PostgreSQL Source Code  git master
pg_ctl.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * pg_ctl --- start/stops/restarts the PostgreSQL server
4  *
5  * Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
6  *
7  * src/bin/pg_ctl/pg_ctl.c
8  *
9  *-------------------------------------------------------------------------
10  */
11 
12 #include "postgres_fe.h"
13 
14 #include <fcntl.h>
15 #include <signal.h>
16 #include <time.h>
17 #include <sys/stat.h>
18 #include <sys/wait.h>
19 #include <unistd.h>
20 
21 #ifdef HAVE_SYS_RESOURCE_H
22 #include <sys/time.h>
23 #include <sys/resource.h>
24 #endif
25 
26 #include "catalog/pg_control.h"
28 #include "common/file_perm.h"
29 #include "common/logging.h"
30 #include "common/string.h"
31 #include "getopt_long.h"
32 #include "utils/pidfile.h"
33 
34 #ifdef WIN32 /* on Unix, we don't need libpq */
35 #include "pqexpbuffer.h"
36 #endif
37 
38 /* PID can be negative for standalone backend */
39 typedef long pgpid_t;
40 
41 
42 typedef enum
43 {
47 } ShutdownMode;
48 
49 typedef enum
50 {
54 } WaitPMResult;
55 
56 typedef enum
57 {
71 } CtlCommand;
72 
73 #define DEFAULT_WAIT 60
74 
75 #define USEC_PER_SEC 1000000
76 
77 #define WAITS_PER_SEC 10 /* should divide USEC_PER_SEC evenly */
78 
79 static bool do_wait = true;
81 static bool wait_seconds_arg = false;
82 static bool silent_mode = false;
84 static int sig = SIGINT; /* default */
86 static char *pg_data = NULL;
87 static char *pg_config = NULL;
88 static char *pgdata_opt = NULL;
89 static char *post_opts = NULL;
90 static const char *progname;
91 static char *log_file = NULL;
92 static char *exec_path = NULL;
93 static char *event_source = NULL;
94 static char *register_servicename = "PostgreSQL"; /* FIXME: + version ID? */
95 static char *register_username = NULL;
96 static char *register_password = NULL;
97 static char *argv0 = NULL;
98 static bool allow_core_files = false;
99 static time_t start_time;
100 
102 static char version_file[MAXPGPATH];
103 static char pid_file[MAXPGPATH];
104 static char backup_file[MAXPGPATH];
105 static char promote_file[MAXPGPATH];
107 
108 static volatile pgpid_t postmasterPID = -1;
109 
110 #ifdef WIN32
111 static DWORD pgctl_start_type = SERVICE_AUTO_START;
112 static SERVICE_STATUS status;
113 static SERVICE_STATUS_HANDLE hStatus = (SERVICE_STATUS_HANDLE) 0;
114 static HANDLE shutdownHandles[2];
115 
116 #define shutdownEvent shutdownHandles[0]
117 #define postmasterProcess shutdownHandles[1]
118 #endif
119 
120 
121 static void write_stderr(const char *fmt,...) pg_attribute_printf(1, 2);
122 static void do_advice(void);
123 static void do_help(void);
124 static void set_mode(char *modeopt);
125 static void set_sig(char *signame);
126 static void do_init(void);
127 static void do_start(void);
128 static void do_stop(void);
129 static void do_restart(void);
130 static void do_reload(void);
131 static void do_status(void);
132 static void do_promote(void);
133 static void do_logrotate(void);
134 static void do_kill(pgpid_t pid);
135 static void print_msg(const char *msg);
136 static void adjust_data_dir(void);
137 
138 #ifdef WIN32
139 #include <versionhelpers.h>
140 static bool pgwin32_IsInstalled(SC_HANDLE);
141 static char *pgwin32_CommandLine(bool);
142 static void pgwin32_doRegister(void);
143 static void pgwin32_doUnregister(void);
144 static void pgwin32_SetServiceStatus(DWORD);
145 static void WINAPI pgwin32_ServiceHandler(DWORD);
146 static void WINAPI pgwin32_ServiceMain(DWORD, LPTSTR *);
147 static void pgwin32_doRunAsService(void);
148 static int CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, bool as_service);
149 static PTOKEN_PRIVILEGES GetPrivilegesToDelete(HANDLE hToken);
150 #endif
151 
152 static pgpid_t get_pgpid(bool is_status_request);
153 static char **readfile(const char *path, int *numlines);
154 static void free_readfile(char **optlines);
155 static pgpid_t start_postmaster(void);
156 static void read_post_opts(void);
157 
158 static WaitPMResult wait_for_postmaster(pgpid_t pm_pid, bool do_checkpoint);
159 static bool postmaster_is_alive(pid_t pid);
160 
161 #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
162 static void unlimit_core_size(void);
163 #endif
164 
165 static DBState get_control_dbstate(void);
166 
167 
168 #ifdef WIN32
169 static void
170 write_eventlog(int level, const char *line)
171 {
172  static HANDLE evtHandle = INVALID_HANDLE_VALUE;
173 
174  if (silent_mode && level == EVENTLOG_INFORMATION_TYPE)
175  return;
176 
177  if (evtHandle == INVALID_HANDLE_VALUE)
178  {
179  evtHandle = RegisterEventSource(NULL,
181  if (evtHandle == NULL)
182  {
183  evtHandle = INVALID_HANDLE_VALUE;
184  return;
185  }
186  }
187 
188  ReportEvent(evtHandle,
189  level,
190  0,
191  0, /* All events are Id 0 */
192  NULL,
193  1,
194  0,
195  &line,
196  NULL);
197 }
198 #endif
199 
200 /*
201  * Write errors to stderr (or by equal means when stderr is
202  * not available).
203  */
204 static void
205 write_stderr(const char *fmt,...)
206 {
207  va_list ap;
208 
209  va_start(ap, fmt);
210 #ifndef WIN32
211  /* On Unix, we just fprintf to stderr */
212  vfprintf(stderr, fmt, ap);
213 #else
214 
215  /*
216  * On Win32, we print to stderr if running on a console, or write to
217  * eventlog if running as a service
218  */
219  if (pgwin32_is_service()) /* Running as a service */
220  {
221  char errbuf[2048]; /* Arbitrary size? */
222 
223  vsnprintf(errbuf, sizeof(errbuf), fmt, ap);
224 
225  write_eventlog(EVENTLOG_ERROR_TYPE, errbuf);
226  }
227  else
228  /* Not running as service, write to stderr */
229  vfprintf(stderr, fmt, ap);
230 #endif
231  va_end(ap);
232 }
233 
234 /*
235  * Given an already-localized string, print it to stdout unless the
236  * user has specified that no messages should be printed.
237  */
238 static void
239 print_msg(const char *msg)
240 {
241  if (!silent_mode)
242  {
243  fputs(msg, stdout);
244  fflush(stdout);
245  }
246 }
247 
248 static pgpid_t
249 get_pgpid(bool is_status_request)
250 {
251  FILE *pidf;
252  long pid;
253  struct stat statbuf;
254 
255  if (stat(pg_data, &statbuf) != 0)
256  {
257  if (errno == ENOENT)
258  write_stderr(_("%s: directory \"%s\" does not exist\n"), progname,
259  pg_data);
260  else
261  write_stderr(_("%s: could not access directory \"%s\": %s\n"), progname,
262  pg_data, strerror(errno));
263 
264  /*
265  * The Linux Standard Base Core Specification 3.1 says this should
266  * return '4, program or service status is unknown'
267  * https://refspecs.linuxbase.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
268  */
269  exit(is_status_request ? 4 : 1);
270  }
271 
272  if (stat(version_file, &statbuf) != 0 && errno == ENOENT)
273  {
274  write_stderr(_("%s: directory \"%s\" is not a database cluster directory\n"),
275  progname, pg_data);
276  exit(is_status_request ? 4 : 1);
277  }
278 
279  pidf = fopen(pid_file, "r");
280  if (pidf == NULL)
281  {
282  /* No pid file, not an error on startup */
283  if (errno == ENOENT)
284  return 0;
285  else
286  {
287  write_stderr(_("%s: could not open PID file \"%s\": %s\n"),
288  progname, pid_file, strerror(errno));
289  exit(1);
290  }
291  }
292  if (fscanf(pidf, "%ld", &pid) != 1)
293  {
294  /* Is the file empty? */
295  if (ftell(pidf) == 0 && feof(pidf))
296  write_stderr(_("%s: the PID file \"%s\" is empty\n"),
297  progname, pid_file);
298  else
299  write_stderr(_("%s: invalid data in PID file \"%s\"\n"),
300  progname, pid_file);
301  exit(1);
302  }
303  fclose(pidf);
304  return (pgpid_t) pid;
305 }
306 
307 
308 /*
309  * get the lines from a text file - return NULL if file can't be opened
310  *
311  * Trailing newlines are deleted from the lines (this is a change from pre-v10)
312  *
313  * *numlines is set to the number of line pointers returned; there is
314  * also an additional NULL pointer after the last real line.
315  */
316 static char **
317 readfile(const char *path, int *numlines)
318 {
319  int fd;
320  int nlines;
321  char **result;
322  char *buffer;
323  char *linebegin;
324  int i;
325  int n;
326  int len;
327  struct stat statbuf;
328 
329  *numlines = 0; /* in case of failure or empty file */
330 
331  /*
332  * Slurp the file into memory.
333  *
334  * The file can change concurrently, so we read the whole file into memory
335  * with a single read() call. That's not guaranteed to get an atomic
336  * snapshot, but in practice, for a small file, it's close enough for the
337  * current use.
338  */
339  fd = open(path, O_RDONLY | PG_BINARY, 0);
340  if (fd < 0)
341  return NULL;
342  if (fstat(fd, &statbuf) < 0)
343  {
344  close(fd);
345  return NULL;
346  }
347  if (statbuf.st_size == 0)
348  {
349  /* empty file */
350  close(fd);
351  result = (char **) pg_malloc(sizeof(char *));
352  *result = NULL;
353  return result;
354  }
355  buffer = pg_malloc(statbuf.st_size + 1);
356 
357  len = read(fd, buffer, statbuf.st_size + 1);
358  close(fd);
359  if (len != statbuf.st_size)
360  {
361  /* oops, the file size changed between fstat and read */
362  free(buffer);
363  return NULL;
364  }
365 
366  /*
367  * Count newlines. We expect there to be a newline after each full line,
368  * including one at the end of file. If there isn't a newline at the end,
369  * any characters after the last newline will be ignored.
