PostgreSQL Source Code  git master
pg_ctl.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * pg_ctl --- start/stops/restarts the PostgreSQL server
4  *
5  * Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group
6  *
7  * src/bin/pg_ctl/pg_ctl.c
8  *
9  *-------------------------------------------------------------------------
10  */
11 
12 #include "postgres_fe.h"
13 
14 #include <fcntl.h>
15 #include <signal.h>
16 #include <time.h>
17 #include <sys/stat.h>
18 #include <sys/wait.h>
19 #include <unistd.h>
20 
21 #ifdef HAVE_SYS_RESOURCE_H
22 #include <sys/time.h>
23 #include <sys/resource.h>
24 #endif
25 
26 #include "catalog/pg_control.h"
28 #include "common/file_perm.h"
29 #include "common/logging.h"
30 #include "common/string.h"
31 #include "getopt_long.h"
32 #include "utils/pidfile.h"
33 
34 #ifdef WIN32 /* on Unix, we don't need libpq */
35 #include "pqexpbuffer.h"
36 #endif
37 
38 /* PID can be negative for standalone backend */
39 typedef long pgpid_t;
40 
41 
42 typedef enum
43 {
47 } ShutdownMode;
48 
49 typedef enum
50 {
54 } WaitPMResult;
55 
56 typedef enum
57 {
71 } CtlCommand;
72 
73 #define DEFAULT_WAIT 60
74 
75 #define USEC_PER_SEC 1000000
76 
77 #define WAITS_PER_SEC 10 /* should divide USEC_PER_SEC evenly */
78 
79 static bool do_wait = true;
81 static bool wait_seconds_arg = false;
82 static bool silent_mode = false;
84 static int sig = SIGINT; /* default */
86 static char *pg_data = NULL;
87 static char *pg_config = NULL;
88 static char *pgdata_opt = NULL;
89 static char *post_opts = NULL;
90 static const char *progname;
91 static char *log_file = NULL;
92 static char *exec_path = NULL;
93 static char *event_source = NULL;
94 static char *register_servicename = "PostgreSQL"; /* FIXME: + version ID? */
95 static char *register_username = NULL;
96 static char *register_password = NULL;
97 static char *argv0 = NULL;
98 static bool allow_core_files = false;
99 static time_t start_time;
100 
102 static char version_file[MAXPGPATH];
103 static char pid_file[MAXPGPATH];
104 static char backup_file[MAXPGPATH];
105 static char promote_file[MAXPGPATH];
107 
108 static volatile pgpid_t postmasterPID = -1;
109 
110 #ifdef WIN32
111 static DWORD pgctl_start_type = SERVICE_AUTO_START;
112 static SERVICE_STATUS status;
113 static SERVICE_STATUS_HANDLE hStatus = (SERVICE_STATUS_HANDLE) 0;
114 static HANDLE shutdownHandles[2];
115 
116 #define shutdownEvent shutdownHandles[0]
117 #define postmasterProcess shutdownHandles[1]
118 #endif
119 
120 
121 static void write_stderr(const char *fmt,...) pg_attribute_printf(1, 2);
122 static void do_advice(void);
123 static void do_help(void);
124 static void set_mode(char *modeopt);
125 static void set_sig(char *signame);
126 static void do_init(void);
127 static void do_start(void);
128 static void do_stop(void);
129 static void do_restart(void);
130 static void do_reload(void);
131 static void do_status(void);
132 static void do_promote(void);
133 static void do_logrotate(void);
134 static void do_kill(pgpid_t pid);
135 static void print_msg(const char *msg);
136 static void adjust_data_dir(void);
137 
138 #ifdef WIN32
139 #include <versionhelpers.h>
140 static bool pgwin32_IsInstalled(SC_HANDLE);
141 static char *pgwin32_CommandLine(bool);
142 static void pgwin32_doRegister(void);
143 static void pgwin32_doUnregister(void);
144 static void pgwin32_SetServiceStatus(DWORD);
145 static void WINAPI pgwin32_ServiceHandler(DWORD);
146 static void WINAPI pgwin32_ServiceMain(DWORD, LPTSTR *);
147 static void pgwin32_doRunAsService(void);
148 static int CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, bool as_service);
149 static PTOKEN_PRIVILEGES GetPrivilegesToDelete(HANDLE hToken);
150 #endif
151 
152 static pgpid_t get_pgpid(bool is_status_request);
153 static char **readfile(const char *path, int *numlines);
154 static void free_readfile(char **optlines);
155 static pgpid_t start_postmaster(void);
156 static void read_post_opts(void);
157 
158 static WaitPMResult wait_for_postmaster(pgpid_t pm_pid, bool do_checkpoint);
159 static bool postmaster_is_alive(pid_t pid);
160 
161 #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
162 static void unlimit_core_size(void);
163 #endif
164 
165 static DBState get_control_dbstate(void);
166 
167 
168 #ifdef WIN32
169 static void
170 write_eventlog(int level, const char *line)
171 {
172  static HANDLE evtHandle = INVALID_HANDLE_VALUE;
173 
174  if (silent_mode && level == EVENTLOG_INFORMATION_TYPE)
175  return;
176 
177  if (evtHandle == INVALID_HANDLE_VALUE)
178  {
179  evtHandle = RegisterEventSource(NULL,
181  if (evtHandle == NULL)
182  {
183  evtHandle = INVALID_HANDLE_VALUE;
184  return;
185  }
186  }
187 
188  ReportEvent(evtHandle,
189  level,
190  0,
191  0, /* All events are Id 0 */
192  NULL,
193  1,
194  0,
195  &line,
196  NULL);
197 }
198 #endif
199 
200 /*
201  * Write errors to stderr (or by equal means when stderr is
202  * not available).
203  */
204 static void
205 write_stderr(const char *fmt,...)
206 {
207  va_list ap;
208 
209  va_start(ap, fmt);
210 #ifndef WIN32
211  /* On Unix, we just fprintf to stderr */
212  vfprintf(stderr, fmt, ap);
213 #else
214 
215  /*
216  * On Win32, we print to stderr if running on a console, or write to
217  * eventlog if running as a service
218  */
219  if (pgwin32_is_service()) /* Running as a service */
220  {
221  char errbuf[2048]; /* Arbitrary size? */
222 
223  vsnprintf(errbuf, sizeof(errbuf), fmt, ap);
224 
225  write_eventlog(EVENTLOG_ERROR_TYPE, errbuf);
226  }
227  else
228  /* Not running as service, write to stderr */
229  vfprintf(stderr, fmt, ap);
230 #endif
231  va_end(ap);
232 }
233 
234 /*
235  * Given an already-localized string, print it to stdout unless the
236  * user has specified that no messages should be printed.
237  */
238 static void
239 print_msg(const char *msg)
240 {
241  if (!silent_mode)
242  {
243  fputs(msg, stdout);
244  fflush(stdout);
245  }
246 }
247 
248 static pgpid_t
249 get_pgpid(bool is_status_request)
250 {
251  FILE *pidf;
252  long pid;
253  struct stat statbuf;
254 
255  if (stat(pg_data, &statbuf) != 0)
256  {
257  if (errno == ENOENT)
258  write_stderr(_("%s: directory \"%s\" does not exist\n"), progname,
259  pg_data);
260  else
261  write_stderr(_("%s: could not access directory \"%s\": %s\n"), progname,
262  pg_data, strerror(errno));
263 
264  /*
265  * The Linux Standard Base Core Specification 3.1 says this should
266  * return '4, program or service status is unknown'
267  * https://refspecs.linuxbase.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
268  */
269  exit(is_status_request ? 4 : 1);
270  }
271 
272  if (stat(version_file, &statbuf) != 0 && errno == ENOENT)
273  {
274  write_stderr(_("%s: directory \"%s\" is not a database cluster directory\n"),
275  progname, pg_data);
276  exit(is_status_request ? 4 : 1);
277  }
278 
279  pidf = fopen(pid_file, "r");
280  if (pidf == NULL)
281  {
282  /* No pid file, not an error on startup */
283  if (errno == ENOENT)
284  return 0;
285  else
286  {
287  write_stderr(_("%s: could not open PID file \"%s\": %s\n"),
288  progname, pid_file, strerror(errno));
289  exit(1);
290  }
291  }
292  if (fscanf(pidf, "%ld", &pid) != 1)
293  {
294  /* Is the file empty? */
295  if (ftell(pidf) == 0 && feof(pidf))
296  write_stderr(_("%s: the PID file \"%s\" is empty\n"),
297  progname, pid_file);
298  else
299  write_stderr(_("%s: invalid data in PID file \"%s\"\n"),
300  progname, pid_file);
301  exit(1);
302  }
303  fclose(pidf);
304  return (pgpid_t) pid;
305 }
306 
307 
308 /*
309  * get the lines from a text file - return NULL if file can't be opened
310  *
311  * Trailing newlines are deleted from the lines (this is a change from pre-v10)
312  *
313  * *numlines is set to the number of line pointers returned; there is
314  * also an additional NULL pointer after the last real line.
315  */
316 static char **
317 readfile(const char *path, int *numlines)
318 {
319  int fd;
320  int nlines;
321  char **result;
322  char *buffer;
323  char *linebegin;
324  int i;
325  int n;
326  int len;
327  struct stat statbuf;
328 
329  *numlines = 0; /* in case of failure or empty file */
330 
331  /*
332  * Slurp the file into memory.
333  *
334  * The file can change concurrently, so we read the whole file into memory
335  * with a single read() call. That's not guaranteed to get an atomic
336  * snapshot, but in practice, for a small file, it's close enough for the
337  * current use.
338  */
339  fd = open(path, O_RDONLY | PG_BINARY, 0);
340  if (fd < 0)
341  return NULL;
342  if (fstat(fd, &statbuf) < 0)
343  {
344  close(fd);
345  return NULL;
346  }
347  if (statbuf.st_size == 0)
348  {
349  /* empty file */
350  close(fd);
351  result = (char **) pg_malloc(sizeof(char *));
352  *result = NULL;
353  return result;
354  }
355  buffer = pg_malloc(statbuf.st_size + 1);
356 
357  len = read(fd, buffer, statbuf.st_size + 1);
358  close(fd);
359  if (len != statbuf.st_size)
360  {
361  /* oops, the file size changed between fstat and read */
362  free(buffer);
363  return NULL;
364  }
365 
366  /*
367  * Count newlines. We expect there to be a newline after each full line,
368  * including one at the end of file. If there isn't a newline at the end,
369  * any characters after the last newline will be ignored.
370  */
371  nlines = 0;
372  for (i = 0; i < len; i++)
373  {
374  if (buffer[i] == '\n')
375  nlines++;
376  }
377 
378  /* set up the result buffer */
379  result = (char **) pg_malloc((nlines + 1) * sizeof(char *));
380  *numlines = nlines;
381 
382  /* now split the buffer into lines */
383  linebegin = buffer;
384  n = 0;
385  for (i = 0; i < len; i++)
386  {
387  if (buffer[i] == '\n')
388  {
389  int slen = &buffer[i] - linebegin;
390  char *linebuf = pg_malloc(slen + 1);
391 
392  memcpy(linebuf, linebegin, slen);
393  /* we already dropped the \n, but get rid of any \r too */
394  if (slen > 0 && linebuf[slen - 1] == '\r')
395  slen--;
396  linebuf[slen] = '\0';
397  result[n++] = linebuf;
398  linebegin = &buffer[i + 1];
399  }
400  }
401  result[n] = NULL;
402 
403  free(buffer);
404 
405  return result;
406 }
407 
408 
409 /*
410  * Free memory allocated for optlines through readfile()
411  */
412 static void
413 free_readfile(char **optlines)
414 {
415  char *curr_line = NULL;
416  int i = 0;
417 
418  if (!optlines)
419  return;
420 
421  while ((curr_line = optlines[i++]))
422  free(curr_line);
423 
424  free(optlines);
425 
426  return;
427 }
428 
429 /*
430  * start/test/stop routines
431  */
432 
433 /*
434  * Start the postmaster and return its PID.
