition: latch.c:188
int CountUserBackends(Oid roleid)
Definition: procarray.c:2818
bool PGSharedMemoryIsInUse(unsigned long id1, unsigned long id2)
Definition: sysv_shmem.c:267
int FreeFile(FILE *file)
Definition: fd.c:2240
#define IsBootstrapProcessingMode()
Definition: miscadmin.h:365
static void UnlinkLockFiles(int status, Datum arg)
Definition: miscinit.c:733
static char * filename
Definition: pg_dumpall.c:87
int errmsg(const char *fmt,...)
Definition: elog.c:797
char * MemoryContextStrdup(MemoryContext context, const char *string)
Definition: mcxt.c:1064
void SetCurrentRoleId(Oid roleid, bool is_superuser)
Definition: miscinit.c:656
void list_free(List *list)
Definition: list.c:1133
void pg_bindtextdomain(const char *domain)
Definition: miscinit.c:1505
char * session_preload_libraries_string
Definition: miscinit.c:1412
#define NameStr(name)
Definition: c.h:499
void * arg
char * DataDir
Definition: globals.c:59
struct Latch * MyLatch
Definition: globals.c:51
int pg_fsync(int fd)
Definition: fd.c:333
#define elog
Definition: elog.h:219
void get_locale_path(const char *my_exec_path, char *ret_path)
Definition: path.c:767
#define SECURITY_NOFORCE_RLS
Definition: miscadmin.h:293
#define HeapTupleGetOid(tuple)
Definition: htup_details.h:695
#define close(a)
Definition: win32.h:17
static void static void status(const char *fmt,...) pg_attribute_printf(1
Definition: pg_regress.c:224
void process_shared_preload_libraries(void)
Definition: miscinit.c:1481
Definition: pg_list.h:45
#define WL_LATCH_SET
Definition: latch.h:124
static void SetSessionUserId(Oid userid, bool is_superuser)
Definition: miscinit.c:325
char pkglib_path[MAXPGPATH]
Definition: globals.c:64
static Oid AuthenticatedUserId
Definition: miscinit.c:155
#define read(a, b, c)
Definition: win32.h:18
size_t strlcat(char *dst, const char *src, size_t siz)
Definition: strlcat.c:33
void SetUserIdAndContext(Oid userid, bool sec_def_context)
Definition: miscinit.c:444