370  */
371  nlines = 0;
372  for (i = 0; i < len; i++)
373  {
374  if (buffer[i] == '\n')
375  nlines++;
376  }
377 
378  /* set up the result buffer */
379  result = (char **) pg_malloc((nlines + 1) * sizeof(char *));
380  *numlines = nlines;
381 
382  /* now split the buffer into lines */
383  linebegin = buffer;
384  n = 0;
385  for (i = 0; i < len; i++)
386  {
387  if (buffer[i] == '\n')
388  {
389  int slen = &buffer[i] - linebegin;
390  char *linebuf = pg_malloc(slen + 1);
391 
392  memcpy(linebuf, linebegin, slen);
393  /* we already dropped the \n, but get rid of any \r too */
394  if (slen > 0 && linebuf[slen - 1] == '\r')
395  slen--;
396  linebuf[slen] = '\0';
397  result[n++] = linebuf;
398  linebegin = &buffer[i + 1];
399  }
400  }
401  result[n] = NULL;
402 
403  free(buffer);
404 
405  return result;
406 }
407 
408 
409 /*
410  * Free memory allocated for optlines through readfile()
411  */
412 static void
413 free_readfile(char **optlines)
414 {
415  char *curr_line = NULL;
416  int i = 0;
417 
418  if (!optlines)
419  return;
420 
421  while ((curr_line = optlines[i++]))
422  free(curr_line);
423 
424  free(optlines);
425 }
426 
427 /*
428  * start/test/stop routines
429  */
430 
431 /*
432  * Start the postmaster and return its PID.
433  *
434  * Currently, on Windows what we return is the PID of the shell process
435  * that launched the postmaster (and, we trust, is waiting for it to exit).
436  * So the PID is usable for "is the postmaster still running" checks,
437  * but cannot be compared directly to postmaster.pid.
438  *
439  * On Windows, we also save aside a handle to the shell process in
440  * "postmasterProcess", which the caller should close when done with it.
441  */
442 static pgpid_t
444 {
445  char cmd[MAXPGPATH];
446 
447 #ifndef WIN32
448  pgpid_t pm_pid;
449 
450  /* Flush stdio channels just before fork, to avoid double-output problems */
451  fflush(stdout);
452  fflush(stderr);
453 
454  pm_pid = fork();
455  if (pm_pid < 0)
456  {
457  /* fork failed */
458  write_stderr(_("%s: could not start server: %s\n"),
459  progname, strerror(errno));
460  exit(1);
461  }
462  if (pm_pid > 0)
463  {
464  /* fork succeeded, in parent */
465  return pm_pid;
466  }
467 
468  /* fork succeeded, in child */
469 
470  /*
471  * If possible, detach the postmaster process from the launching process
472  * group and make it a group leader, so that it doesn't get signaled along
473  * with the current group that launched it.
474  */
475 #ifdef HAVE_SETSID
476  if (setsid() < 0)
477  {
478  write_stderr(_("%s: could not start server due to setsid() failure: %s\n"),
479  progname, strerror(errno));
480  exit(1);
481  }
482 #endif
483 
484  /*
485  * Since there might be quotes to handle here, it is easier simply to pass
486  * everything to a shell to process them. Use exec so that the postmaster
487  * has the same PID as the current child process.
488  */
489  if (log_file != NULL)
490  snprintf(cmd, MAXPGPATH, "exec \"%s\" %s%s < \"%s\" >> \"%s\" 2>&1",
492  DEVNULL, log_file);
493  else
494  snprintf(cmd, MAXPGPATH, "exec \"%s\" %s%s < \"%s\" 2>&1",
496 
497  (void) execl("/bin/sh", "/bin/sh", "-c", cmd, (char *) NULL);
498 
499  /* exec failed */
500  write_stderr(_("%s: could not start server: %s\n"),
501  progname, strerror(errno));
502  exit(1);
503 
504  return 0; /* keep dumb compilers quiet */
505 
506 #else /* WIN32 */
507 
508  /*
509  * As with the Unix case, it's easiest to use the shell (CMD.EXE) to
510  * handle redirection etc. Unfortunately CMD.EXE lacks any equivalent of
511  * "exec", so we don't get to find out the postmaster's PID immediately.
512  */
513  PROCESS_INFORMATION pi;
514  const char *comspec;
515 
516  /* Find CMD.EXE location using COMSPEC, if it's set */
517  comspec = getenv("COMSPEC");
518  if (comspec == NULL)
519  comspec = "CMD";
520 
521  if (log_file != NULL)
522  {
523  /*
524  * First, open the log file if it exists. The idea is that if the
525  * file is still locked by a previous postmaster run, we'll wait until
526  * it comes free, instead of failing with ERROR_SHARING_VIOLATION.
527  * (It'd be better to open the file in a sharing-friendly mode, but we
528  * can't use CMD.EXE to do that, so work around it. Note that the
529  * previous postmaster will still have the file open for a short time
530  * after removing postmaster.pid.)
531  *
532  * If the log file doesn't exist, we *must not* create it here. If we
533  * were launched with higher privileges than the restricted process
534  * will have, the log file might end up with permissions settings that
535  * prevent the postmaster from writing on it.
536  */
537  int fd = open(log_file, O_RDWR, 0);
538 
539  if (fd == -1)
540  {
541  /*
542  * ENOENT is expectable since we didn't use O_CREAT. Otherwise
543  * complain. We could just fall through and let CMD.EXE report
544  * the problem, but its error reporting is pretty miserable.
545  */
546  if (errno != ENOENT)
547  {
548  write_stderr(_("%s: could not open log file \"%s\": %s\n"),
549  progname, log_file, strerror(errno));
550  exit(1);
551  }
552  }
553  else
554  close(fd);
555 
556  snprintf(cmd, MAXPGPATH, "\"%s\" /C \"\"%s\" %s%s < \"%s\" >> \"%s\" 2>&1\"",
558  }
559  else
560  snprintf(cmd, MAXPGPATH, "\"%s\" /C \"\"%s\" %s%s < \"%s\" 2>&1\"",
561  comspec, exec_path, pgdata_opt, post_opts, DEVNULL);
562 
563  if (!CreateRestrictedProcess(cmd, &pi, false))
564  {
565  write_stderr(_("%s: could not start server: error code %lu\n"),
566  progname, (unsigned long) GetLastError());
567  exit(1);
568  }
569  /* Don't close command process handle here; caller must do so */
570  postmasterProcess = pi.hProcess;
571  CloseHandle(pi.hThread);
572  return pi.dwProcessId; /* Shell's PID, not postmaster's! */
573 #endif /* WIN32 */
574 }
575 
576 
577 
578 /*
579  * Wait for the postmaster to become ready.
580  *
581  * On Unix, pm_pid is the PID of the just-launched postmaster. On Windows,
582  * it may be the PID of an ancestor shell process, so we can't check the
583  * contents of postmaster.pid quite as carefully.
584  *
585  * On Windows, the static variable postmasterProcess is an implicit argument
586  * to this routine; it contains a handle to the postmaster process or an
587  * ancestor shell process thereof.
588  *
589  * Note that the checkpoint parameter enables a Windows service control
590  * manager checkpoint, it's got nothing to do with database checkpoints!!
591  */
592 static WaitPMResult
593 wait_for_postmaster(pgpid_t pm_pid, bool do_checkpoint)
594 {
595  int i;
596 
597  for (i = 0; i < wait_seconds * WAITS_PER_SEC; i++)
598  {
599  char **optlines;
600  int numlines;
601 
602  /*
603  * Try to read the postmaster.pid file. If it's not valid, or if the
604  * status line isn't there yet, just keep waiting.
605  */
606  if ((optlines = readfile(pid_file, &numlines)) != NULL &&
607  numlines >= LOCK_FILE_LINE_PM_STATUS)
608  {
609  /* File is complete enough for us, parse it */
610  pgpid_t pmpid;
611  time_t pmstart;
612 
613  /*
614  * Make sanity checks. If it's for the wrong PID, or the recorded
615  * start time is before pg_ctl started, then either we are looking
616  * at the wrong data directory, or this is a pre-existing pidfile
617  * that hasn't (yet?) been overwritten by our child postmaster.
618  * Allow 2 seconds slop for possible cross-process clock skew.
619  */
620  pmpid = atol(optlines[LOCK_FILE_LINE_PID - 1]);
621  pmstart = atol(optlines[LOCK_FILE_LINE_START_TIME - 1]);
622  if (pmstart >= start_time - 2 &&
623 #ifndef WIN32
624  pmpid == pm_pid
625 #else
626  /* Windows can only reject standalone-backend PIDs */
627  pmpid > 0
628 #endif
629  )
630  {
631  /*
632  * OK, seems to be a valid pidfile from our child. Check the
633  * status line (this assumes a v10 or later server).
634  */
635  char *pmstatus = optlines[LOCK_FILE_LINE_PM_STATUS - 1];
636 
637  if (strcmp(pmstatus, PM_STATUS_READY) == 0 ||
638  strcmp(pmstatus, PM_STATUS_STANDBY) == 0)
639  {
640  /* postmaster is done starting up */
641  free_readfile(optlines);
642  return POSTMASTER_READY;
643  }
644  }
645  }
646 
647  /*
648  * Free the results of readfile.
649  *
650  * This is safe to call even if optlines is NULL.
651  */
652  free_readfile(optlines);
653 
654  /*
655  * Check whether the child postmaster process is still alive. This
656  * lets us exit early if the postmaster fails during startup.
657  *
658  * On Windows, we may be checking the postmaster's parent shell, but
659  * that's fine for this purpose.
660  */
661 #ifndef WIN32
662  {
663  int exitstatus;
664 
665  if (waitpid((pid_t) pm_pid, &exitstatus, WNOHANG) == (pid_t) pm_pid)
666  return POSTMASTER_FAILED;
667  }
668 #else
669  if (WaitForSingleObject(postmasterProcess, 0) == WAIT_OBJECT_0)
670  return POSTMASTER_FAILED;
671 #endif
672 
673  /* Startup still in process; wait, printing a dot once per second */
674  if (i % WAITS_PER_SEC == 0)
675  {
676 #ifdef WIN32
677  if (do_checkpoint)
678  {
679  /*
680  * Increment the wait hint by 6 secs (connection timeout +
681  * sleep). We must do this to indicate to the SCM that our
682  * startup time is changing, otherwise it'll usually send a
683  * stop signal after 20 seconds, despite incrementing the
684  * checkpoint counter.