435  *
436  * Currently, on Windows what we return is the PID of the shell process
437  * that launched the postmaster (and, we trust, is waiting for it to exit).
438  * So the PID is usable for "is the postmaster still running" checks,
439  * but cannot be compared directly to postmaster.pid.
440  *
441  * On Windows, we also save aside a handle to the shell process in
442  * "postmasterProcess", which the caller should close when done with it.
443  */
444 static pgpid_t
446 {
447  char cmd[MAXPGPATH];
448 
449 #ifndef WIN32
450  pgpid_t pm_pid;
451 
452  /* Flush stdio channels just before fork, to avoid double-output problems */
453  fflush(stdout);
454  fflush(stderr);
455 
456  pm_pid = fork();
457  if (pm_pid < 0)
458  {
459  /* fork failed */
460  write_stderr(_("%s: could not start server: %s\n"),
461  progname, strerror(errno));
462  exit(1);
463  }
464  if (pm_pid > 0)
465  {
466  /* fork succeeded, in parent */
467  return pm_pid;
468  }
469 
470  /* fork succeeded, in child */
471 
472  /*
473  * If possible, detach the postmaster process from the launching process
474  * group and make it a group leader, so that it doesn't get signaled along
475  * with the current group that launched it.
476  */
477 #ifdef HAVE_SETSID
478  if (setsid() < 0)
479  {
480  write_stderr(_("%s: could not start server due to setsid() failure: %s\n"),
481  progname, strerror(errno));
482  exit(1);
483  }
484 #endif
485 
486  /*
487  * Since there might be quotes to handle here, it is easier simply to pass
488  * everything to a shell to process them. Use exec so that the postmaster
489  * has the same PID as the current child process.
490  */
491  if (log_file != NULL)
492  snprintf(cmd, MAXPGPATH, "exec \"%s\" %s%s < \"%s\" >> \"%s\" 2>&1",
494  DEVNULL, log_file);
495  else
496  snprintf(cmd, MAXPGPATH, "exec \"%s\" %s%s < \"%s\" 2>&1",
498 
499  (void) execl("/bin/sh", "/bin/sh", "-c", cmd, (char *) NULL);
500 
501  /* exec failed */
502  write_stderr(_("%s: could not start server: %s\n"),
503  progname, strerror(errno));
504  exit(1);
505 
506  return 0; /* keep dumb compilers quiet */
507 
508 #else /* WIN32 */
509 
510  /*
511  * As with the Unix case, it's easiest to use the shell (CMD.EXE) to
512  * handle redirection etc. Unfortunately CMD.EXE lacks any equivalent of
513  * "exec", so we don't get to find out the postmaster's PID immediately.
514  */
515  PROCESS_INFORMATION pi;
516 
517  if (log_file != NULL)
518  snprintf(cmd, MAXPGPATH, "CMD /C \"\"%s\" %s%s < \"%s\" >> \"%s\" 2>&1\"",
520  else
521  snprintf(cmd, MAXPGPATH, "CMD /C \"\"%s\" %s%s < \"%s\" 2>&1\"",
523 
524  if (!CreateRestrictedProcess(cmd, &pi, false))
525  {
526  write_stderr(_("%s: could not start server: error code %lu\n"),
527  progname, (unsigned long) GetLastError());
528  exit(1);
529  }
530  /* Don't close command process handle here; caller must do so */
531  postmasterProcess = pi.hProcess;
532  CloseHandle(pi.hThread);
533  return pi.dwProcessId; /* Shell's PID, not postmaster's! */
534 #endif /* WIN32 */
535 }
536 
537 
538 
539 /*
540  * Wait for the postmaster to become ready.
541  *
542  * On Unix, pm_pid is the PID of the just-launched postmaster. On Windows,
543  * it may be the PID of an ancestor shell process, so we can't check the
544  * contents of postmaster.pid quite as carefully.
545  *
546  * On Windows, the static variable postmasterProcess is an implicit argument
547  * to this routine; it contains a handle to the postmaster process or an
548  * ancestor shell process thereof.
549  *
550  * Note that the checkpoint parameter enables a Windows service control
551  * manager checkpoint, it's got nothing to do with database checkpoints!!
552  */
553 static WaitPMResult
554 wait_for_postmaster(pgpid_t pm_pid, bool do_checkpoint)
555 {
556  int i;
557 
558  for (i = 0; i < wait_seconds * WAITS_PER_SEC; i++)
559  {
560  char **optlines;
561  int numlines;
562 
563  /*
564  * Try to read the postmaster.pid file. If it's not valid, or if the
565  * status line isn't there yet, just keep waiting.
566  */
567  if ((optlines = readfile(pid_file, &numlines)) != NULL &&
568  numlines >= LOCK_FILE_LINE_PM_STATUS)
569  {
570  /* File is complete enough for us, parse it */
571  pgpid_t pmpid;
572  time_t pmstart;
573 
574  /*
575  * Make sanity checks. If it's for the wrong PID, or the recorded
576  * start time is before pg_ctl started, then either we are looking
577  * at the wrong data directory, or this is a pre-existing pidfile
578  * that hasn't (yet?) been overwritten by our child postmaster.
579  * Allow 2 seconds slop for possible cross-process clock skew.
580  */
581  pmpid = atol(optlines[LOCK_FILE_LINE_PID - 1]);
582  pmstart = atol(optlines[LOCK_FILE_LINE_START_TIME - 1]);
583  if (pmstart >= start_time - 2 &&
584 #ifndef WIN32
585  pmpid == pm_pid
586 #else
587  /* Windows can only reject standalone-backend PIDs */
588  pmpid > 0
589 #endif
590  )
591  {
592  /*
593  * OK, seems to be a valid pidfile from our child. Check the
594  * status line (this assumes a v10 or later server).
595  */
596  char *pmstatus = optlines[LOCK_FILE_LINE_PM_STATUS - 1];
597 
598  if (strcmp(pmstatus, PM_STATUS_READY) == 0 ||
599  strcmp(pmstatus, PM_STATUS_STANDBY) == 0)
600  {
601  /* postmaster is done starting up */
602  free_readfile(optlines);
603  return POSTMASTER_READY;
604  }
605  }
606  }
607 
608  /*
609  * Free the results of readfile.
610  *
611  * This is safe to call even if optlines is NULL.
612  */
613  free_readfile(optlines);
614 
615  /*
616  * Check whether the child postmaster process is still alive. This
617  * lets us exit early if the postmaster fails during startup.
618  *
619  * On Windows, we may be checking the postmaster's parent shell, but
620  * that's fine for this purpose.
621  */
622 #ifndef WIN32
623  {
624  int exitstatus;
625 
626  if (waitpid((pid_t) pm_pid, &exitstatus, WNOHANG) == (pid_t) pm_pid)
627  return POSTMASTER_FAILED;
628  }
629 #else
630  if (WaitForSingleObject(postmasterProcess, 0) == WAIT_OBJECT_0)
631  return POSTMASTER_FAILED;
632 #endif
633 
634  /* Startup still in process; wait, printing a dot once per second */
635  if (i % WAITS_PER_SEC == 0)
636  {
637 #ifdef WIN32
638  if (do_checkpoint)
639  {
640  /*
641  * Increment the wait hint by 6 secs (connection timeout +
642  * sleep). We must do this to indicate to the SCM that our
643  * startup time is changing, otherwise it'll usually send a
644  * stop signal after 20 seconds, despite incrementing the
645  * checkpoint counter.
646  */
647  status.dwWaitHint += 6000;
648  status.dwCheckPoint++;
649  SetServiceStatus(hStatus, (LPSERVICE_STATUS) &status);
650  }
651  else
652 #endif
653  print_msg(".");
654  }
655 
656  pg_usleep(USEC_PER_SEC / WAITS_PER_SEC);
657  }
658 
659  /* out of patience; report that postmaster is still starting up */
661 }
662 
663 
664 #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
665 static void
666 unlimit_core_size(void)
667 {
668  struct rlimit lim;
669 
670  getrlimit(RLIMIT_CORE, &lim);
671  if (lim.rlim_max == 0)
672  {
673  write_stderr(_("%s: cannot set core file size limit; disallowed by hard limit\n"),
674  progname);
675  return;
676  }
677  else if (lim.rlim_max == RLIM_INFINITY || lim.rlim_cur < lim.rlim_max)
678  {
679  lim.rlim_cur = lim.rlim_max;
680  setrlimit(RLIMIT_CORE, &lim);
681  }
682 }
683 #endif
684 
685 static void
687 {
688  if (post_opts == NULL)
689  {
690  post_opts = ""; /* default */
692  {
693  char **optlines;
694  int numlines;
695 
696  optlines = readfile(postopts_file, &numlines);
697  if (optlines == NULL)
698  {
699  write_stderr(_("%s: could not read file \"%s\"\n"), progname, postopts_file);
700  exit(1);
701  }
702  else if (numlines != 1)
703  {
704  write_stderr(_("%s: option file \"%s\" must have exactly one line\n"),
706  exit(1);
707  }
708  else
709  {
710  char *optline;
711  char *arg1;
712 
713  optline = optlines[0];
714 
715  /*
716  * Are we at the first option, as defined by space and
717  * double-quote?
718  */
719  if ((arg1 = strstr(optline, " \"")) != NULL)
720  {
721  *arg1 = '\0'; /* terminate so we get only program name */
722  post_opts = pg_strdup(arg1 + 1); /* point past whitespace */
723  }
724  if (exec_path == NULL)
725  exec_path = pg_strdup(optline);
726  }
727 
728  /* Free the results of readfile. */
729  free_readfile(optlines);
730  }
731  }
732 }
733 
734 /*
735  * SIGINT signal handler used while waiting for postmaster to start up.
736  * Forwards the SIGINT to the postmaster process, asking it to shut down,
737  * before terminating pg_ctl itself. This way, if the user hits CTRL-C while
738  * waiting for the server to start up, the server launch is aborted.
739  */
740 static void
742 {
743  if (postmasterPID != -1)
744  {
745  if (kill(postmasterPID, SIGINT) != 0)
746  write_stderr(_("%s: could not send stop signal (PID: %ld): %s\n"),
748  }
749 
750  /*
751  * Clear the signal handler, and send the signal again, to terminate the
752  * process as normal.