685  */
686  status.dwWaitHint += 6000;
687  status.dwCheckPoint++;
688  SetServiceStatus(hStatus, (LPSERVICE_STATUS) &status);
689  }
690  else
691 #endif
692  print_msg(".");
693  }
694 
695  pg_usleep(USEC_PER_SEC / WAITS_PER_SEC);
696  }
697 
698  /* out of patience; report that postmaster is still starting up */
700 }
701 
702 
703 #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
704 static void
705 unlimit_core_size(void)
706 {
707  struct rlimit lim;
708 
709  getrlimit(RLIMIT_CORE, &lim);
710  if (lim.rlim_max == 0)
711  {
712  write_stderr(_("%s: cannot set core file size limit; disallowed by hard limit\n"),
713  progname);
714  return;
715  }
716  else if (lim.rlim_max == RLIM_INFINITY || lim.rlim_cur < lim.rlim_max)
717  {
718  lim.rlim_cur = lim.rlim_max;
719  setrlimit(RLIMIT_CORE, &lim);
720  }
721 }
722 #endif
723 
724 static void
726 {
727  if (post_opts == NULL)
728  {
729  post_opts = ""; /* default */
731  {
732  char **optlines;
733  int numlines;
734 
735  optlines = readfile(postopts_file, &numlines);
736  if (optlines == NULL)
737  {
738  write_stderr(_("%s: could not read file \"%s\"\n"), progname, postopts_file);
739  exit(1);
740  }
741  else if (numlines != 1)
742  {
743  write_stderr(_("%s: option file \"%s\" must have exactly one line\n"),
745  exit(1);
746  }
747  else
748  {
749  char *optline;
750  char *arg1;
751 
752  optline = optlines[0];
753 
754  /*
755  * Are we at the first option, as defined by space and
756  * double-quote?
757  */
758  if ((arg1 = strstr(optline, " \"")) != NULL)
759  {
760  *arg1 = '\0'; /* terminate so we get only program name */
761  post_opts = pg_strdup(arg1 + 1); /* point past whitespace */
762  }
763  if (exec_path == NULL)
764  exec_path = pg_strdup(optline);
765  }
766 
767  /* Free the results of readfile. */
768  free_readfile(optlines);
769  }
770  }
771 }
772 
773 /*
774  * SIGINT signal handler used while waiting for postmaster to start up.
775  * Forwards the SIGINT to the postmaster process, asking it to shut down,
776  * before terminating pg_ctl itself. This way, if the user hits CTRL-C while
777  * waiting for the server to start up, the server launch is aborted.
778  */
779 static void
781 {
782  if (postmasterPID != -1)
783  {
784  if (kill(postmasterPID, SIGINT) != 0)
785  write_stderr(_("%s: could not send stop signal (PID: %ld): %s\n"),
787  }
788 
789  /*
790  * Clear the signal handler, and send the signal again, to terminate the
791  * process as normal.
792  */
793  pqsignal(SIGINT, SIG_DFL);
794  raise(SIGINT);
795 }
796 
797 static char *
798 find_other_exec_or_die(const char *argv0, const char *target, const char *versionstr)
799 {
800  int ret;
801  char *found_path;
802 
803  found_path = pg_malloc(MAXPGPATH);
804 
805  if ((ret = find_other_exec(argv0, target, versionstr, found_path)) < 0)
806  {
807  char full_path[MAXPGPATH];
808 
809  if (find_my_exec(argv0, full_path) < 0)
810  strlcpy(full_path, progname, sizeof(full_path));
811 
812  if (ret == -1)
813  write_stderr(_("The program \"%s\" is needed by %s but was not found in the\n"
814  "same directory as \"%s\".\n"
815  "Check your installation.\n"),
816  target, progname, full_path);
817  else
818  write_stderr(_("The program \"%s\" was found by \"%s\"\n"
819  "but was not the same version as %s.\n"
820  "Check your installation.\n"),
821  target, full_path, progname);
822  exit(1);
823  }
824 
825  return found_path;
826 }
827 
828 static void
829 do_init(void)
830 {
831  char cmd[MAXPGPATH];
832 
833  if (exec_path == NULL)
834  exec_path = find_other_exec_or_die(argv0, "initdb", "initdb (PostgreSQL) " PG_VERSION "\n");
835 
836  if (pgdata_opt == NULL)
837  pgdata_opt = "";
838 
839  if (post_opts == NULL)
840  post_opts = "";
841 
842  if (!silent_mode)
843  snprintf(cmd, MAXPGPATH, "\"%s\" %s%s",
845  else
846  snprintf(cmd, MAXPGPATH, "\"%s\" %s%s > \"%s\"",
848 
849  if (system(cmd) != 0)
850  {
851  write_stderr(_("%s: database system initialization failed\n"), progname);
852  exit(1);
853  }
854 }
855 
856 static void
857 do_start(void)
858 {
859  pgpid_t old_pid = 0;
860  pgpid_t pm_pid;
861 
863  {
864  old_pid = get_pgpid(false);
865  if (old_pid != 0)
866  write_stderr(_("%s: another server might be running; "
867  "trying to start server anyway\n"),
868  progname);
869  }
870 
871  read_post_opts();
872 
873  /* No -D or -D already added during server start */
874  if (ctl_command == RESTART_COMMAND || pgdata_opt == NULL)
875  pgdata_opt = "";
876 
877  if (exec_path == NULL)
879 
880 #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
881  if (allow_core_files)
882  unlimit_core_size();
883 #endif
884 
885  /*
886  * If possible, tell the postmaster our parent shell's PID (see the
887  * comments in CreateLockFile() for motivation). Windows hasn't got
888  * getppid() unfortunately.
889  */
890 #ifndef WIN32
891  {
892  static char env_var[32];
893 
894  snprintf(env_var, sizeof(env_var), "PG_GRANDPARENT_PID=%d",
895  (int) getppid());
896  putenv(env_var);
897  }
898 #endif
899 
900  pm_pid = start_postmaster();
901 
902  if (do_wait)
903  {
904  /*
905  * If the user interrupts the startup (e.g. with CTRL-C), we'd like to
906  * abort the server launch. Install a signal handler that will
907  * forward SIGINT to the postmaster process, while we wait.
908  *
909  * (We don't bother to reset the signal handler after the launch, as
910  * we're about to exit, anyway.)
911  */
912  postmasterPID = pm_pid;
914 
915  print_msg(_("waiting for server to start..."));
916 
917  switch (wait_for_postmaster(pm_pid, false))
918  {
919  case POSTMASTER_READY:
920  print_msg(_(" done\n"));
921  print_msg(_("server started\n"));
922  break;
924  print_msg(_(" stopped waiting\n"));
925  write_stderr(_("%s: server did not start in time\n"),
926  progname);
927  exit(1);
928  break;
929  case POSTMASTER_FAILED:
930  print_msg(_(" stopped waiting\n"));
931  write_stderr(_("%s: could not start server\n"
932  "Examine the log output.\n"),
933  progname);
934  exit(1);
935  break;
936  }
937  }
938  else
939  print_msg(_("server starting\n"));
940 
941 #ifdef WIN32
942  /* Now we don't need the handle to the shell process anymore */
943  CloseHandle(postmasterProcess);
944  postmasterProcess = INVALID_HANDLE_VALUE;
945 #endif
946 }
947 
948 
949 static void
950 do_stop(void)
951 {
952  int cnt;
953  pgpid_t pid;
954  struct stat statbuf;
955 
956  pid = get_pgpid(false);
957 
958  if (pid == 0) /* no pid file */
959  {
960  write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
961  write_stderr(_("Is server running?\n"));
962  exit(1);
963  }
964  else if (pid < 0) /* standalone backend, not postmaster */
965  {
966  pid = -pid;
967  write_stderr(_("%s: cannot stop server; "
968  "single-user server is running (PID: %ld)\n"),
969  progname, pid);
970  exit(1);
971  }
972 
973  if (kill((pid_t) pid, sig) != 0)
974  {
975  write_stderr(_("%s: could not send stop signal (PID: %ld): %s\n"), progname, pid,
976  strerror(errno));
977  exit(1);
978  }
979 
980  if (!do_wait)
981  {
982  print_msg(_("server shutting down\n"));
983  return;
984  }
985  else
986  {
987  /*
988  * If backup_label exists, an online backup is running. Warn the user
989  * that smart shutdown will wait for it to finish. However, if the
990  * server is in archive recovery, we're recovering from an online
991  * backup instead of performing one.
992  */
993  if (shutdown_mode == SMART_MODE &&
994  stat(backup_file, &statbuf) == 0 &&
996  {
997  print_msg(_("WARNING: online backup mode is active\n"
998  "Shutdown will not complete until pg_stop_backup() is called.\n\n"));
999  }
1000 
1001  print_msg(_("waiting for server to shut down..."));
1002 
1003  for (cnt = 0; cnt < wait_seconds * WAITS_PER_SEC; cnt++)
1004  {
1005  if ((pid = get_pgpid(false)) != 0)
1006  {
1007  if (cnt % WAITS_PER_SEC == 0)
1008  print_msg(".");
1009  pg_usleep(USEC_PER_SEC / WAITS_PER_SEC);
1010  }
1011  else
1012  break;
1013  }
1014 
1015  if (pid != 0) /* pid file still exists */
1016  {
1017  print_msg(_(" failed\n"));
1018 
1019  write_stderr(_("%s: server does not shut down\n"), progname);
1020  if (shutdown_mode == SMART_MODE)
1021  write_stderr(_("HINT: The \"-m fast\" option immediately disconnects sessions rather than\n"
1022  "waiting for session-initiated disconnection.\n"));
1023  exit(1);
1024  }
1025  print_msg(_(" done\n"));
1026 
1027  print_msg(_("server stopped\n"));
1028  }
1029 }
1030 
1031 
1032 /*
1033  * restart/reload routines
1034  */
1035 
1036 static void
1038 {
1039  int cnt;
1040  pgpid_t pid;
1041  struct stat statbuf;
1042 
1043  pid = get_pgpid(false);
1044 
1045  if (pid == 0) /* no pid file */
1046  {
1047  write_stderr(_("%s: PID file \"%s\" does not exist\n"),
1048  progname, pid_file);
1049  write_stderr(_("Is server running?\n"));
1050  write_stderr(_("trying to start server anyway\n"));
1051  do_start();
1052  return;
1053  }
1054  else if (pid < 0) /* standalone backend, not postmaster */
1055  {
1056  pid = -pid;
1057  if (postmaster_is_alive((pid_t) pid))
1058  {
1059  write_stderr(_("%s: cannot restart server; "
1060  "single-user server is running (PID: %ld)\n"),
1061  progname, pid);
1062  write_stderr(_("Please terminate the single-user server and try again.\n"));
1063  exit(1);
1064  }
1065  }
1066 
1067  if (postmaster_is_alive((pid_t) pid))
1068  {
1069  if (kill((pid_t) pid, sig) != 0)
1070  {
1071  write_stderr(_("%s: could not send stop signal (PID: %ld): %s\n"), progname, pid,
1072  strerror(errno));
1073  exit(1);
1074  }
1075 
1076  /*
1077  * If backup_label exists, an online backup is running. Warn the user
1078  * that smart shutdown will wait for it to finish. However, if the
1079  * server is in archive recovery, we're recovering from an online
1080  * backup instead of performing one.