753  */
754  pqsignal(SIGINT, SIG_DFL);
755  raise(SIGINT);
756 }
757 
758 static char *
759 find_other_exec_or_die(const char *argv0, const char *target, const char *versionstr)
760 {
761  int ret;
762  char *found_path;
763 
764  found_path = pg_malloc(MAXPGPATH);
765 
766  if ((ret = find_other_exec(argv0, target, versionstr, found_path)) < 0)
767  {
768  char full_path[MAXPGPATH];
769 
770  if (find_my_exec(argv0, full_path) < 0)
771  strlcpy(full_path, progname, sizeof(full_path));
772 
773  if (ret == -1)
774  write_stderr(_("The program \"%s\" is needed by %s "
775  "but was not found in the\n"
776  "same directory as \"%s\".\n"
777  "Check your installation.\n"),
778  target, progname, full_path);
779  else
780  write_stderr(_("The program \"%s\" was found by \"%s\"\n"
781  "but was not the same version as %s.\n"
782  "Check your installation.\n"),
783  target, full_path, progname);
784  exit(1);
785  }
786 
787  return found_path;
788 }
789 
790 static void
791 do_init(void)
792 {
793  char cmd[MAXPGPATH];
794 
795  if (exec_path == NULL)
796  exec_path = find_other_exec_or_die(argv0, "initdb", "initdb (PostgreSQL) " PG_VERSION "\n");
797 
798  if (pgdata_opt == NULL)
799  pgdata_opt = "";
800 
801  if (post_opts == NULL)
802  post_opts = "";
803 
804  if (!silent_mode)
805  snprintf(cmd, MAXPGPATH, "\"%s\" %s%s",
807  else
808  snprintf(cmd, MAXPGPATH, "\"%s\" %s%s > \"%s\"",
810 
811  if (system(cmd) != 0)
812  {
813  write_stderr(_("%s: database system initialization failed\n"), progname);
814  exit(1);
815  }
816 }
817 
818 static void
819 do_start(void)
820 {
821  pgpid_t old_pid = 0;
822  pgpid_t pm_pid;
823 
825  {
826  old_pid = get_pgpid(false);
827  if (old_pid != 0)
828  write_stderr(_("%s: another server might be running; "
829  "trying to start server anyway\n"),
830  progname);
831  }
832 
833  read_post_opts();
834 
835  /* No -D or -D already added during server start */
836  if (ctl_command == RESTART_COMMAND || pgdata_opt == NULL)
837  pgdata_opt = "";
838 
839  if (exec_path == NULL)
841 
842 #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
843  if (allow_core_files)
844  unlimit_core_size();
845 #endif
846 
847  /*
848  * If possible, tell the postmaster our parent shell's PID (see the
849  * comments in CreateLockFile() for motivation). Windows hasn't got
850  * getppid() unfortunately.
851  */
852 #ifndef WIN32
853  {
854  static char env_var[32];
855 
856  snprintf(env_var, sizeof(env_var), "PG_GRANDPARENT_PID=%d",
857  (int) getppid());
858  putenv(env_var);
859  }
860 #endif
861 
862  pm_pid = start_postmaster();
863 
864  if (do_wait)
865  {
866  /*
867  * If the user interrupts the startup (e.g. with CTRL-C), we'd like to
868  * abort the server launch. Install a signal handler that will
869  * forward SIGINT to the postmaster process, while we wait.
870  *
871  * (We don't bother to reset the signal handler after the launch, as
872  * we're about to exit, anyway.)
873  */
874  postmasterPID = pm_pid;
876 
877  print_msg(_("waiting for server to start..."));
878 
879  switch (wait_for_postmaster(pm_pid, false))
880  {
881  case POSTMASTER_READY:
882  print_msg(_(" done\n"));
883  print_msg(_("server started\n"));
884  break;
886  print_msg(_(" stopped waiting\n"));
887  write_stderr(_("%s: server did not start in time\n"),
888  progname);
889  exit(1);
890  break;
891  case POSTMASTER_FAILED:
892  print_msg(_(" stopped waiting\n"));
893  write_stderr(_("%s: could not start server\n"
894  "Examine the log output.\n"),
895  progname);
896  exit(1);
897  break;
898  }
899  }
900  else
901  print_msg(_("server starting\n"));
902 
903 #ifdef WIN32
904  /* Now we don't need the handle to the shell process anymore */
905  CloseHandle(postmasterProcess);
906  postmasterProcess = INVALID_HANDLE_VALUE;
907 #endif
908 }
909 
910 
911 static void
912 do_stop(void)
913 {
914  int cnt;
915  pgpid_t pid;
916  struct stat statbuf;
917 
918  pid = get_pgpid(false);
919 
920  if (pid == 0) /* no pid file */
921  {
922  write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
923  write_stderr(_("Is server running?\n"));
924  exit(1);
925  }
926  else if (pid < 0) /* standalone backend, not postmaster */
927  {
928  pid = -pid;
929  write_stderr(_("%s: cannot stop server; "
930  "single-user server is running (PID: %ld)\n"),
931  progname, pid);
932  exit(1);
933  }
934 
935  if (kill((pid_t) pid, sig) != 0)
936  {
937  write_stderr(_("%s: could not send stop signal (PID: %ld): %s\n"), progname, pid,
938  strerror(errno));
939  exit(1);
940  }
941 
942  if (!do_wait)
943  {
944  print_msg(_("server shutting down\n"));
945  return;
946  }
947  else
948  {
949  /*
950  * If backup_label exists, an online backup is running. Warn the user
951  * that smart shutdown will wait for it to finish. However, if the
952  * server is in archive recovery, we're recovering from an online
953  * backup instead of performing one.
954  */
955  if (shutdown_mode == SMART_MODE &&
956  stat(backup_file, &statbuf) == 0 &&
958  {
959  print_msg(_("WARNING: online backup mode is active\n"
960  "Shutdown will not complete until pg_stop_backup() is called.\n\n"));
961  }
962 
963  print_msg(_("waiting for server to shut down..."));
964 
965  for (cnt = 0; cnt < wait_seconds * WAITS_PER_SEC; cnt++)
966  {
967  if ((pid = get_pgpid(false)) != 0)
968  {
969  if (cnt % WAITS_PER_SEC == 0)
970  print_msg(".");
971  pg_usleep(USEC_PER_SEC / WAITS_PER_SEC);
972  }
973  else
974  break;
975  }
976 
977  if (pid != 0) /* pid file still exists */
978  {
979  print_msg(_(" failed\n"));
980 
981  write_stderr(_("%s: server does not shut down\n"), progname);
982  if (shutdown_mode == SMART_MODE)
983  write_stderr(_("HINT: The \"-m fast\" option immediately disconnects sessions rather than\n"
984  "waiting for session-initiated disconnection.\n"));
985  exit(1);
986  }
987  print_msg(_(" done\n"));
988 
989  print_msg(_("server stopped\n"));
990  }
991 }
992 
993 
994 /*
995  * restart/reload routines
996  */
997 
998 static void
1000 {
1001  int cnt;
1002  pgpid_t pid;
1003  struct stat statbuf;
1004 
1005  pid = get_pgpid(false);
1006 
1007  if (pid == 0) /* no pid file */
1008  {
1009  write_stderr(_("%s: PID file \"%s\" does not exist\n"),
1010  progname, pid_file);
1011  write_stderr(_("Is server running?\n"));
1012  write_stderr(_("trying to start server anyway\n"));
1013  do_start();
1014  return;
1015  }
1016  else if (pid < 0) /* standalone backend, not postmaster */
1017  {
1018  pid = -pid;
1019  if (postmaster_is_alive((pid_t) pid))
1020  {
1021  write_stderr(_("%s: cannot restart server; "
1022  "single-user server is running (PID: %ld)\n"),
1023  progname, pid);
1024  write_stderr(_("Please terminate the single-user server and try again.\n"));
1025  exit(1);
1026  }
1027  }
1028 
1029  if (postmaster_is_alive((pid_t) pid))
1030  {
1031  if (kill((pid_t) pid, sig) != 0)
1032  {
1033  write_stderr(_("%s: could not send stop signal (PID: %ld): %s\n"), progname, pid,
1034  strerror(errno));
1035  exit(1);
1036  }
1037 
1038  /*
1039  * If backup_label exists, an online backup is running. Warn the user
1040  * that smart shutdown will wait for it to finish. However, if the
1041  * server is in archive recovery, we're recovering from an online
1042  * backup instead of performing one.
1043  */
1044  if (shutdown_mode == SMART_MODE &&
1045  stat(backup_file, &statbuf) == 0 &&
1047  {
1048  print_msg(_("WARNING: online backup mode is active\n"
1049  "Shutdown will not complete until pg_stop_backup() is called.\n\n"));
1050  }
1051 
1052  print_msg(_("waiting for server to shut down..."));
1053 
1054  /* always wait for restart */
1055 
1056  for (cnt = 0; cnt < wait_seconds * WAITS_PER_SEC; cnt++)
1057  {
1058  if ((pid = get_pgpid(false)) != 0)
1059  {
1060  if (cnt % WAITS_PER_SEC == 0)
1061  print_msg(".");
1062  pg_usleep(USEC_PER_SEC / WAITS_PER_SEC);
1063  }
1064  else
1065  break;
1066  }
1067 
1068  if (pid != 0) /* pid file still exists */
1069  {
1070  print_msg(_(" failed\n"));
1071 
1072  write_stderr(_("%s: server does not shut down\n"), progname);
1073  if (shutdown_mode == SMART_MODE)
1074  write_stderr(_("HINT: The \"-m fast\" option immediately disconnects sessions rather than\n"
1075  "waiting for session-initiated disconnection.\n"));
1076  exit(1);
1077  }
1078 
1079  print_msg(_(" done\n"));
1080  print_msg(_("server stopped\n"));
1081  }
1082  else
1083  {
1084  write_stderr(_("%s: old server process (PID: %ld) seems to be gone\n"),
1085  progname, pid);
1086  write_stderr(_("starting server anyway\n"));
1087  }
1088 
1089  do_start();
1090 }
1091 
1092 static void
1094 {
1095  pgpid_t pid;
1096 
1097  pid = get_pgpid(false);
1098  if (pid == 0) /* no pid file */
1099  {
1100  write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
1101  write_stderr(_("Is server running?\n"));
1102  exit(1);
1103  }
1104  else if (pid < 0) /* standalone backend, not postmaster */
1105  {
1106  pid = -pid;
1107  write_stderr(_("%s: cannot reload server; "
1108  "single-user server is running (PID: %ld)\n"),
1109  progname, pid);
1110  write_stderr(_("Please terminate the single-user server and try again.\n"));
1111  exit(1);
1112  }
1113 
1114  if (kill((pid_t) pid, sig) != 0)
1115  {
1116  write_stderr(_("%s: could not send reload signal (PID: %ld): %s\n"),
1117  progname, pid, strerror(errno));
1118  exit(1);
1119  }
1120 
1121  print_msg(_("server signaled\n"));
1122 }
1123 
1124 
1125 /*
1126  * promote
1127  */
1128 
1129 static void
1131 {
1132  FILE *prmfile;
1133  pgpid_t pid;
1134 
1135  pid = get_pgpid(false);
1136 
1137  if (pid == 0) /* no pid file */
1138  {
1139  write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
1140  write_stderr(_("Is server running?\n"));
1141  exit(1);
1142  }
1143  else if (pid < 0) /* standalone backend, not postmaster */
1144  {
1145  pid = -pid;
1146  write_stderr(_("%s: cannot promote server; "
1147  "single-user server is running (PID: %ld)\n"),
1148  progname, pid);
1149  exit(1);
1150  }
1151 
1153  {
1154  write_stderr(_("%s: cannot promote server; "
1155  "server is not in standby mode\n"),
1156  progname);
1157  exit(1);
1158  }
1159 
1160  /*
1161  * For 9.3 onwards, "fast" promotion is performed. Promotion with a full
1162  * checkpoint is still possible by writing a file called
1163  * "fallback_promote" instead of "promote"
1164  */
1165  snprintf(promote_file, MAXPGPATH, "%s/promote", pg_data);
1166 
1167  if ((prmfile = fopen(promote_file, "w")) == NULL)
1168  {
1169  write_stderr(_("%s: could not create promote signal file \"%s\": %s\n"),
1170  progname, promote_file, strerror(errno));
1171  exit(1);
1172  }
1173  if (fclose(prmfile))
1174  {
1175  write_stderr(_("%s: could not write promote signal file \"%s\": %s\n"),
1176  progname, promote_file, strerror(errno));
1177  exit(1);
1178  }
1179 
1180  sig = SIGUSR1;
1181  if (kill((pid_t) pid, sig) != 0)
1182  {
1183  write_stderr(_("%s: could not send promote signal (PID: %ld): %s\n"),
1184  progname, pid, strerror(errno));
1185  if (unlink(promote_file) != 0)
1186  write_stderr(_("%s: could not remove promote signal file \"%s\": %s\n"),
1187  progname, promote_file, strerror(errno));
1188  exit(1);
1189  }
1190 
1191  if (do_wait)
1192  {
1194  int cnt;
1195 
1196  print_msg(_("waiting for server to promote..."));
1197  for (cnt = 0; cnt < wait_seconds * WAITS_PER_SEC; cnt++)
1198  {
1199  state = get_control_dbstate();
1200  if (state == DB_IN_PRODUCTION)
1201  break;
1202 
1203  if (cnt % WAITS_PER_SEC == 0)
1204  print_msg(".");
1205  pg_usleep(USEC_PER_SEC / WAITS_PER_SEC);
1206  }
1207  if (state == DB_IN_PRODUCTION)
1208  {
1209  print_msg(_(" done\n"));
1210  print_msg(_("server promoted\n"));
1211  }
1212  else
1213  {
1214  print_msg(_(" stopped waiting\n"));
1215  write_stderr(_("%s: server did not promote in time\n"),
1216  progname);
1217  exit(1);
1218  }
1219  }
1220  else
1221  print_msg(_("server promoting\n"));
1222 }
1223 
1224 /*
1225  * log rotate
1226  */
1227 
1228 static void
1230 {
1231  FILE *logrotatefile;
1232  pgpid_t pid;
1233 
1234  pid = get_pgpid(false);
1235 
1236  if (pid == 0) /* no pid file */
1237  {
1238  write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
1239  write_stderr(_("Is server running?\n"));
1240  exit(1);
1241  }
1242  else if (pid < 0) /* standalone backend, not postmaster */
1243  {
1244  pid = -pid;
1245  write_stderr(_("%s: cannot rotate log file; "
1246  "single-user server is running (PID: %ld)\n"),
1247  progname, pid);
1248  exit(1);
1249  }
1250 
1251  snprintf(logrotate_file, MAXPGPATH, "%s/logrotate", pg_data);
1252 
1253  if ((logrotatefile = fopen(logrotate_file, "w")) == NULL)
1254  {
1255  write_stderr(_("%s: could not create log rotation signal file \"%s\": %s\n"),
1256  progname, logrotate_file, strerror(errno));
1257  exit(1);
1258  }
1259  if (fclose(logrotatefile))
1260  {
1261  write_stderr(_("%s: could not write log rotation signal file \"%s\": %s\n"),
1262  progname, logrotate_file, strerror(errno));
1263  exit(1);
1264  }
1265 
1266  sig = SIGUSR1;
1267  if (kill((pid_t) pid, sig) != 0)
1268  {
1269  write_stderr(_("%s: could not send log rotation signal (PID: %ld): %s\n"),
1270  progname, pid, strerror(errno));
1271  if (unlink(logrotate_file) != 0)
1272  write_stderr(_("%s: could not remove log rotation signal file \"%s\": %s\n"),
1273  progname, logrotate_file, strerror(errno));
1274  exit(1);
1275  }
1276 
1277  print_msg(_("server signaled to rotate log file\n"));
1278 }
1279 
1280 
1281 /*
1282  * utility routines
1283  */
1284 
1285 static bool
1287 {
1288  /*
1289  * Test to see if the process is still there. Note that we do not
1290  * consider an EPERM failure to mean that the process is still there;
1291  * EPERM must mean that the given PID belongs to some other userid, and
1292  * considering the permissions on $PGDATA, that means it's not the
1293  * postmaster we are after.
1294  *
1295  * Don't believe that our own PID or parent shell's PID is the postmaster,
1296  * either. (Windows hasn't got getppid(), though.)
1297  */
1298  if (pid == getpid())
1299  return false;
1300 #ifndef WIN32
1301  if (pid == getppid())
1302  return false;
1303 #endif
1304  if (kill(pid, 0) == 0)
1305  return true;
1306  return false;
1307 }
1308 
1309 static void
1311 {
1312  pgpid_t pid;
1313 
1314  pid = get_pgpid(true);
1315  /* Is there a pid file? */
1316  if (pid != 0)
1317  {
1318  /* standalone backend? */
1319  if (pid < 0)
1320  {
1321  pid = -pid;
1322  if (postmaster_is_alive((pid_t) pid))
1323  {
1324  printf(_("%s: single-user server is running (PID: %ld)\n"),
1325  progname, pid);
1326  return;
1327  }
1328  }
1329  else
1330  /* must be a postmaster */
1331  {
1332  if (postmaster_is_alive((pid_t) pid))
1333  {
1334  char **optlines;
1335  char **curr_line;
1336  int numlines;
1337 
1338  printf(_("%s: server is running (PID: %ld)\n"),
1339  progname, pid);
1340 
1341  optlines = readfile(postopts_file, &numlines);
1342  if (optlines != NULL)
1343  {
1344  for (curr_line = optlines; *curr_line != NULL; curr_line++)
1345  puts(*curr_line);
1346 
1347  /* Free the results of readfile */
1348  free_readfile(optlines);
1349  }
1350  return;
1351  }
1352  }
1353  }
1354  printf(_("%s: no server running\n"), progname);
1355 
1356  /*
1357  * The Linux Standard Base Core Specification 3.1 says this should return
1358  * '3, program is not running'
1359  * https://refspecs.linuxbase.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
1360  */
1361  exit(3);
1362 }
1363 
1364 
1365 
1366 static void
1368 {
1369  if (kill((pid_t) pid, sig) != 0)
1370  {
1371  write_stderr(_("%s: could not send signal %d (PID: %ld): %s\n"),
1372  progname, sig, pid, strerror(errno));
1373  exit(1);
1374  }
1375 }
1376 
1377 #ifdef WIN32
1378 
1379 static bool
1380 pgwin32_IsInstalled(SC_HANDLE hSCM)
1381 {
1382  SC_HANDLE hService = OpenService(hSCM, register_servicename, SERVICE_QUERY_CONFIG);
1383  bool bResult = (hService != NULL);
1384 
1385  if (bResult)
1386  CloseServiceHandle(hService);
1387  return bResult;
1388 }
1389 
1390 static char *
1391 pgwin32_CommandLine(bool registration)
1392 {
1393  PQExpBuffer cmdLine = createPQExpBuffer();
1394  char cmdPath[MAXPGPATH];
1395  int ret;
1396 
1397  if (registration)
1398  {
1399  ret = find_my_exec(argv0, cmdPath);
1400  if (ret != 0)
1401  {
1402  write_stderr(_("%s: could not find own program executable\n"), progname);
1403  exit(1);
1404  }
1405  }
1406  else
1407  {
1408  ret = find_other_exec(argv0, "postgres", PG_BACKEND_VERSIONSTR,
1409  cmdPath);
1410  if (ret != 0)
1411  {
1412  write_stderr(_("%s: could not find postgres program executable\n"), progname);
1413  exit(1);
1414  }
1415  }
1416 
1417  /* if path does not end in .exe, append it */
1418  if (strlen(cmdPath) < 4 ||
1419  pg_strcasecmp(cmdPath + strlen(cmdPath) - 4, ".exe") != 0)
1420  snprintf(cmdPath + strlen(cmdPath), sizeof(cmdPath) - strlen(cmdPath),
1421  ".exe");
1422 
1423  /* use backslashes in path to avoid problems with some third-party tools */
1424  make_native_path(cmdPath);
1425 
1426  /* be sure to double-quote the executable's name in the command */
1427  appendPQExpBuffer(cmdLine, "\"%s\"", cmdPath);
1428 
1429  /* append assorted switches to the command line, as needed */
1430 
1431  if (registration)
1432  appendPQExpBuffer(cmdLine, " runservice -N \"%s\"",
1434 
1435  if (pg_config)
1436  {
1437  /* We need the -D path to be absolute */
1438  char *dataDir;
1439 
1440  if ((dataDir = make_absolute_path(pg_config)) == NULL)
1441  {
1442  /* make_absolute_path already reported the error */
1443  exit(1);
1444  }
1445  make_native_path(dataDir);
1446  appendPQExpBuffer(cmdLine, " -D \"%s\"", dataDir);
1447  free(dataDir);
1448  }
1449 
1450  if (registration && event_source != NULL)
1451  appendPQExpBuffer(cmdLine, " -e \"%s\"", event_source);
1452 
1453  if (registration && do_wait)
1454  appendPQExpBufferStr(cmdLine, " -w");
1455 
1456  /* Don't propagate a value from an environment variable. */
1457  if (registration && wait_seconds_arg && wait_seconds != DEFAULT_WAIT)
1458  appendPQExpBuffer(cmdLine, " -t %d", wait_seconds);
1459 
1460  if (registration && silent_mode)
1461  appendPQExpBufferStr(cmdLine, " -s");
1462 
1463  if (post_opts)
1464  {
1465  if (registration)
1466  appendPQExpBuffer(cmdLine, " -o \"%s\"", post_opts);
1467  else
1468  appendPQExpBuffer(cmdLine, " %s", post_opts);
1469  }
1470 
1471  return cmdLine->data;
1472 }
1473 
1474 static void
1475 pgwin32_doRegister(void)
1476 {
1477  SC_HANDLE hService;
1478  SC_HANDLE hSCM = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
1479 
1480  if (hSCM == NULL)
1481  {
1482  write_stderr(_("%s: could not open service manager\n"), progname);
1483  exit(1);
1484  }
1485  if (pgwin32_IsInstalled(hSCM))
1486  {
1487  CloseServiceHandle(hSCM);
1488  write_stderr(_("%s: service \"%s\" already registered\n"), progname, register_servicename);
1489  exit(1);
1490  }
1491 
1492  if ((hService = CreateService(hSCM, register_servicename, register_servicename,
1493  SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS,
1494  pgctl_start_type, SERVICE_ERROR_NORMAL,
1495  pgwin32_CommandLine(true),
1496  NULL, NULL, "RPCSS\0", register_username, register_password)) == NULL)
1497  {
1498  CloseServiceHandle(hSCM);
1499  write_stderr(_("%s: could not register service \"%s\": error code %lu\n"),
1501  (unsigned long) GetLastError());
1502  exit(1);
1503  }
1504  CloseServiceHandle(hService);
1505  CloseServiceHandle(hSCM);
1506 }
1507 
1508 static void
1509 pgwin32_doUnregister(void)
1510 {
1511  SC_HANDLE hService;
1512  SC_HANDLE hSCM = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
1513 
1514  if (hSCM == NULL)
1515  {
1516  write_stderr(_("%s: could not open service manager\n"), progname);
1517  exit(1);
1518  }
1519  if (!pgwin32_IsInstalled(hSCM))
1520  {
1521  CloseServiceHandle(hSCM);
1522  write_stderr(_("%s: service \"%s\" not registered\n"), progname, register_servicename);
1523  exit(1);
1524  }
1525 
1526  if ((hService = OpenService(hSCM, register_servicename, DELETE)) == NULL)
1527  {
1528  CloseServiceHandle(hSCM);
1529  write_stderr(_("%s: could not open service \"%s\": error code %lu\n"),
1531  (unsigned long) GetLastError());
1532  exit(1);
1533  }
1534  if (!DeleteService(hService))
1535  {
1536  CloseServiceHandle(hService);
1537  CloseServiceHandle(hSCM);
1538  write_stderr(_("%s: could not unregister service \"%s\": error code %lu\n"),
1540  (unsigned long) GetLastError());
1541  exit(1);
1542  }
1543  CloseServiceHandle(hService);
1544  CloseServiceHandle(hSCM);
1545 }
1546 
1547 static void
1548 pgwin32_SetServiceStatus(DWORD currentState)
1549 {
1550  status.dwCurrentState = currentState;
1551  SetServiceStatus(hStatus, (LPSERVICE_STATUS) &status);
1552 }
1553 
1554 static void WINAPI
1555 pgwin32_ServiceHandler(DWORD request)
1556 {
1557  switch (request)
1558  {
1559  case SERVICE_CONTROL_STOP:
1560  case SERVICE_CONTROL_SHUTDOWN:
1561 
1562  /*
1563  * We only need a short wait hint here as it just needs to wait
1564  * for the next checkpoint. They occur every 5 seconds during
1565  * shutdown
1566  */
1567  status.dwWaitHint = 10000;
1568  pgwin32_SetServiceStatus(SERVICE_STOP_PENDING);
1569  SetEvent(shutdownEvent);
1570  return;
1571 
1572  case SERVICE_CONTROL_PAUSE:
1573  /* Win32 config reloading */
1574  status.dwWaitHint = 5000;
1576  return;
1577 
1578  /* FIXME: These could be used to replace other signals etc */
1579  case SERVICE_CONTROL_CONTINUE:
1580  case SERVICE_CONTROL_INTERROGATE:
1581  default:
1582  break;
1583  }
1584 }
1585 
1586 static void WINAPI
1587 pgwin32_ServiceMain(DWORD argc, LPTSTR *argv)
1588 {
1589  PROCESS_INFORMATION pi;
1590  DWORD ret;
1591 
1592  /* Initialize variables */
1593  status.dwWin32ExitCode = S_OK;
1594  status.dwCheckPoint = 0;
1595  status.dwWaitHint = 60000;
1596  status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
1597  status.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN | SERVICE_ACCEPT_PAUSE_CONTINUE;
1598  status.dwServiceSpecificExitCode = 0;
1599  status.dwCurrentState = SERVICE_START_PENDING;
1600 
1601  memset(&pi, 0, sizeof(pi));
1602 
1603  read_post_opts();
1604 
1605  /* Register the control request handler */
1606  if ((hStatus = RegisterServiceCtrlHandler(register_servicename, pgwin32_ServiceHandler)) == (SERVICE_STATUS_HANDLE) 0)
1607  return;
1608 
1609  if ((shutdownEvent = CreateEvent(NULL, true, false, NULL)) == NULL)
1610  return;
1611 
1612  /* Start the postmaster */
1613  pgwin32_SetServiceStatus(SERVICE_START_PENDING);