1081  */
1082  if (shutdown_mode == SMART_MODE &&
1083  stat(backup_file, &statbuf) == 0 &&
1085  {
1086  print_msg(_("WARNING: online backup mode is active\n"
1087  "Shutdown will not complete until pg_stop_backup() is called.\n\n"));
1088  }
1089 
1090  print_msg(_("waiting for server to shut down..."));
1091 
1092  /* always wait for restart */
1093 
1094  for (cnt = 0; cnt < wait_seconds * WAITS_PER_SEC; cnt++)
1095  {
1096  if ((pid = get_pgpid(false)) != 0)
1097  {
1098  if (cnt % WAITS_PER_SEC == 0)
1099  print_msg(".");
1100  pg_usleep(USEC_PER_SEC / WAITS_PER_SEC);
1101  }
1102  else
1103  break;
1104  }
1105 
1106  if (pid != 0) /* pid file still exists */
1107  {
1108  print_msg(_(" failed\n"));
1109 
1110  write_stderr(_("%s: server does not shut down\n"), progname);
1111  if (shutdown_mode == SMART_MODE)
1112  write_stderr(_("HINT: The \"-m fast\" option immediately disconnects sessions rather than\n"
1113  "waiting for session-initiated disconnection.\n"));
1114  exit(1);
1115  }
1116 
1117  print_msg(_(" done\n"));
1118  print_msg(_("server stopped\n"));
1119  }
1120  else
1121  {
1122  write_stderr(_("%s: old server process (PID: %ld) seems to be gone\n"),
1123  progname, pid);
1124  write_stderr(_("starting server anyway\n"));
1125  }
1126 
1127  do_start();
1128 }
1129 
1130 static void
1132 {
1133  pgpid_t pid;
1134 
1135  pid = get_pgpid(false);
1136  if (pid == 0) /* no pid file */
1137  {
1138  write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
1139  write_stderr(_("Is server running?\n"));
1140  exit(1);
1141  }
1142  else if (pid < 0) /* standalone backend, not postmaster */
1143  {
1144  pid = -pid;
1145  write_stderr(_("%s: cannot reload server; "
1146  "single-user server is running (PID: %ld)\n"),
1147  progname, pid);
1148  write_stderr(_("Please terminate the single-user server and try again.\n"));
1149  exit(1);
1150  }
1151 
1152  if (kill((pid_t) pid, sig) != 0)
1153  {
1154  write_stderr(_("%s: could not send reload signal (PID: %ld): %s\n"),
1155  progname, pid, strerror(errno));
1156  exit(1);
1157  }
1158 
1159  print_msg(_("server signaled\n"));
1160 }
1161 
1162 
1163 /*
1164  * promote
1165  */
1166 
1167 static void
1169 {
1170  FILE *prmfile;
1171  pgpid_t pid;
1172 
1173  pid = get_pgpid(false);
1174 
1175  if (pid == 0) /* no pid file */
1176  {
1177  write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
1178  write_stderr(_("Is server running?\n"));
1179  exit(1);
1180  }
1181  else if (pid < 0) /* standalone backend, not postmaster */
1182  {
1183  pid = -pid;
1184  write_stderr(_("%s: cannot promote server; "
1185  "single-user server is running (PID: %ld)\n"),
1186  progname, pid);
1187  exit(1);
1188  }
1189 
1191  {
1192  write_stderr(_("%s: cannot promote server; "
1193  "server is not in standby mode\n"),
1194  progname);
1195  exit(1);
1196  }
1197 
1198  snprintf(promote_file, MAXPGPATH, "%s/promote", pg_data);
1199 
1200  if ((prmfile = fopen(promote_file, "w")) == NULL)
1201  {
1202  write_stderr(_("%s: could not create promote signal file \"%s\": %s\n"),
1203  progname, promote_file, strerror(errno));
1204  exit(1);
1205  }
1206  if (fclose(prmfile))
1207  {
1208  write_stderr(_("%s: could not write promote signal file \"%s\": %s\n"),
1209  progname, promote_file, strerror(errno));
1210  exit(1);
1211  }
1212 
1213  sig = SIGUSR1;
1214  if (kill((pid_t) pid, sig) != 0)
1215  {
1216  write_stderr(_("%s: could not send promote signal (PID: %ld): %s\n"),
1217  progname, pid, strerror(errno));
1218  if (unlink(promote_file) != 0)
1219  write_stderr(_("%s: could not remove promote signal file \"%s\": %s\n"),
1220  progname, promote_file, strerror(errno));
1221  exit(1);
1222  }
1223 
1224  if (do_wait)
1225  {
1227  int cnt;
1228 
1229  print_msg(_("waiting for server to promote..."));
1230  for (cnt = 0; cnt < wait_seconds * WAITS_PER_SEC; cnt++)
1231  {
1232  state = get_control_dbstate();
1233  if (state == DB_IN_PRODUCTION)
1234  break;
1235 
1236  if (cnt % WAITS_PER_SEC == 0)
1237  print_msg(".");
1238  pg_usleep(USEC_PER_SEC / WAITS_PER_SEC);
1239  }
1240  if (state == DB_IN_PRODUCTION)
1241  {
1242  print_msg(_(" done\n"));
1243  print_msg(_("server promoted\n"));
1244  }
1245  else
1246  {
1247  print_msg(_(" stopped waiting\n"));
1248  write_stderr(_("%s: server did not promote in time\n"),
1249  progname);
1250  exit(1);
1251  }
1252  }
1253  else
1254  print_msg(_("server promoting\n"));
1255 }
1256 
1257 /*
1258  * log rotate
1259  */
1260 
1261 static void
1263 {
1264  FILE *logrotatefile;
1265  pgpid_t pid;
1266 
1267  pid = get_pgpid(false);
1268 
1269  if (pid == 0) /* no pid file */
1270  {
1271  write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
1272  write_stderr(_("Is server running?\n"));
1273  exit(1);
1274  }
1275  else if (pid < 0) /* standalone backend, not postmaster */
1276  {
1277  pid = -pid;
1278  write_stderr(_("%s: cannot rotate log file; "
1279  "single-user server is running (PID: %ld)\n"),
1280  progname, pid);
1281  exit(1);
1282  }
1283 
1284  snprintf(logrotate_file, MAXPGPATH, "%s/logrotate", pg_data);
1285 
1286  if ((logrotatefile = fopen(logrotate_file, "w")) == NULL)
1287  {
1288  write_stderr(_("%s: could not create log rotation signal file \"%s\": %s\n"),
1289  progname, logrotate_file, strerror(errno));
1290  exit(1);
1291  }
1292  if (fclose(logrotatefile))
1293  {
1294  write_stderr(_("%s: could not write log rotation signal file \"%s\": %s\n"),
1295  progname, logrotate_file, strerror(errno));
1296  exit(1);
1297  }
1298 
1299  sig = SIGUSR1;
1300  if (kill((pid_t) pid, sig) != 0)
1301  {
1302  write_stderr(_("%s: could not send log rotation signal (PID: %ld): %s\n"),
1303  progname, pid, strerror(errno));
1304  if (unlink(logrotate_file) != 0)
1305  write_stderr(_("%s: could not remove log rotation signal file \"%s\": %s\n"),
1306  progname, logrotate_file, strerror(errno));
1307  exit(1);
1308  }
1309 
1310  print_msg(_("server signaled to rotate log file\n"));
1311 }
1312 
1313 
1314 /*
1315  * utility routines
1316  */
1317 
1318 static bool
1320 {
1321  /*
1322  * Test to see if the process is still there. Note that we do not
1323  * consider an EPERM failure to mean that the process is still there;
1324  * EPERM must mean that the given PID belongs to some other userid, and
1325  * considering the permissions on $PGDATA, that means it's not the
1326  * postmaster we are after.
1327  *
1328  * Don't believe that our own PID or parent shell's PID is the postmaster,
1329  * either. (Windows hasn't got getppid(), though.)