1614  if (!CreateRestrictedProcess(pgwin32_CommandLine(false), &pi, true))
1615  {
1616  pgwin32_SetServiceStatus(SERVICE_STOPPED);
1617  return;
1618  }
1619  postmasterPID = pi.dwProcessId;
1620  postmasterProcess = pi.hProcess;
1621  CloseHandle(pi.hThread);
1622 
1623  if (do_wait)
1624  {
1625  write_eventlog(EVENTLOG_INFORMATION_TYPE, _("Waiting for server startup...\n"));
1627  {
1628  write_eventlog(EVENTLOG_ERROR_TYPE, _("Timed out waiting for server startup\n"));
1629  pgwin32_SetServiceStatus(SERVICE_STOPPED);
1630  return;
1631  }
1632  write_eventlog(EVENTLOG_INFORMATION_TYPE, _("Server started and accepting connections\n"));
1633  }
1634 
1635  pgwin32_SetServiceStatus(SERVICE_RUNNING);
1636 
1637  /* Wait for quit... */
1638  ret = WaitForMultipleObjects(2, shutdownHandles, FALSE, INFINITE);
1639 
1640  pgwin32_SetServiceStatus(SERVICE_STOP_PENDING);
1641  switch (ret)
1642  {
1643  case WAIT_OBJECT_0: /* shutdown event */
1644  {
1645  /*
1646  * status.dwCheckPoint can be incremented by
1647  * wait_for_postmaster(), so it might not start from 0.
1648  */
1649  int maxShutdownCheckPoint = status.dwCheckPoint + 12;
1650 
1651  kill(postmasterPID, SIGINT);
1652 
1653  /*
1654  * Increment the checkpoint and try again. Abort after 12
1655  * checkpoints as the postmaster has probably hung.
1656  */
1657  while (WaitForSingleObject(postmasterProcess, 5000) == WAIT_TIMEOUT && status.dwCheckPoint < maxShutdownCheckPoint)
1658  {
1659  status.dwCheckPoint++;
1660  SetServiceStatus(hStatus, (LPSERVICE_STATUS) &status);
1661  }
1662  break;
1663  }
1664 
1665  case (WAIT_OBJECT_0 + 1): /* postmaster went down */
1666  break;
1667 
1668  default:
1669  /* shouldn't get here? */
1670  break;
1671  }
1672 
1673  CloseHandle(shutdownEvent);
1674  CloseHandle(postmasterProcess);
1675 
1676  pgwin32_SetServiceStatus(SERVICE_STOPPED);
1677 }
1678 
1679 static void
1680 pgwin32_doRunAsService(void)
1681 {
1682  SERVICE_TABLE_ENTRY st[] = {{register_servicename, pgwin32_ServiceMain},
1683  {NULL, NULL}};
1684 
1685  if (StartServiceCtrlDispatcher(st) == 0)
1686  {
1687  write_stderr(_("%s: could not start service \"%s\": error code %lu\n"),
1689  (unsigned long) GetLastError());
1690  exit(1);
1691  }
1692 }
1693 
1694 
1695 /*
1696  * Mingw headers are incomplete, and so are the libraries. So we have to load
1697  * a whole lot of API functions dynamically. Since we have to do this anyway,
1698  * also load the couple of functions that *do* exist in mingw headers but not
1699  * on NT4. That way, we don't break on NT4.
1700  */
1701 typedef BOOL (WINAPI * __CreateRestrictedToken) (HANDLE, DWORD, DWORD, PSID_AND_ATTRIBUTES, DWORD, PLUID_AND_ATTRIBUTES, DWORD, PSID_AND_ATTRIBUTES, PHANDLE);
1702 typedef BOOL (WINAPI * __IsProcessInJob) (HANDLE, HANDLE, PBOOL);
1703 typedef HANDLE (WINAPI * __CreateJobObject) (LPSECURITY_ATTRIBUTES, LPCTSTR);
1704 typedef BOOL (WINAPI * __SetInformationJobObject) (HANDLE, JOBOBJECTINFOCLASS, LPVOID, DWORD);
1705 typedef BOOL (WINAPI * __AssignProcessToJobObject) (HANDLE, HANDLE);
1706 typedef BOOL (WINAPI * __QueryInformationJobObject) (HANDLE, JOBOBJECTINFOCLASS, LPVOID, DWORD, LPDWORD);
1707 
1708 /*
1709  * Create a restricted token, a job object sandbox, and execute the specified
1710  * process with it.
1711  *
1712  * Returns 0 on success, non-zero on failure, same as CreateProcess().
1713  *
1714  * On NT4, or any other system not containing the required functions, will
1715  * launch the process under the current token without doing any modifications.
1716  *
1717  * NOTE! Job object will only work when running as a service, because it's
1718  * automatically destroyed when pg_ctl exits.
1719  */
1720 static int
1721 CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, bool as_service)
1722 {
1723  int r;
1724  BOOL b;
1725  STARTUPINFO si;
1726  HANDLE origToken;
1727  HANDLE restrictedToken;
1728  SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
1729  SID_AND_ATTRIBUTES dropSids[2];
1730  PTOKEN_PRIVILEGES delPrivs;
1731 
1732  /* Functions loaded dynamically */
1733  __CreateRestrictedToken _CreateRestrictedToken = NULL;
1734  __IsProcessInJob _IsProcessInJob = NULL;
1735  __CreateJobObject _CreateJobObject = NULL;
1736  __SetInformationJobObject _SetInformationJobObject = NULL;
1737  __AssignProcessToJobObject _AssignProcessToJobObject = NULL;
1738  __QueryInformationJobObject _QueryInformationJobObject = NULL;
1739  HANDLE Kernel32Handle;
1740  HANDLE Advapi32Handle;
1741 
1742  ZeroMemory(&si, sizeof(si));
1743  si.cb = sizeof(si);
1744 
1745  Advapi32Handle = LoadLibrary("ADVAPI32.DLL");
1746  if (Advapi32Handle != NULL)
1747  {
1748  _CreateRestrictedToken = (__CreateRestrictedToken) GetProcAddress(Advapi32Handle, "CreateRestrictedToken");
1749  }
1750 
1751  if (_CreateRestrictedToken == NULL)
1752  {
1753  /*
1754  * NT4 doesn't have CreateRestrictedToken, so just call ordinary
1755  * CreateProcess
1756  */
1757  write_stderr(_("%s: WARNING: cannot create restricted tokens on this platform\n"), progname);
1758  if (Advapi32Handle != NULL)
1759  FreeLibrary(Advapi32Handle);
1760  return CreateProcess(NULL, cmd, NULL, NULL, FALSE, 0, NULL, NULL, &si, processInfo);
1761  }
1762 
1763  /* Open the current token to use as a base for the restricted one */
1764  if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &origToken))
1765  {
1766  /*
1767  * Most Windows targets make DWORD a 32-bit unsigned long, but in case
1768  * it doesn't cast DWORD before printing.
1769  */
1770  write_stderr(_("%s: could not open process token: error code %lu\n"),
1771  progname, (unsigned long) GetLastError());
1772  return 0;
1773  }
1774 
1775  /* Allocate list of SIDs to remove */
1776  ZeroMemory(&dropSids, sizeof(dropSids));
1777  if (!AllocateAndInitializeSid(&NtAuthority, 2,
1778  SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0,
1779  0, &dropSids[0].Sid) ||
1780  !AllocateAndInitializeSid(&NtAuthority, 2,
1781  SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS, 0, 0, 0, 0, 0,
1782  0, &dropSids[1].Sid))
1783  {
1784  write_stderr(_("%s: could not allocate SIDs: error code %lu\n"),
1785  progname, (unsigned long) GetLastError());
1786  return 0;
1787  }
1788 
1789  /* Get list of privileges to remove */
1790  delPrivs = GetPrivilegesToDelete(origToken);
1791  if (delPrivs == NULL)
1792  /* Error message already printed */
1793  return 0;
1794 
1795  b = _CreateRestrictedToken(origToken,
1796  0,
1797  sizeof(dropSids) / sizeof(dropSids[0]),
1798  dropSids,
1799  delPrivs->PrivilegeCount, delPrivs->Privileges,
1800  0, NULL,
1801  &restrictedToken);
1802 
1803  free(delPrivs);
1804  FreeSid(dropSids[1].Sid);
1805  FreeSid(dropSids[0].Sid);
1806  CloseHandle(origToken);
1807  FreeLibrary(Advapi32Handle);
1808 
1809  if (!b)
1810  {
1811  write_stderr(_("%s: could not create restricted token: error code %lu\n"),
1812  progname, (unsigned long) GetLastError());
1813  return 0;
1814  }
1815 
1816  AddUserToTokenDacl(restrictedToken);
1817  r = CreateProcessAsUser(restrictedToken, NULL, cmd, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, &si, processInfo);
1818 
1819  Kernel32Handle = LoadLibrary("KERNEL32.DLL");
1820  if (Kernel32Handle != NULL)
1821  {
1822  _IsProcessInJob = (__IsProcessInJob) GetProcAddress(Kernel32Handle, "IsProcessInJob");
1823  _CreateJobObject = (__CreateJobObject) GetProcAddress(Kernel32Handle, "CreateJobObjectA");
1824  _SetInformationJobObject = (__SetInformationJobObject) GetProcAddress(Kernel32Handle, "SetInformationJobObject");
1825  _AssignProcessToJobObject = (__AssignProcessToJobObject) GetProcAddress(Kernel32Handle, "AssignProcessToJobObject");
1826  _QueryInformationJobObject = (__QueryInformationJobObject) GetProcAddress(Kernel32Handle, "QueryInformationJobObject");
1827  }
1828 
1829  /* Verify that we found all functions */
1830  if (_IsProcessInJob == NULL || _CreateJobObject == NULL || _SetInformationJobObject == NULL || _AssignProcessToJobObject == NULL || _QueryInformationJobObject == NULL)
1831  {
1832  /*
1833  * IsProcessInJob() is not available on < WinXP, so there is no need
1834  * to log the error every time in that case
1835  */
1836  if (IsWindowsXPOrGreater())
1837 
1838  /*
1839  * Log error if we can't get version, or if we're on WinXP/2003 or
1840  * newer
1841  */
1842  write_stderr(_("%s: WARNING: could not locate all job object functions in system API\n"), progname);
1843  }
1844  else
1845  {
1846  BOOL inJob;
1847 
1848  if (_IsProcessInJob(processInfo->hProcess, NULL, &inJob))
1849  {
1850  if (!inJob)
1851  {
1852  /*
1853  * Job objects are working, and the new process isn't in one,
1854  * so we can create one safely. If any problems show up when
1855  * setting it, we're going to ignore them.