1330  */
1331  if (pid == getpid())
1332  return false;
1333 #ifndef WIN32
1334  if (pid == getppid())
1335  return false;
1336 #endif
1337  if (kill(pid, 0) == 0)
1338  return true;
1339  return false;
1340 }
1341 
1342 static void
1344 {
1345  pgpid_t pid;
1346 
1347  pid = get_pgpid(true);
1348  /* Is there a pid file? */
1349  if (pid != 0)
1350  {
1351  /* standalone backend? */
1352  if (pid < 0)
1353  {
1354  pid = -pid;
1355  if (postmaster_is_alive((pid_t) pid))
1356  {
1357  printf(_("%s: single-user server is running (PID: %ld)\n"),
1358  progname, pid);
1359  return;
1360  }
1361  }
1362  else
1363  /* must be a postmaster */
1364  {
1365  if (postmaster_is_alive((pid_t) pid))
1366  {
1367  char **optlines;
1368  char **curr_line;
1369  int numlines;
1370 
1371  printf(_("%s: server is running (PID: %ld)\n"),
1372  progname, pid);
1373 
1374  optlines = readfile(postopts_file, &numlines);
1375  if (optlines != NULL)
1376  {
1377  for (curr_line = optlines; *curr_line != NULL; curr_line++)
1378  puts(*curr_line);
1379 
1380  /* Free the results of readfile */
1381  free_readfile(optlines);
1382  }
1383  return;
1384  }
1385  }
1386  }
1387  printf(_("%s: no server running\n"), progname);
1388 
1389  /*
1390  * The Linux Standard Base Core Specification 3.1 says this should return
1391  * '3, program is not running'
1392  * https://refspecs.linuxbase.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
1393  */
1394  exit(3);
1395 }
1396 
1397 
1398 
1399 static void
1401 {
1402  if (kill((pid_t) pid, sig) != 0)
1403  {
1404  write_stderr(_("%s: could not send signal %d (PID: %ld): %s\n"),
1405  progname, sig, pid, strerror(errno));
1406  exit(1);
1407  }
1408 }
1409 
1410 #ifdef WIN32
1411 
1412 static bool
1413 pgwin32_IsInstalled(SC_HANDLE hSCM)
1414 {
1415  SC_HANDLE hService = OpenService(hSCM, register_servicename, SERVICE_QUERY_CONFIG);
1416  bool bResult = (hService != NULL);
1417 
1418  if (bResult)
1419  CloseServiceHandle(hService);
1420  return bResult;
1421 }
1422 
1423 static char *
1424 pgwin32_CommandLine(bool registration)
1425 {
1426  PQExpBuffer cmdLine = createPQExpBuffer();
1427  char cmdPath[MAXPGPATH];
1428  int ret;
1429 
1430  if (registration)
1431  {
1432  ret = find_my_exec(argv0, cmdPath);
1433  if (ret != 0)
1434  {
1435  write_stderr(_("%s: could not find own program executable\n"), progname);
1436  exit(1);
1437  }
1438  }
1439  else
1440  {
1441  ret = find_other_exec(argv0, "postgres", PG_BACKEND_VERSIONSTR,
1442  cmdPath);
1443  if (ret != 0)
1444  {
1445  write_stderr(_("%s: could not find postgres program executable\n"), progname);
1446  exit(1);
1447  }
1448  }
1449 
1450  /* if path does not end in .exe, append it */
1451  if (strlen(cmdPath) < 4 ||
1452  pg_strcasecmp(cmdPath + strlen(cmdPath) - 4, ".exe") != 0)
1453  snprintf(cmdPath + strlen(cmdPath), sizeof(cmdPath) - strlen(cmdPath),
1454  ".exe");
1455 
1456  /* use backslashes in path to avoid problems with some third-party tools */
1457  make_native_path(cmdPath);
1458 
1459  /* be sure to double-quote the executable's name in the command */
1460  appendPQExpBuffer(cmdLine, "\"%s\"", cmdPath);
1461 
1462  /* append assorted switches to the command line, as needed */
1463 
1464  if (registration)
1465  appendPQExpBuffer(cmdLine, " runservice -N \"%s\"",
1467 
1468  if (pg_config)
1469  {
1470  /* We need the -D path to be absolute */
1471  char *dataDir;
1472 
1473  if ((dataDir = make_absolute_path(pg_config)) == NULL)
1474  {
1475  /* make_absolute_path already reported the error */
1476  exit(1);
1477  }
1478  make_native_path(dataDir);
1479  appendPQExpBuffer(cmdLine, " -D \"%s\"", dataDir);
1480  free(dataDir);
1481  }
1482 
1483  if (registration && event_source != NULL)
1484  appendPQExpBuffer(cmdLine, " -e \"%s\"", event_source);
1485 
1486  if (registration && do_wait)
1487  appendPQExpBufferStr(cmdLine, " -w");
1488 
1489  /* Don't propagate a value from an environment variable. */
1490  if (registration && wait_seconds_arg && wait_seconds != DEFAULT_WAIT)
1491  appendPQExpBuffer(cmdLine, " -t %d", wait_seconds);
1492 
1493  if (registration && silent_mode)
1494  appendPQExpBufferStr(cmdLine, " -s");
1495 
1496  if (post_opts)
1497  {
1498  if (registration)
1499  appendPQExpBuffer(cmdLine, " -o \"%s\"", post_opts);
1500  else
1501  appendPQExpBuffer(cmdLine, " %s", post_opts);
1502  }
1503 
1504  return cmdLine->data;
1505 }
1506 
1507 static void
1508 pgwin32_doRegister(void)
1509 {
1510  SC_HANDLE hService;
1511  SC_HANDLE hSCM = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
1512 
1513  if (hSCM == NULL)
1514  {
1515  write_stderr(_("%s: could not open service manager\n"), progname);
1516  exit(1);
1517  }
1518  if (pgwin32_IsInstalled(hSCM))
1519  {
1520  CloseServiceHandle(hSCM);
1521  write_stderr(_("%s: service \"%s\" already registered\n"), progname, register_servicename);
1522  exit(1);
1523  }
1524 
1525  if ((hService = CreateService(hSCM, register_servicename, register_servicename,
1526  SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS,
1527  pgctl_start_type, SERVICE_ERROR_NORMAL,
1528  pgwin32_CommandLine(true),
1529  NULL, NULL, "RPCSS\0", register_username, register_password)) == NULL)
1530  {
1531  CloseServiceHandle(hSCM);
1532  write_stderr(_("%s: could not register service \"%s\": error code %lu\n"),
1534  (unsigned long) GetLastError());
1535  exit(1);
1536  }
1537  CloseServiceHandle(hService);
1538  CloseServiceHandle(hSCM);
1539 }
1540 
1541 static void
1542 pgwin32_doUnregister(void)
1543 {
1544  SC_HANDLE hService;
1545  SC_HANDLE hSCM = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
1546 
1547  if (hSCM == NULL)
1548  {
1549  write_stderr(_("%s: could not open service manager\n"), progname);
1550  exit(1);
1551  }
1552  if (!pgwin32_IsInstalled(hSCM))
1553  {
1554  CloseServiceHandle(hSCM);
1555  write_stderr(_("%s: service \"%s\" not registered\n"), progname, register_servicename);
1556  exit(1);
1557  }
1558 
1559  if ((hService = OpenService(hSCM, register_servicename, DELETE)) == NULL)
1560  {
1561  CloseServiceHandle(hSCM);
1562  write_stderr(_("%s: could not open service \"%s\": error code %lu\n"),
1564  (unsigned long) GetLastError());
1565  exit(1);
1566  }
1567  if (!DeleteService(hService))
1568  {
1569  CloseServiceHandle(hService);
1570  CloseServiceHandle(hSCM);
1571  write_stderr(_("%s: could not unregister service \"%s\": error code %lu\n"),
1573  (unsigned long) GetLastError());
1574  exit(1);
1575  }
1576  CloseServiceHandle(hService);
1577  CloseServiceHandle(hSCM);
1578 }
1579 
1580 static void
1581 pgwin32_SetServiceStatus(DWORD currentState)
1582 {
1583  status.dwCurrentState = currentState;
1584  SetServiceStatus(hStatus, (LPSERVICE_STATUS) &status);
1585 }
1586 
1587 static void WINAPI
1588 pgwin32_ServiceHandler(DWORD request)
1589 {
1590  switch (request)
1591  {
1592  case SERVICE_CONTROL_STOP:
1593  case SERVICE_CONTROL_SHUTDOWN:
1594 
1595  /*
1596  * We only need a short wait hint here as it just needs to wait
1597  * for the next checkpoint. They occur every 5 seconds during
1598  * shutdown
1599  */
1600  status.dwWaitHint = 10000;
1601  pgwin32_SetServiceStatus(SERVICE_STOP_PENDING);
1602  SetEvent(shutdownEvent);
1603  return;
1604 
1605  case SERVICE_CONTROL_PAUSE:
1606  /* Win32 config reloading */
1607  status.dwWaitHint = 5000;
1609  return;
1610 
1611  /* FIXME: These could be used to replace other signals etc */
1612  case SERVICE_CONTROL_CONTINUE:
1613  case SERVICE_CONTROL_INTERROGATE:
1614  default:
1615  break;
1616  }
1617 }
1618 
1619 static void WINAPI
1620 pgwin32_ServiceMain(DWORD argc, LPTSTR *argv)
1621 {
1622  PROCESS_INFORMATION pi;
1623  DWORD ret;
1624 
1625  /* Initialize variables */
1626  status.dwWin32ExitCode = S_OK;
1627  status.dwCheckPoint = 0;
1628  status.dwWaitHint = 60000;
1629  status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
1630  status.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN | SERVICE_ACCEPT_PAUSE_CONTINUE;
1631  status.dwServiceSpecificExitCode = 0;
1632  status.dwCurrentState = SERVICE_START_PENDING;
1633 
1634  memset(&pi, 0, sizeof(pi));
1635 
1636  read_post_opts();
1637 
1638  /* Register the control request handler */
1639  if ((hStatus = RegisterServiceCtrlHandler(register_servicename, pgwin32_ServiceHandler)) == (SERVICE_STATUS_HANDLE) 0)
1640  return;
1641 
1642  if ((shutdownEvent = CreateEvent(NULL, true, false, NULL)) == NULL)
1643  return;
1644 
1645  /* Start the postmaster */
1646  pgwin32_SetServiceStatus(SERVICE_START_PENDING);
1647  if (!CreateRestrictedProcess(pgwin32_CommandLine(false), &pi, true))
1648  {
1649  pgwin32_SetServiceStatus(SERVICE_STOPPED);
1650  return;
1651  }
1652  postmasterPID = pi.dwProcessId;
1653  postmasterProcess = pi.hProcess;
1654  CloseHandle(pi.hThread);
1655 
1656  if (do_wait)
1657  {
1658  write_eventlog(EVENTLOG_INFORMATION_TYPE, _("Waiting for server startup...\n"));
1660  {
1661  write_eventlog(EVENTLOG_ERROR_TYPE, _("Timed out waiting for server startup\n"));
1662  pgwin32_SetServiceStatus(SERVICE_STOPPED);
1663  return;
1664  }
1665  write_eventlog(EVENTLOG_INFORMATION_TYPE, _("Server started and accepting connections\n"));
1666  }
1667 
1668  pgwin32_SetServiceStatus(SERVICE_RUNNING);
1669 
1670  /* Wait for quit... */
1671  ret = WaitForMultipleObjects(2, shutdownHandles, FALSE, INFINITE);
1672 
1673  pgwin32_SetServiceStatus(SERVICE_STOP_PENDING);
1674  switch (ret)
1675  {
1676  case WAIT_OBJECT_0: /* shutdown event */
1677  {
1678  /*
1679  * status.dwCheckPoint can be incremented by
1680  * wait_for_postmaster(), so it might not start from 0.
1681  */
1682  int maxShutdownCheckPoint = status.dwCheckPoint + 12;
1683 
1684  kill(postmasterPID, SIGINT);
1685 
1686  /*
1687  * Increment the checkpoint and try again. Abort after 12
1688  * checkpoints as the postmaster has probably hung.
1689  */
1690  while (WaitForSingleObject(postmasterProcess, 5000) == WAIT_TIMEOUT && status.dwCheckPoint < maxShutdownCheckPoint)
1691  {
1692  status.dwCheckPoint++;
1693  SetServiceStatus(hStatus, (LPSERVICE_STATUS) &status);
1694  }
1695  break;
1696  }
1697 
1698  case (WAIT_OBJECT_0 + 1): /* postmaster went down */
1699  break;
1700 
1701  default:
1702  /* shouldn't get here? */
1703  break;
1704  }
1705 
1706  CloseHandle(shutdownEvent);
1707  CloseHandle(postmasterProcess);
1708 
1709  pgwin32_SetServiceStatus(SERVICE_STOPPED);
1710 }
1711 
1712 static void
1713 pgwin32_doRunAsService(void)
1714 {
1715  SERVICE_TABLE_ENTRY st[] = {{register_servicename, pgwin32_ServiceMain},
1716  {NULL, NULL}};
1717 
1718  if (StartServiceCtrlDispatcher(st) == 0)
1719  {
1720  write_stderr(_("%s: could not start service \"%s\": error code %lu\n"),
1722  (unsigned long) GetLastError());
1723  exit(1);
1724  }
1725 }
1726 
1727 
1728 /*
1729  * Mingw headers are incomplete, and so are the libraries. So we have to load
1730  * a whole lot of API functions dynamically. Since we have to do this anyway,
1731  * also load the couple of functions that *do* exist in mingw headers but not
1732  * on NT4. That way, we don't break on NT4.