1856  */
1857  HANDLE job;
1858  char jobname[128];
1859 
1860  sprintf(jobname, "PostgreSQL_%lu",
1861  (unsigned long) processInfo->dwProcessId);
1862 
1863  job = _CreateJobObject(NULL, jobname);
1864  if (job)
1865  {
1866  JOBOBJECT_BASIC_LIMIT_INFORMATION basicLimit;
1867  JOBOBJECT_BASIC_UI_RESTRICTIONS uiRestrictions;
1868  JOBOBJECT_SECURITY_LIMIT_INFORMATION securityLimit;
1869 
1870  ZeroMemory(&basicLimit, sizeof(basicLimit));
1871  ZeroMemory(&uiRestrictions, sizeof(uiRestrictions));
1872  ZeroMemory(&securityLimit, sizeof(securityLimit));
1873 
1874  basicLimit.LimitFlags = JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION | JOB_OBJECT_LIMIT_PRIORITY_CLASS;
1875  basicLimit.PriorityClass = NORMAL_PRIORITY_CLASS;
1876  _SetInformationJobObject(job, JobObjectBasicLimitInformation, &basicLimit, sizeof(basicLimit));
1877 
1878  uiRestrictions.UIRestrictionsClass = JOB_OBJECT_UILIMIT_DESKTOP | JOB_OBJECT_UILIMIT_DISPLAYSETTINGS |
1879  JOB_OBJECT_UILIMIT_EXITWINDOWS | JOB_OBJECT_UILIMIT_READCLIPBOARD |
1880  JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS | JOB_OBJECT_UILIMIT_WRITECLIPBOARD;
1881 
1882  if (as_service)
1883  {
1884  if (!IsWindows7OrGreater())
1885  {
1886  /*
1887  * On Windows 7 (and presumably later),
1888  * JOB_OBJECT_UILIMIT_HANDLES prevents us from
1889  * starting as a service. So we only enable it on
1890  * Vista and earlier (version <= 6.0)
1891  */
1892  uiRestrictions.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_HANDLES;
1893  }
1894  }
1895  _SetInformationJobObject(job, JobObjectBasicUIRestrictions, &uiRestrictions, sizeof(uiRestrictions));
1896 
1897  securityLimit.SecurityLimitFlags = JOB_OBJECT_SECURITY_NO_ADMIN | JOB_OBJECT_SECURITY_ONLY_TOKEN;
1898  securityLimit.JobToken = restrictedToken;
1899  _SetInformationJobObject(job, JobObjectSecurityLimitInformation, &securityLimit, sizeof(securityLimit));
1900 
1901  _AssignProcessToJobObject(job, processInfo->hProcess);
1902  }
1903  }
1904  }
1905  }
1906 
1907 
1908  CloseHandle(restrictedToken);
1909 
1910  ResumeThread(processInfo->hThread);
1911 
1912  FreeLibrary(Kernel32Handle);
1913 
1914  /*
1915  * We intentionally don't close the job object handle, because we want the
1916  * object to live on until pg_ctl shuts down.
1917  */
1918  return r;
1919 }
1920 
1921 /*
1922  * Get a list of privileges to delete from the access token. We delete all privileges
1923  * except SeLockMemoryPrivilege which is needed to use large pages, and
1924  * SeChangeNotifyPrivilege which is enabled by default in DISABLE_MAX_PRIVILEGE.
1925  */
1926 static PTOKEN_PRIVILEGES
1927 GetPrivilegesToDelete(HANDLE hToken)
1928 {
1929  int i,
1930  j;
1931  DWORD length;
1932  PTOKEN_PRIVILEGES tokenPrivs;
1933  LUID luidLockPages;
1934  LUID luidChangeNotify;
1935 
1936  if (!LookupPrivilegeValue(NULL, SE_LOCK_MEMORY_NAME, &luidLockPages) ||
1937  !LookupPrivilegeValue(NULL, SE_CHANGE_NOTIFY_NAME, &luidChangeNotify))
1938  {
1939  write_stderr(_("%s: could not get LUIDs for privileges: error code %lu\n"),
1940  progname, (unsigned long) GetLastError());
1941  return NULL;
1942  }
1943 
1944  if (!GetTokenInformation(hToken, TokenPrivileges, NULL, 0, &length) &&
1945  GetLastError() != ERROR_INSUFFICIENT_BUFFER)
1946  {
1947  write_stderr(_("%s: could not get token information: error code %lu\n"),
1948  progname, (unsigned long) GetLastError());
1949  return NULL;
1950  }
1951 
1952  tokenPrivs = (PTOKEN_PRIVILEGES) pg_malloc_extended(length,
1954  if (tokenPrivs == NULL)
1955  {
1956  write_stderr(_("%s: out of memory\n"), progname);
1957  return NULL;
1958  }
1959 
1960  if (!GetTokenInformation(hToken, TokenPrivileges, tokenPrivs, length, &length))
1961  {
1962  write_stderr(_("%s: could not get token information: error code %lu\n"),
1963  progname, (unsigned long) GetLastError());
1964  free(tokenPrivs);
1965  return NULL;
1966  }
1967 
1968  for (i = 0; i < tokenPrivs->PrivilegeCount; i++)
1969  {
1970  if (memcmp(&tokenPrivs->Privileges[i].Luid, &luidLockPages, sizeof(LUID)) == 0 ||
1971  memcmp(&tokenPrivs->Privileges[i].Luid, &luidChangeNotify, sizeof(LUID)) == 0)
1972  {
1973  for (j = i; j < tokenPrivs->PrivilegeCount - 1; j++)
1974  tokenPrivs->Privileges[j] = tokenPrivs->Privileges[j + 1];
1975  tokenPrivs->PrivilegeCount--;
1976  }
1977  }
1978 
1979  return tokenPrivs;
1980 }
1981 #endif /* WIN32 */
1982 
1983 static void
1985 {
1986  write_stderr(_("Try \"%s --help\" for more information.\n"), progname);
1987 }
1988 
1989 
1990 
1991 static void
1992 do_help(void)
1993 {
1994  printf(_("%s is a utility to initialize, start, stop, or control a PostgreSQL server.\n\n"), progname);
1995  printf(_("Usage:\n"));
1996  printf(_(" %s init[db] [-D DATADIR] [-s] [-o OPTIONS]\n"), progname);
1997  printf(_(" %s start [-D DATADIR] [-l FILENAME] [-W] [-t SECS] [-s]\n"
1998  " [-o OPTIONS] [-p PATH] [-c]\n"), progname);
1999  printf(_(" %s stop [-D DATADIR] [-m SHUTDOWN-MODE] [-W] [-t SECS] [-s]\n"), progname);
2000  printf(_(" %s restart [-D DATADIR] [-m SHUTDOWN-MODE] [-W] [-t SECS] [-s]\n"
2001  " [-o OPTIONS] [-c]\n"), progname);
2002  printf(_(" %s reload [-D DATADIR] [-s]\n"), progname);
2003  printf(_(" %s status [-D DATADIR]\n"), progname);
2004  printf(_(" %s promote [-D DATADIR] [-W] [-t SECS] [-s]\n"), progname);
2005  printf(_(" %s logrotate [-D DATADIR] [-s]\n"), progname);
2006  printf(_(" %s kill SIGNALNAME PID\n"), progname);
2007 #ifdef WIN32
2008  printf(_(" %s register [-D DATADIR] [-N SERVICENAME] [-U USERNAME] [-P PASSWORD]\n"
2009  " [-S START-TYPE] [-e SOURCE] [-W] [-t SECS] [-s] [-o OPTIONS]\n"), progname);
2010  printf(_(" %s unregister [-N SERVICENAME]\n"), progname);
2011 #endif
2012 
2013  printf(_("\nCommon options:\n"));
2014  printf(_(" -D, --pgdata=DATADIR location of the database storage area\n"));
2015 #ifdef WIN32
2016  printf(_(" -e SOURCE event source for logging when running as a service\n"));
2017 #endif
2018  printf(_(" -s, --silent only print errors, no informational messages\n"));
2019  printf(_(" -t, --timeout=SECS seconds to wait when using -w option\n"));
2020  printf(_(" -V, --version output version information, then exit\n"));
2021  printf(_(" -w, --wait wait until operation completes (default)\n"));
2022  printf(_(" -W, --no-wait do not wait until operation completes\n"));
2023  printf(_(" -?, --help show this help, then exit\n"));
2024  printf(_("If the -D option is omitted, the environment variable PGDATA is used.\n"));
2025 
2026  printf(_("\nOptions for start or restart:\n"));
2027 #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
2028  printf(_(" -c, --core-files allow postgres to produce core files\n"));
2029 #else
2030  printf(_(" -c, --core-files not applicable on this platform\n"));
2031 #endif
2032  printf(_(" -l, --log=FILENAME write (or append) server log to FILENAME\n"));
2033  printf(_(" -o, --options=OPTIONS command line options to pass to postgres\n"
2034  " (PostgreSQL server executable) or initdb\n"));
2035  printf(_(" -p PATH-TO-POSTGRES normally not necessary\n"));
2036  printf(_("\nOptions for stop or restart:\n"));
2037  printf(_(" -m, --mode=MODE MODE can be \"smart\", \"fast\", or \"immediate\"\n"));
2038 
2039  printf(_("\nShutdown modes are:\n"));
2040  printf(_(" smart quit after all clients have disconnected\n"));
2041  printf(_(" fast quit directly, with proper shutdown (default)\n"));
2042  printf(_(" immediate quit without complete shutdown; will lead to recovery on restart\n"));
2043 
2044  printf(_("\nAllowed signal names for kill:\n"));
2045  printf(" ABRT HUP INT KILL QUIT TERM USR1 USR2\n");
2046 
2047 #ifdef WIN32
2048  printf(_("\nOptions for register and unregister:\n"));
2049  printf(_(" -N SERVICENAME service name with which to register PostgreSQL server\n"));
2050  printf(_(" -P PASSWORD password of account to register PostgreSQL server\n"));
2051  printf(_(" -U USERNAME user name of account to register PostgreSQL server\n"));
2052  printf(_(" -S START-TYPE service start type to register PostgreSQL server\n"));
2053 
2054  printf(_("\nStart types are:\n"));
2055  printf(_(" auto start service automatically during system startup (default)\n"));
2056  printf(_(" demand start service on demand\n"));
2057 #endif
2058 
2059  printf(_("\nReport bugs to <pgsql-bugs@lists.postgresql.org>.\n"));
2060 }
2061 
2062 
2063 
2064 static void
2065 set_mode(char *modeopt)
2066 {
2067  if (strcmp(modeopt, "s") == 0 || strcmp(modeopt, "smart") == 0)
2068  {
2070  sig = SIGTERM;
2071  }
2072  else if (strcmp(modeopt, "f") == 0 || strcmp(modeopt, "fast") == 0)
2073  {
2075  sig = SIGINT;
2076  }
2077  else if (strcmp(modeopt, "i") == 0 || strcmp(modeopt, "immediate") == 0)
2078  {
2080  sig = SIGQUIT;
2081  }
2082  else
2083  {
2084  write_stderr(_("%s: unrecognized shutdown mode \"%s\"\n"), progname, modeopt);
2085  do_advice();
2086  exit(1);
2087  }
2088 }
2089 
2090 
2091 
2092 static void
2093 set_sig(char *signame)
2094 {
2095  if (strcmp(signame, "HUP") == 0)
2096  sig = SIGHUP;
2097  else if (strcmp(signame, "INT") == 0)
2098  sig = SIGINT;
2099  else if (strcmp(signame, "QUIT") == 0)
2100  sig = SIGQUIT;
2101  else if (strcmp(signame, "ABRT") == 0)
2102  sig = SIGABRT;
2103  else if (strcmp(signame, "KILL") == 0)
2104  sig = SIGKILL;
2105  else if (strcmp(signame, "TERM") == 0)
2106  sig = SIGTERM;
2107  else if (strcmp(signame, "USR1") == 0)
2108  sig = SIGUSR1;
2109  else if (strcmp(signame, "USR2") == 0)
2110  sig = SIGUSR2;
2111  else
2112  {
2113  write_stderr(_("%s: unrecognized signal name \"%s\"\n"), progname, signame);
2114  do_advice();
2115  exit(1);
2116  }
2117 }
2118 
2119 
2120 #ifdef WIN32
2121 static void
2122 set_starttype(char *starttypeopt)
2123 {
2124  if (strcmp(starttypeopt, "a") == 0 || strcmp(starttypeopt, "auto") == 0)
2125  pgctl_start_type = SERVICE_AUTO_START;
2126  else if (strcmp(starttypeopt, "d") == 0 || strcmp(starttypeopt, "demand") == 0)
2127  pgctl_start_type = SERVICE_DEMAND_START;
2128  else
2129  {
2130  write_stderr(_("%s: unrecognized start type \"%s\"\n"), progname, starttypeopt);
2131  do_advice();
2132  exit(1);
2133  }
2134 }
2135 #endif
2136 
2137 /*
2138  * adjust_data_dir
2139  *
2140  * If a configuration-only directory was specified, find the real data dir.