1733  */
1734 typedef BOOL (WINAPI * __CreateRestrictedToken) (HANDLE, DWORD, DWORD, PSID_AND_ATTRIBUTES, DWORD, PLUID_AND_ATTRIBUTES, DWORD, PSID_AND_ATTRIBUTES, PHANDLE);
1735 typedef BOOL (WINAPI * __IsProcessInJob) (HANDLE, HANDLE, PBOOL);
1736 typedef HANDLE (WINAPI * __CreateJobObject) (LPSECURITY_ATTRIBUTES, LPCTSTR);
1737 typedef BOOL (WINAPI * __SetInformationJobObject) (HANDLE, JOBOBJECTINFOCLASS, LPVOID, DWORD);
1738 typedef BOOL (WINAPI * __AssignProcessToJobObject) (HANDLE, HANDLE);
1739 typedef BOOL (WINAPI * __QueryInformationJobObject) (HANDLE, JOBOBJECTINFOCLASS, LPVOID, DWORD, LPDWORD);
1740 
1741 /*
1742  * Create a restricted token, a job object sandbox, and execute the specified
1743  * process with it.
1744  *
1745  * Returns 0 on success, non-zero on failure, same as CreateProcess().
1746  *
1747  * On NT4, or any other system not containing the required functions, will
1748  * launch the process under the current token without doing any modifications.
1749  *
1750  * NOTE! Job object will only work when running as a service, because it's
1751  * automatically destroyed when pg_ctl exits.
1752  */
1753 static int
1754 CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, bool as_service)
1755 {
1756  int r;
1757  BOOL b;
1758  STARTUPINFO si;
1759  HANDLE origToken;
1760  HANDLE restrictedToken;
1761  SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
1762  SID_AND_ATTRIBUTES dropSids[2];
1763  PTOKEN_PRIVILEGES delPrivs;
1764 
1765  /* Functions loaded dynamically */
1766  __CreateRestrictedToken _CreateRestrictedToken = NULL;
1767  __IsProcessInJob _IsProcessInJob = NULL;
1768  __CreateJobObject _CreateJobObject = NULL;
1769  __SetInformationJobObject _SetInformationJobObject = NULL;
1770  __AssignProcessToJobObject _AssignProcessToJobObject = NULL;
1771  __QueryInformationJobObject _QueryInformationJobObject = NULL;
1772  HANDLE Kernel32Handle;
1773  HANDLE Advapi32Handle;
1774 
1775  ZeroMemory(&si, sizeof(si));
1776  si.cb = sizeof(si);
1777 
1778  Advapi32Handle = LoadLibrary("ADVAPI32.DLL");
1779  if (Advapi32Handle != NULL)
1780  {
1781  _CreateRestrictedToken = (__CreateRestrictedToken) (pg_funcptr_t) GetProcAddress(Advapi32Handle, "CreateRestrictedToken");
1782  }
1783 
1784  if (_CreateRestrictedToken == NULL)
1785  {
1786  /*
1787  * NT4 doesn't have CreateRestrictedToken, so just call ordinary
1788  * CreateProcess
1789  */
1790  write_stderr(_("%s: WARNING: cannot create restricted tokens on this platform\n"), progname);
1791  if (Advapi32Handle != NULL)
1792  FreeLibrary(Advapi32Handle);
1793  return CreateProcess(NULL, cmd, NULL, NULL, FALSE, 0, NULL, NULL, &si, processInfo);
1794  }
1795 
1796  /* Open the current token to use as a base for the restricted one */
1797  if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &origToken))
1798  {
1799  /*
1800  * Most Windows targets make DWORD a 32-bit unsigned long, but in case
1801  * it doesn't cast DWORD before printing.
1802  */
1803  write_stderr(_("%s: could not open process token: error code %lu\n"),
1804  progname, (unsigned long) GetLastError());
1805  return 0;
1806  }
1807 
1808  /* Allocate list of SIDs to remove */
1809  ZeroMemory(&dropSids, sizeof(dropSids));
1810  if (!AllocateAndInitializeSid(&NtAuthority, 2,
1811  SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0,
1812  0, &dropSids[0].Sid) ||
1813  !AllocateAndInitializeSid(&NtAuthority, 2,
1814  SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS, 0, 0, 0, 0, 0,
1815  0, &dropSids[1].Sid))
1816  {
1817  write_stderr(_("%s: could not allocate SIDs: error code %lu\n"),
1818  progname, (unsigned long) GetLastError());
1819  return 0;
1820  }
1821 
1822  /* Get list of privileges to remove */
1823  delPrivs = GetPrivilegesToDelete(origToken);
1824  if (delPrivs == NULL)
1825  /* Error message already printed */
1826  return 0;
1827 
1828  b = _CreateRestrictedToken(origToken,
1829  0,
1830  sizeof(dropSids) / sizeof(dropSids[0]),
1831  dropSids,
1832  delPrivs->PrivilegeCount, delPrivs->Privileges,
1833  0, NULL,
1834  &restrictedToken);
1835 
1836  free(delPrivs);
1837  FreeSid(dropSids[1].Sid);
1838  FreeSid(dropSids[0].Sid);
1839  CloseHandle(origToken);
1840  FreeLibrary(Advapi32Handle);
1841 
1842  if (!b)
1843  {
1844  write_stderr(_("%s: could not create restricted token: error code %lu\n"),
1845  progname, (unsigned long) GetLastError());
1846  return 0;
1847  }
1848 
1849  AddUserToTokenDacl(restrictedToken);
1850  r = CreateProcessAsUser(restrictedToken, NULL, cmd, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, &si, processInfo);
1851 
1852  Kernel32Handle = LoadLibrary("KERNEL32.DLL");
1853  if (Kernel32Handle != NULL)
1854  {
1855  _IsProcessInJob = (__IsProcessInJob) (pg_funcptr_t) GetProcAddress(Kernel32Handle, "IsProcessInJob");
1856  _CreateJobObject = (__CreateJobObject) (pg_funcptr_t) GetProcAddress(Kernel32Handle, "CreateJobObjectA");
1857  _SetInformationJobObject = (__SetInformationJobObject) (pg_funcptr_t) GetProcAddress(Kernel32Handle, "SetInformationJobObject");
1858  _AssignProcessToJobObject = (__AssignProcessToJobObject) (pg_funcptr_t) GetProcAddress(Kernel32Handle, "AssignProcessToJobObject");
1859  _QueryInformationJobObject = (__QueryInformationJobObject) (pg_funcptr_t) GetProcAddress(Kernel32Handle, "QueryInformationJobObject");
1860  }
1861 
1862  /* Verify that we found all functions */
1863  if (_IsProcessInJob == NULL || _CreateJobObject == NULL || _SetInformationJobObject == NULL || _AssignProcessToJobObject == NULL || _QueryInformationJobObject == NULL)
1864  {
1865  /*
1866  * IsProcessInJob() is not available on < WinXP, so there is no need
1867  * to log the error every time in that case
1868  */
1869  if (IsWindowsXPOrGreater())
1870 
1871  /*
1872  * Log error if we can't get version, or if we're on WinXP/2003 or
1873  * newer
1874  */
1875  write_stderr(_("%s: WARNING: could not locate all job object functions in system API\n"), progname);
1876  }
1877  else
1878  {
1879  BOOL inJob;
1880 
1881  if (_IsProcessInJob(processInfo->hProcess, NULL, &inJob))
1882  {
1883  if (!inJob)
1884  {
1885  /*
1886  * Job objects are working, and the new process isn't in one,
1887  * so we can create one safely. If any problems show up when
1888  * setting it, we're going to ignore them.
1889  */
1890  HANDLE job;
1891  char jobname[128];
1892 
1893  sprintf(jobname, "PostgreSQL_%lu",
1894  (unsigned long) processInfo->dwProcessId);
1895 
1896  job = _CreateJobObject(NULL, jobname);
1897  if (job)
1898  {
1899  JOBOBJECT_BASIC_LIMIT_INFORMATION basicLimit;
1900  JOBOBJECT_BASIC_UI_RESTRICTIONS uiRestrictions;
1901  JOBOBJECT_SECURITY_LIMIT_INFORMATION securityLimit;
1902 
1903  ZeroMemory(&basicLimit, sizeof(basicLimit));
1904  ZeroMemory(&uiRestrictions, sizeof(uiRestrictions));
1905  ZeroMemory(&securityLimit, sizeof(securityLimit));
1906 
1907  basicLimit.LimitFlags = JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION | JOB_OBJECT_LIMIT_PRIORITY_CLASS;
1908  basicLimit.PriorityClass = NORMAL_PRIORITY_CLASS;
1909  _SetInformationJobObject(job, JobObjectBasicLimitInformation, &basicLimit, sizeof(basicLimit));
1910 
1911  uiRestrictions.UIRestrictionsClass = JOB_OBJECT_UILIMIT_DESKTOP | JOB_OBJECT_UILIMIT_DISPLAYSETTINGS |
1912  JOB_OBJECT_UILIMIT_EXITWINDOWS | JOB_OBJECT_UILIMIT_READCLIPBOARD |
1913  JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS | JOB_OBJECT_UILIMIT_WRITECLIPBOARD;
1914 
1915  if (as_service)
1916  {
1917  if (!IsWindows7OrGreater())
1918  {
1919  /*
1920  * On Windows 7 (and presumably later),
1921  * JOB_OBJECT_UILIMIT_HANDLES prevents us from
1922  * starting as a service. So we only enable it on
1923  * Vista and earlier (version <= 6.0)
1924  */
1925  uiRestrictions.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_HANDLES;
1926  }
1927  }
1928  _SetInformationJobObject(job, JobObjectBasicUIRestrictions, &uiRestrictions, sizeof(uiRestrictions));
1929 
1930  securityLimit.SecurityLimitFlags = JOB_OBJECT_SECURITY_NO_ADMIN | JOB_OBJECT_SECURITY_ONLY_TOKEN;
1931  securityLimit.JobToken = restrictedToken;
1932  _SetInformationJobObject(job, JobObjectSecurityLimitInformation, &securityLimit, sizeof(securityLimit));
1933 
1934  _AssignProcessToJobObject(job, processInfo->hProcess);
1935  }
1936  }
1937  }
1938  }
1939 
1940 
1941  CloseHandle(restrictedToken);
1942 
1943  ResumeThread(processInfo->hThread);
1944 
1945  FreeLibrary(Kernel32Handle);
1946 
1947  /*
1948  * We intentionally don't close the job object handle, because we want the
1949  * object to live on until pg_ctl shuts down.