2141  */
2142 static void
2144 {
2145  char cmd[MAXPGPATH],
2147  *my_exec_path;
2148  FILE *fd;
2149 
2150  /* do nothing if we're working without knowledge of data dir */
2151  if (pg_config == NULL)
2152  return;
2153 
2154  /* If there is no postgresql.conf, it can't be a config-only dir */
2155  snprintf(filename, sizeof(filename), "%s/postgresql.conf", pg_config);
2156  if ((fd = fopen(filename, "r")) == NULL)
2157  return;
2158  fclose(fd);
2159 
2160  /* If PG_VERSION exists, it can't be a config-only dir */
2161  snprintf(filename, sizeof(filename), "%s/PG_VERSION", pg_config);
2162  if ((fd = fopen(filename, "r")) != NULL)
2163  {
2164  fclose(fd);
2165  return;
2166  }
2167 
2168  /* Must be a configuration directory, so find the data directory */
2169 
2170  /* we use a private my_exec_path to avoid interfering with later uses */
2171  if (exec_path == NULL)
2172  my_exec_path = find_other_exec_or_die(argv0, "postgres", PG_BACKEND_VERSIONSTR);
2173  else
2174  my_exec_path = pg_strdup(exec_path);
2175 
2176  /* it's important for -C to be the first option, see main.c */
2177  snprintf(cmd, MAXPGPATH, "\"%s\" -C data_directory %s%s",
2178  my_exec_path,
2179  pgdata_opt ? pgdata_opt : "",
2180  post_opts ? post_opts : "");
2181 
2182  fd = popen(cmd, "r");
2183  if (fd == NULL || fgets(filename, sizeof(filename), fd) == NULL)
2184  {
2185  write_stderr(_("%s: could not determine the data directory using command \"%s\"\n"), progname, cmd);
2186  exit(1);
2187  }
2188  pclose(fd);
2189  free(my_exec_path);
2190 
2191  /* strip trailing newline and carriage return */
2192  (void) pg_strip_crlf(filename);
2193 
2194  free(pg_data);
2195  pg_data = pg_strdup(filename);
2197 }
2198 
2199 
2200 static DBState
2202 {
2203  DBState ret;
2204  bool crc_ok;
2205  ControlFileData *control_file_data = get_controlfile(pg_data, &crc_ok);
2206 
2207  if (!crc_ok)
2208  {
2209  write_stderr(_("%s: control file appears to be corrupt\n"), progname);
2210  exit(1);
2211  }
2212 
2213  ret = control_file_data->state;
2214  pfree(control_file_data);
2215  return ret;
2216 }
2217 
2218 
2219 int
2220 main(int argc, char **argv)
2221 {
2222  static struct option long_options[] = {
2223  {"help", no_argument, NULL, '?'},
2224  {"version", no_argument, NULL, 'V'},
2225  {"log", required_argument, NULL, 'l'},
2226  {"mode", required_argument, NULL, 'm'},
2227  {"pgdata", required_argument, NULL, 'D'},
2228  {"options", required_argument, NULL, 'o'},
2229  {"silent", no_argument, NULL, 's'},
2230  {"timeout", required_argument, NULL, 't'},
2231  {"core-files", no_argument, NULL, 'c'},
2232  {"wait", no_argument, NULL, 'w'},
2233  {"no-wait", no_argument, NULL, 'W'},
2234  {NULL, 0, NULL, 0}
2235  };
2236 
2237  char *env_wait;
2238  int option_index;
2239  int c;
2240  pgpid_t killproc = 0;
2241 
2242  pg_logging_init(argv[0]);
2243  progname = get_progname(argv[0]);
2244  set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pg_ctl"));
2245  start_time = time(NULL);
2246 
2247  /*
2248  * save argv[0] so do_start() can look for the postmaster if necessary. we
2249  * don't look for postmaster here because in many cases we won't need it.
2250  */
2251  argv0 = argv[0];
2252 
2253  /* Set restrictive mode mask until PGDATA permissions are checked */
2254  umask(PG_MODE_MASK_OWNER);
2255 
2256  /* support --help and --version even if invoked as root */
2257  if (argc > 1)
2258  {
2259  if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
2260  {
2261  do_help();
2262  exit(0);
2263  }
2264  else if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
2265  {
2266  puts("pg_ctl (PostgreSQL) " PG_VERSION);
2267  exit(0);
2268  }
2269  }
2270 
2271  /*
2272  * Disallow running as root, to forestall any possible security holes.
2273  */
2274 #ifndef WIN32
2275  if (geteuid() == 0)
2276  {
2277  write_stderr(_("%s: cannot be run as root\n"
2278  "Please log in (using, e.g., \"su\") as the "
2279  "(unprivileged) user that will\n"
2280  "own the server process.\n"),
2281  progname);
2282  exit(1);
2283  }
2284 #endif
2285 
2286  env_wait = getenv("PGCTLTIMEOUT");
2287  if (env_wait != NULL)
2288  wait_seconds = atoi(env_wait);
2289 
2290  /*
2291  * 'Action' can be before or after args so loop over both. Some
2292  * getopt_long() implementations will reorder argv[] to place all flags
2293  * first (GNU?), but we don't rely on it. Our /port version doesn't do
2294  * that.
2295  */
2296  optind = 1;
2297 
2298  /* process command-line options */
2299  while (optind < argc)
2300  {
2301  while ((c = getopt_long(argc, argv, "cD:e:l:m:N:o:p:P:sS:t:U:wW",
2302  long_options, &option_index)) != -1)
2303  {
2304  switch (c)
2305  {
2306  case 'D':
2307  {
2308  char *pgdata_D;
2309  char *env_var;
2310 
2311  pgdata_D = pg_strdup(optarg);
2312  canonicalize_path(pgdata_D);
2313  env_var = psprintf("PGDATA=%s", pgdata_D);
2314  putenv(env_var);
2315 
2316  /*
2317  * We could pass PGDATA just in an environment
2318  * variable but we do -D too for clearer postmaster
2319  * 'ps' display
2320  */
2321  pgdata_opt = psprintf("-D \"%s\" ", pgdata_D);
2322  break;
2323  }
2324  case 'e':
2326  break;
2327  case 'l':
2329  break;
2330  case 'm':
2331  set_mode(optarg);
2332  break;
2333  case 'N':
2335  break;
2336  case 'o':
2337  /* append option? */
2338  if (!post_opts)
2340  else
2341  {
2342  char *old_post_opts = post_opts;
2343 
2344  post_opts = psprintf("%s %s", old_post_opts, optarg);
2345  free(old_post_opts);
2346  }
2347  break;
2348  case 'p':
2350  break;
2351  case 'P':
2353  break;
2354  case 's':
2355  silent_mode = true;
2356  break;
2357  case 'S':
2358 #ifdef WIN32
2359  set_starttype(optarg);
2360 #else
2361  write_stderr(_("%s: -S option not supported on this platform\n"),
2362  progname);
2363  exit(1);
2364 #endif
2365  break;
2366  case 't':
2367  wait_seconds = atoi(optarg);
2368  wait_seconds_arg = true;
2369  break;
2370  case 'U':
2371  if (strchr(optarg, '\\'))
2373  else
2374  /* Prepend .\ for local accounts */
2375  register_username = psprintf(".\\%s", optarg);
2376  break;
2377  case 'w':
2378  do_wait = true;
2379  break;
2380  case 'W':
2381  do_wait = false;
2382  break;
2383  case 'c':
2384  allow_core_files = true;
2385  break;
2386  default:
2387  /* getopt_long already issued a suitable error message */
2388  do_advice();
2389  exit(1);
2390  }
2391  }
2392 
2393  /* Process an action */
2394  if (optind < argc)
2395  {
2396  if (ctl_command != NO_COMMAND)
2397  {
2398  write_stderr(_("%s: too many command-line arguments (first is \"%s\")\n"), progname, argv[optind]);
2399  do_advice();
2400  exit(1);
2401  }
2402 
2403  if (strcmp(argv[optind], "init") == 0
2404  || strcmp(argv[optind], "initdb") == 0)
2406  else if (strcmp(argv[optind], "start") == 0)
2408  else if (strcmp(argv[optind], "stop") == 0)
2410  else if (strcmp(argv[optind], "restart") == 0)
2412  else if (strcmp(argv[optind], "reload") == 0)
2414  else if (strcmp(argv[optind], "status") == 0)
2416  else if (strcmp(argv[optind], "promote") == 0)
2418  else if (strcmp(argv[optind], "logrotate") == 0)
2420  else if (strcmp(argv[optind], "kill") == 0)
2421  {
2422  if (argc - optind < 3)
2423  {
2424  write_stderr(_("%s: missing arguments for kill mode\n"), progname);
2425  do_advice();
2426  exit(1);
2427  }
2429  set_sig(argv[++optind]);
2430  killproc = atol(argv[++optind]);
2431  }
2432 #ifdef WIN32
2433  else if (strcmp(argv[optind], "register") == 0)
2435  else if (strcmp(argv[optind], "unregister") == 0)
2437  else if (strcmp(argv[optind], "runservice") == 0)
2439 #endif
2440  else
2441  {
2442  write_stderr(_("%s: unrecognized operation mode \"%s\"\n"), progname, argv[optind]);
2443  do_advice();
2444  exit(1);
2445  }
2446  optind++;
2447  }
2448  }
2449 
2450  if (ctl_command == NO_COMMAND)
2451  {
2452  write_stderr(_("%s: no operation specified\n"), progname);
2453  do_advice();
2454  exit(1);
2455  }
2456 
2457  /* Note we put any -D switch into the env var above */
2458  pg_config = getenv("PGDATA");
2459  if (pg_config)
2460  {
2464  }
2465 
2466  /* -D might point at config-only directory; if so find the real PGDATA */
2467  adjust_data_dir();
2468 
2469  /* Complain if -D needed and not provided */
2470  if (pg_config == NULL &&
2472  {
2473  write_stderr(_("%s: no database directory specified and environment variable PGDATA unset\n"),
2474  progname);
2475  do_advice();
2476  exit(1);
2477  }
2478 
2479  if (ctl_command == RELOAD_COMMAND)
2480  {
2481  sig = SIGHUP;
2482  do_wait = false;
2483  }
2484 
2485  if (pg_data)
2486  {
2487  snprintf(postopts_file, MAXPGPATH, "%s/postmaster.opts", pg_data);
2488  snprintf(version_file, MAXPGPATH, "%s/PG_VERSION", pg_data);
2489  snprintf(pid_file, MAXPGPATH, "%s/postmaster.pid", pg_data);
2490  snprintf(backup_file, MAXPGPATH, "%s/backup_label", pg_data);
2491 
2492  /*
2493  * Set mask based on PGDATA permissions,
2494  *
2495  * Don't error here if the data directory cannot be stat'd. This is
2496  * handled differently based on the command and we don't want to
2497  * interfere with that logic.
2498  */
2500  umask(pg_mode_mask);
2501  }
2502 
2503  switch (ctl_command)
2504  {
2505  case INIT_COMMAND:
2506  do_init();
2507  break;
2508  case STATUS_COMMAND:
2509  do_status();
2510  break;
2511  case START_COMMAND:
2512  do_start();
2513  break;
2514  case STOP_COMMAND:
2515  do_stop();
2516  break;
2517  case RESTART_COMMAND:
2518  do_restart();
2519  break;
2520  case RELOAD_COMMAND:
2521  do_reload();
2522  break;
2523  case PROMOTE_COMMAND:
2524  do_promote();
2525  break;
2526  case LOGROTATE_COMMAND:
2527  do_logrotate();
2528  break;
2529  case KILL_COMMAND:
2530  do_kill(killproc);
2531  break;
2532 #ifdef WIN32
2533  case REGISTER_COMMAND:
2534  pgwin32_doRegister();
2535  break;
2536  case UNREGISTER_COMMAND:
2537  pgwin32_doUnregister();
2538  break;
2540  pgwin32_doRunAsService();
2541  break;
2542 #endif
2543  default:
2544  break;
2545  }
2546 
2547  exit(0);
2548 }
#define LOCK_FILE_LINE_PID
Definition: pidfile.h:37
char * make_absolute_path(const char *path)
Definition: path.c:608
int find_other_exec(const char *argv0, const char *target, const char *versionstr, char *retpath)
Definition: exec.c:324
#define SIGQUIT
Definition: win32_port.h:155
static char logrotate_file[MAXPGPATH]
Definition: pg_ctl.c:106
#define TRUE
Definition: ecpglib.h:35
static char * argv0
Definition: pg_ctl.c:97
static void read_post_opts(void)
Definition: pg_ctl.c:686
static int wait_seconds
Definition: pg_ctl.c:80
int pg_strip_crlf(char *str)
Definition: string.c:105
void * pg_malloc(size_t size)
Definition: fe_memutils.c:47
#define SIGUSR1
Definition: win32_port.h:166
const char * get_progname(const char *argv0)
Definition: path.c:453
int getopt_long(int argc, char *const argv[], const char *optstring, const struct option *longopts, int *longindex)
Definition: getopt_long.c:57
void appendPQExpBufferStr(PQExpBuffer str, const char *data)
Definition: pqexpbuffer.c:369
#define FALSE
Definition: ecpglib.h:39
static char * log_file
Definition: pg_ctl.c:91
void pg_logging_init(const char *argv0)
Definition: logging.c:39
char * psprintf(const char *fmt,...)
Definition: psprintf.c:46
static void do_help(void)
Definition: pg_ctl.c:1992
void make_native_path(char *path)
Definition: path.c:166
static char * post_opts
Definition: pg_ctl.c:89
static void do_stop(void)
Definition: pg_ctl.c:912
void canonicalize_path(char *path)
Definition: path.c:254
#define MCXT_ALLOC_NO_OOM
Definition: fe_memutils.h:18
#define kill(pid, sig)
Definition: win32_port.h:426
#define printf(...)
Definition: port.h:198
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
static ShutdownMode shutdown_mode
Definition: pg_ctl.c:83
#define SIGUSR2
Definition: win32_port.h:167
BOOL AddUserToTokenDacl(HANDLE hToken)
static char ** readfile(const char *path, int *numlines)
Definition: pg_ctl.c:317
static void adjust_data_dir(void)
Definition: pg_ctl.c:2143
#define LOCK_FILE_LINE_START_TIME
Definition: pidfile.h:39
static int fd(const char *x, int i)
Definition: preproc-init.c:105
static char * pg_data
Definition: pg_ctl.c:86
#define PG_BINARY
Definition: c.h:1191
static time_t start_time
Definition: pg_ctl.c:99
#define pg_attribute_printf(f, a)
Definition: c.h:132
#define SIGABRT
Definition: win32_port.h:157
#define SIGKILL
Definition: win32_port.h:158
static char * register_password
Definition: pg_ctl.c:96
#define sprintf
Definition: port.h:194
WaitPMResult
Definition: pg_ctl.c:49
void pg_usleep(long microsec)
Definition: signal.c:53
#define required_argument
Definition: getopt_long.h:25
void pfree(void *pointer)
Definition: mcxt.c:1056
int optind
Definition: getopt.c:50
static void do_logrotate(void)
Definition: pg_ctl.c:1229
static char pid_file[MAXPGPATH]
Definition: pg_ctl.c:103
long pgpid_t
Definition: pg_ctl.c:39
#define vsnprintf
Definition: port.h:191
static char backup_file[MAXPGPATH]
Definition: pg_ctl.c:104
#define MAXPGPATH
static char * register_username
Definition: pg_ctl.c:95
void appendPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:267
int find_my_exec(const char *argv0, char *retpath)
Definition: exec.c:129
static char * register_servicename
Definition: pg_ctl.c:94
char * c
static void do_start(void)
Definition: pg_ctl.c:819
#define PM_STATUS_READY
Definition: pidfile.h:53
#define SIGHUP
Definition: win32_port.h:154
char * pg_strdup(const char *in)
Definition: fe_memutils.c:85
static void trap_sigint_during_startup(int sig)
Definition: pg_ctl.c:741
void * pg_malloc_extended(size_t size, int flags)
Definition: fe_memutils.c:59
#define DEVNULL
Definition: port.h:123
int pgwin32_is_service(void)
ShutdownMode
Definition: pg_ctl.c:42
#define USEC_PER_SEC
Definition: pg_ctl.c:75
int main(int argc, char **argv)
Definition: pg_ctl.c:2220
DBState
Definition: pg_control.h:85
static void do_kill(pgpid_t pid)
Definition: pg_ctl.c:1367
static void do_restart(void)
Definition: pg_ctl.c:999
#define stat(a, b)
Definition: win32_port.h:255
static pgpid_t get_pgpid(bool is_status_request)
Definition: pg_ctl.c:249
static volatile pgpid_t postmasterPID
Definition: pg_ctl.c:108
static void do_status(void)
Definition: pg_ctl.c:1310
#define no_argument
Definition: getopt_long.h:24
CtlCommand
Definition: pg_ctl.c:56
char my_exec_path[MAXPGPATH]
Definition: globals.c:72
#define PG_TEXTDOMAIN(domain)
Definition: c.h:1135
static char * pgdata_opt
Definition: pg_ctl.c:88
#define PG_MODE_MASK_OWNER
Definition: file_perm.h:24
PQExpBuffer createPQExpBuffer(void)
Definition: pqexpbuffer.c:74
static char postopts_file[MAXPGPATH]
Definition: pg_ctl.c:101
static int sig
Definition: pg_ctl.c:84
static void free_readfile(char **optlines)
Definition: pg_ctl.c:413
#define PG_BACKEND_VERSIONSTR
Definition: port.h:111
pqsigfunc pqsignal(int signum, pqsigfunc handler)
Definition: signal.c:170
#define free(a)
Definition: header.h:65
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: strlcpy.c:45
#define PM_STATUS_STANDBY
Definition: pidfile.h:54
#define DEFAULT_EVENT_SOURCE
#define SIG_DFL
Definition: win32_port.h:149
Definition: regguts.h:298
static void do_promote(void)
Definition: pg_ctl.c:1130
ControlFileData * get_controlfile(const char *DataDir, bool *crc_ok_p)
#define strerror
Definition: port.h:205
static WaitPMResult wait_for_postmaster(pgpid_t pm_pid, bool do_checkpoint)
Definition: pg_ctl.c:554
static bool allow_core_files
Definition: pg_ctl.c:98
static char * exec_path
Definition: pg_ctl.c:92
static bool postmaster_is_alive(pid_t pid)
Definition: pg_ctl.c:1286
static void do_init(void)
Definition: pg_ctl.c:791
#define putenv(x)
Definition: win32_port.h:474
static char * event_source
Definition: pg_ctl.c:93
static const char * progname
Definition: pg_ctl.c:90
static bool wait_seconds_arg
Definition: pg_ctl.c:81
static pgpid_t start_postmaster(void)
Definition: pg_ctl.c:445
static void write_stderr(const char *fmt,...) pg_attribute_printf(1
Definition: pg_ctl.c:205
static char promote_file[MAXPGPATH]
Definition: pg_ctl.c:105
bool GetDataDirectoryCreatePerm(const char *dataDir)
static char * filename
Definition: pg_dumpall.c:91
void set_pglocale_pgservice(const char *argv0, const char *app)
Definition: exec.c:565
static bool do_wait
Definition: pg_ctl.c:79
static void set_mode(char *modeopt)
Definition: pg_ctl.c:2065
static void do_reload(void)
Definition: pg_ctl.c:1093
char * optarg
Definition: getopt.c:52
static void static void do_advice(void)
Definition: pg_ctl.c:1984
int i
static char version_file[MAXPGPATH]
Definition: pg_ctl.c:102
#define close(a)
Definition: win32.h:12
#define vfprintf
Definition: port.h:195
#define DEFAULT_WAIT
Definition: pg_ctl.c:73
static void static void status(const char *fmt,...) pg_attribute_printf(1
Definition: pg_regress.c:227
static DBState get_control_dbstate(void)
Definition: pg_ctl.c:2201
#define LOCK_FILE_LINE_PM_STATUS
Definition: pidfile.h:44
#define snprintf
Definition: port.h:192
static CtlCommand ctl_command
Definition: pg_ctl.c:85
static void print_msg(const char *msg)
Definition: pg_ctl.c:239
#define _(x)
Definition: elog.c:84
int pg_mode_mask
Definition: file_perm.c:25
static char * find_other_exec_or_die(const char *argv0, const char *target, const char *versionstr)
Definition: pg_ctl.c:759
static void set_sig(char *signame)
Definition: pg_ctl.c:2093
#define read(a, b, c)
Definition: win32.h:13
static bool silent_mode
Definition: pg_ctl.c:82
#define WAITS_PER_SEC
Definition: pg_ctl.c:77
static char * pg_config
Definition: pg_ctl.c:87