1950  */
1951  return r;
1952 }
1953 
1954 /*
1955  * Get a list of privileges to delete from the access token. We delete all privileges
1956  * except SeLockMemoryPrivilege which is needed to use large pages, and
1957  * SeChangeNotifyPrivilege which is enabled by default in DISABLE_MAX_PRIVILEGE.
1958  */
1959 static PTOKEN_PRIVILEGES
1960 GetPrivilegesToDelete(HANDLE hToken)
1961 {
1962  int i,
1963  j;
1964  DWORD length;
1965  PTOKEN_PRIVILEGES tokenPrivs;
1966  LUID luidLockPages;
1967  LUID luidChangeNotify;
1968 
1969  if (!LookupPrivilegeValue(NULL, SE_LOCK_MEMORY_NAME, &luidLockPages) ||
1970  !LookupPrivilegeValue(NULL, SE_CHANGE_NOTIFY_NAME, &luidChangeNotify))
1971  {
1972  write_stderr(_("%s: could not get LUIDs for privileges: error code %lu\n"),
1973  progname, (unsigned long) GetLastError());
1974  return NULL;
1975  }
1976 
1977  if (!GetTokenInformation(hToken, TokenPrivileges, NULL, 0, &length) &&
1978  GetLastError() != ERROR_INSUFFICIENT_BUFFER)
1979  {
1980  write_stderr(_("%s: could not get token information: error code %lu\n"),
1981  progname, (unsigned long) GetLastError());
1982  return NULL;
1983  }
1984 
1985  tokenPrivs = (PTOKEN_PRIVILEGES) pg_malloc_extended(length,
1987  if (tokenPrivs == NULL)
1988  {
1989  write_stderr(_("%s: out of memory\n"), progname);
1990  return NULL;
1991  }
1992 
1993  if (!GetTokenInformation(hToken, TokenPrivileges, tokenPrivs, length, &length))
1994  {
1995  write_stderr(_("%s: could not get token information: error code %lu\n"),
1996  progname, (unsigned long) GetLastError());
1997  free(tokenPrivs);
1998  return NULL;
1999  }
2000 
2001  for (i = 0; i < tokenPrivs->PrivilegeCount; i++)
2002  {
2003  if (memcmp(&tokenPrivs->Privileges[i].Luid, &luidLockPages, sizeof(LUID)) == 0 ||
2004  memcmp(&tokenPrivs->Privileges[i].Luid, &luidChangeNotify, sizeof(LUID)) == 0)
2005  {
2006  for (j = i; j < tokenPrivs->PrivilegeCount - 1; j++)
2007  tokenPrivs->Privileges[j] = tokenPrivs->Privileges[j + 1];
2008  tokenPrivs->PrivilegeCount--;
2009  }
2010  }
2011 
2012  return tokenPrivs;
2013 }
2014 #endif /* WIN32 */
2015 
2016 static void
2018 {
2019  write_stderr(_("Try \"%s --help\" for more information.\n"), progname);
2020 }
2021 
2022 
2023 
2024 static void
2025 do_help(void)
2026 {
2027  printf(_("%s is a utility to initialize, start, stop, or control a PostgreSQL server.\n\n"), progname);
2028  printf(_("Usage:\n"));
2029  printf(_(" %s init[db] [-D DATADIR] [-s] [-o OPTIONS]\n"), progname);
2030  printf(_(" %s start [-D DATADIR] [-l FILENAME] [-W] [-t SECS] [-s]\n"
2031  " [-o OPTIONS] [-p PATH] [-c]\n"), progname);
2032  printf(_(" %s stop [-D DATADIR] [-m SHUTDOWN-MODE] [-W] [-t SECS] [-s]\n"), progname);
2033  printf(_(" %s restart [-D DATADIR] [-m SHUTDOWN-MODE] [-W] [-t SECS] [-s]\n"
2034  " [-o OPTIONS] [-c]\n"), progname);
2035  printf(_(" %s reload [-D DATADIR] [-s]\n"), progname);
2036  printf(_(" %s status [-D DATADIR]\n"), progname);
2037  printf(_(" %s promote [-D DATADIR] [-W] [-t SECS] [-s]\n"), progname);
2038  printf(_(" %s logrotate [-D DATADIR] [-s]\n"), progname);
2039  printf(_(" %s kill SIGNALNAME PID\n"), progname);
2040 #ifdef WIN32
2041  printf(_(" %s register [-D DATADIR] [-N SERVICENAME] [-U USERNAME] [-P PASSWORD]\n"
2042  " [-S START-TYPE] [-e SOURCE] [-W] [-t SECS] [-s] [-o OPTIONS]\n"), progname);
2043  printf(_(" %s unregister [-N SERVICENAME]\n"), progname);
2044 #endif
2045 
2046  printf(_("\nCommon options:\n"));
2047  printf(_(" -D, --pgdata=DATADIR location of the database storage area\n"));
2048 #ifdef WIN32
2049  printf(_(" -e SOURCE event source for logging when running as a service\n"));
2050 #endif
2051  printf(_(" -s, --silent only print errors, no informational messages\n"));
2052  printf(_(" -t, --timeout=SECS seconds to wait when using -w option\n"));
2053  printf(_(" -V, --version output version information, then exit\n"));
2054  printf(_(" -w, --wait wait until operation completes (default)\n"));
2055  printf(_(" -W, --no-wait do not wait until operation completes\n"));
2056  printf(_(" -?, --help show this help, then exit\n"));
2057  printf(_("If the -D option is omitted, the environment variable PGDATA is used.\n"));
2058 
2059  printf(_("\nOptions for start or restart:\n"));
2060 #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
2061  printf(_(" -c, --core-files allow postgres to produce core files\n"));
2062 #else
2063  printf(_(" -c, --core-files not applicable on this platform\n"));
2064 #endif
2065  printf(_(" -l, --log=FILENAME write (or append) server log to FILENAME\n"));
2066  printf(_(" -o, --options=OPTIONS command line options to pass to postgres\n"
2067  " (PostgreSQL server executable) or initdb\n"));
2068  printf(_(" -p PATH-TO-POSTGRES normally not necessary\n"));
2069  printf(_("\nOptions for stop or restart:\n"));
2070  printf(_(" -m, --mode=MODE MODE can be \"smart\", \"fast\", or \"immediate\"\n"));
2071 
2072  printf(_("\nShutdown modes are:\n"));
2073  printf(_(" smart quit after all clients have disconnected\n"));
2074  printf(_(" fast quit directly, with proper shutdown (default)\n"));
2075  printf(_(" immediate quit without complete shutdown; will lead to recovery on restart\n"));
2076 
2077  printf(_("\nAllowed signal names for kill:\n"));
2078  printf(" ABRT HUP INT KILL QUIT TERM USR1 USR2\n");
2079 
2080 #ifdef WIN32
2081  printf(_("\nOptions for register and unregister:\n"));
2082  printf(_(" -N SERVICENAME service name with which to register PostgreSQL server\n"));
2083  printf(_(" -P PASSWORD password of account to register PostgreSQL server\n"));
2084  printf(_(" -U USERNAME user name of account to register PostgreSQL server\n"));
2085  printf(_(" -S START-TYPE service start type to register PostgreSQL server\n"));
2086 
2087  printf(_("\nStart types are:\n"));
2088  printf(_(" auto start service automatically during system startup (default)\n"));
2089  printf(_(" demand start service on demand\n"));
2090 #endif
2091 
2092  printf(_("\nReport bugs to <%s>.\n"), PACKAGE_BUGREPORT);
2093  printf(_("%s home page: <%s>\n"), PACKAGE_NAME, PACKAGE_URL);
2094 }
2095 
2096 
2097 
2098 static void
2099 set_mode(char *modeopt)
2100 {
2101  if (strcmp(modeopt, "s") == 0 || strcmp(modeopt, "smart") == 0)
2102  {
2104  sig = SIGTERM;
2105  }
2106  else if (strcmp(modeopt, "f") == 0 || strcmp(modeopt, "fast") == 0)
2107  {
2109  sig = SIGINT;
2110  }
2111  else if (strcmp(modeopt, "i") == 0 || strcmp(modeopt, "immediate") == 0)
2112  {
2114  sig = SIGQUIT;
2115  }
2116  else
2117  {
2118  write_stderr(_("%s: unrecognized shutdown mode \"%s\"\n"), progname, modeopt);
2119  do_advice();
2120  exit(1);
2121  }
2122 }
2123 
2124 
2125 
2126 static void
2127 set_sig(char *signame)
2128 {
2129  if (strcmp(signame, "HUP") == 0)
2130  sig = SIGHUP;
2131  else if (strcmp(signame, "INT") == 0)
2132  sig = SIGINT;
2133  else if (strcmp(signame, "QUIT") == 0)
2134  sig = SIGQUIT;
2135  else if (strcmp(signame, "ABRT") == 0)
2136  sig = SIGABRT;
2137  else if (strcmp(signame, "KILL") == 0)
2138  sig = SIGKILL;
2139  else if (strcmp(signame, "TERM") == 0)
2140  sig = SIGTERM;
2141  else if (strcmp(signame, "USR1") == 0)
2142  sig = SIGUSR1;
2143  else if (strcmp(signame, "USR2") == 0)
2144  sig = SIGUSR2;
2145  else
2146  {
2147  write_stderr(_("%s: unrecognized signal name \"%s\"\n"), progname, signame);
2148  do_advice();
2149  exit(1);
2150  }
2151 }
2152 
2153 
2154 #ifdef WIN32
2155 static void
2156 set_starttype(char *starttypeopt)
2157 {
2158  if (strcmp(starttypeopt, "a") == 0 || strcmp(starttypeopt, "auto") == 0)
2159  pgctl_start_type = SERVICE_AUTO_START;
2160  else if (strcmp(starttypeopt, "d") == 0 || strcmp(starttypeopt, "demand") == 0)
2161  pgctl_start_type = SERVICE_DEMAND_START;
2162  else
2163  {
2164  write_stderr(_("%s: unrecognized start type \"%s\"\n"), progname, starttypeopt);
2165  do_advice();
2166  exit(1);
2167  }
2168 }
2169 #endif
2170 
2171 /*
2172  * adjust_data_dir
2173  *
2174  * If a configuration-only directory was specified, find the real data dir.
2175  */
2176 static void
2178 {
2179  char cmd[MAXPGPATH],
2181  *my_exec_path;
2182  FILE *fd;
2183 
2184  /* do nothing if we're working without knowledge of data dir */
2185  if (pg_config == NULL)
2186  return;
2187 
2188  /* If there is no postgresql.conf, it can't be a config-only dir */
2189  snprintf(filename, sizeof(filename), "%s/postgresql.conf", pg_config);
2190  if ((fd = fopen(filename, "r")) == NULL)
2191  return;
2192  fclose(fd);
2193 
2194  /* If PG_VERSION exists, it can't be a config-only dir */
2195  snprintf(filename, sizeof(filename), "%s/PG_VERSION", pg_config);
2196  if ((fd = fopen(filename, "r")) != NULL)
2197  {
2198  fclose(fd);
2199  return;
2200  }
2201 
2202  /* Must be a configuration directory, so find the data directory */
2203 
2204  /* we use a private my_exec_path to avoid interfering with later uses */
2205  if (exec_path == NULL)
2206  my_exec_path = find_other_exec_or_die(argv0, "postgres", PG_BACKEND_VERSIONSTR);
2207  else
2208  my_exec_path = pg_strdup(exec_path);
2209 
2210  /* it's important for -C to be the first option, see main.c */
2211  snprintf(cmd, MAXPGPATH, "\"%s\" -C data_directory %s%s",
2212  my_exec_path,
2213  pgdata_opt ? pgdata_opt : "",
2214  post_opts ? post_opts : "");
2215 
2216  fd = popen(cmd, "r");
2217  if (fd == NULL || fgets(filename, sizeof(filename), fd) == NULL)
2218  {
2219  write_stderr(_("%s: could not determine the data directory using command \"%s\"\n"), progname, cmd);
2220  exit(1);
2221  }
2222  pclose(fd);
2223  free(my_exec_path);
2224 
2225  /* strip trailing newline and carriage return */
2226  (void) pg_strip_crlf(filename);
2227 
2228  free(pg_data);
2229  pg_data = pg_strdup(filename);
2231 }
2232 
2233 
2234 static DBState
2236 {
2237  DBState ret;
2238  bool crc_ok;
2239  ControlFileData *control_file_data = get_controlfile(pg_data, &crc_ok);
2240 
2241  if (!crc_ok)
2242  {
2243  write_stderr(_("%s: control file appears to be corrupt\n"), progname);
2244  exit(1);
2245  }
2246 
2247  ret = control_file_data->state;
2248  pfree(control_file_data);
2249  return ret;
2250 }
2251 
2252 
2253 int
2254 main(int argc, char **argv)
2255 {
2256  static struct option long_options[] = {
2257  {"help", no_argument, NULL, '?'},
2258  {"version", no_argument, NULL, 'V'},
2259  {"log", required_argument, NULL, 'l'},
2260  {"mode", required_argument, NULL, 'm'},
2261  {"pgdata", required_argument, NULL, 'D'},
2262  {"options", required_argument, NULL, 'o'},
2263  {"silent", no_argument, NULL, 's'},
2264  {"timeout", required_argument, NULL, 't'},
2265  {"core-files", no_argument, NULL, 'c'},
2266  {"wait", no_argument, NULL, 'w'},
2267  {"no-wait", no_argument, NULL, 'W'},
2268  {NULL, 0, NULL, 0}
2269  };
2270 
2271  char *env_wait;
2272  int option_index;
2273  int c;
2274  pgpid_t killproc = 0;
2275 
2276  pg_logging_init(argv[0]);
2277  progname = get_progname(argv[0]);
2278  set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pg_ctl"));
2279  start_time = time(NULL);
2280 
2281  /*
2282  * save argv[0] so do_start() can look for the postmaster if necessary. we
2283  * don't look for postmaster here because in many cases we won't need it.
2284  */
2285  argv0 = argv[0];
2286 
2287  /* Set restrictive mode mask until PGDATA permissions are checked */
2288  umask(PG_MODE_MASK_OWNER);
2289 
2290  /* support --help and --version even if invoked as root */
2291  if (argc > 1)
2292  {
2293  if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
2294  {
2295  do_help();
2296  exit(0);
2297  }
2298  else if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
2299  {
2300  puts("pg_ctl (PostgreSQL) " PG_VERSION);
2301  exit(0);
2302  }
2303  }
2304 
2305  /*
2306  * Disallow running as root, to forestall any possible security holes.
2307  */
2308 #ifndef WIN32
2309  if (geteuid() == 0)
2310  {
2311  write_stderr(_("%s: cannot be run as root\n"
2312  "Please log in (using, e.g., \"su\") as the "
2313  "(unprivileged) user that will\n"
2314  "own the server process.\n"),
2315  progname);
2316  exit(1);
2317  }
2318 #endif
2319 
2320  env_wait = getenv("PGCTLTIMEOUT");
2321  if (env_wait != NULL)
2322  wait_seconds = atoi(env_wait);
2323 
2324  /*
2325  * 'Action' can be before or after args so loop over both. Some
2326  * getopt_long() implementations will reorder argv[] to place all flags
2327  * first (GNU?), but we don't rely on it. Our /port version doesn't do
2328  * that.
2329  */
2330  optind = 1;
2331 
2332  /* process command-line options */
2333  while (optind < argc)
2334  {
2335  while ((c = getopt_long(argc, argv, "cD:e:l:m:N:o:p:P:sS:t:U:wW",
2336  long_options, &option_index)) != -1)
2337  {
2338  switch (c)
2339  {
2340  case 'D':
2341  {
2342  char *pgdata_D;
2343  char *env_var;
2344 
2345  pgdata_D = pg_strdup(optarg);
2346  canonicalize_path(pgdata_D);
2347  env_var = psprintf("PGDATA=%s", pgdata_D);
2348  putenv(env_var);
2349 
2350  /*
2351  * We could pass PGDATA just in an environment
2352  * variable but we do -D too for clearer postmaster
2353  * 'ps' display
2354  */
2355  pgdata_opt = psprintf("-D \"%s\" ", pgdata_D);
2356  break;
2357  }
2358  case 'e':
2360  break;
2361  case 'l':
2363  break;
2364  case 'm':
2365  set_mode(optarg);
2366  break;
2367  case 'N':
2369  break;
2370  case 'o':
2371  /* append option? */
2372  if (!post_opts)
2374  else
2375  {
2376  char *old_post_opts = post_opts;
2377 
2378  post_opts = psprintf("%s %s", old_post_opts, optarg);
2379  free(old_post_opts);
2380  }
2381  break;
2382  case 'p':
2384  break;
2385  case 'P':
2387  break;
2388  case 's':
2389  silent_mode = true;
2390  break;
2391  case 'S':
2392 #ifdef WIN32
2393  set_starttype(optarg);
2394 #else
2395  write_stderr(_("%s: -S option not supported on this platform\n"),
2396  progname);
2397  exit(1);
2398 #endif
2399  break;
2400  case 't':
2401  wait_seconds = atoi(optarg);
2402  wait_seconds_arg = true;
2403  break;
2404  case 'U':
2405  if (strchr(optarg, '\\'))
2407  else
2408  /* Prepend .\ for local accounts */
2409  register_username = psprintf(".\\%s", optarg);
2410  break;
2411  case 'w':
2412  do_wait = true;
2413  break;
2414  case 'W':
2415  do_wait = false;
2416  break;
2417  case 'c':
2418  allow_core_files = true;
2419  break;
2420  default:
2421  /* getopt_long already issued a suitable error message */
2422  do_advice();
2423  exit(1);
2424  }
2425  }
2426 
2427  /* Process an action */
2428  if (optind < argc)
2429  {
2430  if (ctl_command != NO_COMMAND)
2431  {
2432  write_stderr(_("%s: too many command-line arguments (first is \"%s\")\n"), progname, argv[optind]);
2433  do_advice();
2434  exit(1);
2435  }
2436 
2437  if (strcmp(argv[optind], "init") == 0
2438  || strcmp(argv[optind], "initdb") == 0)
2440  else if (strcmp(argv[optind], "start") == 0)
2442  else if (strcmp(argv[optind], "stop") == 0)
2444  else if (strcmp(argv[optind], "restart") == 0)
2446  else if (strcmp(argv[optind], "reload") == 0)
2448  else if (strcmp(argv[optind], "status") == 0)
2450  else if (strcmp(argv[optind], "promote") == 0)
2452  else if (strcmp(argv[optind], "logrotate") == 0)
2454  else if (strcmp(argv[optind], "kill") == 0)
2455  {
2456  if (argc - optind < 3)
2457  {
2458  write_stderr(_("%s: missing arguments for kill mode\n"), progname);
2459  do_advice();
2460  exit(1);
2461  }
2463  set_sig(argv[++optind]);
2464  killproc = atol(argv[++optind]);
2465  }
2466 #ifdef WIN32
2467  else if (strcmp(argv[optind], "register") == 0)
2469  else if (strcmp(argv[optind], "unregister") == 0)
2471  else if (strcmp(argv[optind], "runservice") == 0)
2473 #endif
2474  else
2475  {
2476  write_stderr(_("%s: unrecognized operation mode \"%s\"\n"), progname, argv[optind]);
2477  do_advice();
2478  exit(1);
2479  }
2480  optind++;
2481  }
2482  }
2483 
2484  if (ctl_command == NO_COMMAND)
2485  {
2486  write_stderr(_("%s: no operation specified\n"), progname);
2487  do_advice();
2488  exit(1);
2489  }
2490 
2491  /* Note we put any -D switch into the env var above */
2492  pg_config = getenv("PGDATA");
2493  if (pg_config)
2494  {
2498  }
2499 
2500  /* -D might point at config-only directory; if so find the real PGDATA */
2501  adjust_data_dir();
2502 
2503  /* Complain if -D needed and not provided */
2504  if (pg_config == NULL &&
2506  {
2507  write_stderr(_("%s: no database directory specified and environment variable PGDATA unset\n"),
2508  progname);
2509  do_advice();
2510  exit(1);
2511  }
2512 
2513  if (ctl_command == RELOAD_COMMAND)
2514  {
2515  sig = SIGHUP;
2516  do_wait = false;
2517  }
2518 
2519  if (pg_data)
2520  {
2521  snprintf(postopts_file, MAXPGPATH, "%s/postmaster.opts", pg_data);
2522  snprintf(version_file, MAXPGPATH, "%s/PG_VERSION", pg_data);
2523  snprintf(pid_file, MAXPGPATH, "%s/postmaster.pid", pg_data);
2524  snprintf(backup_file, MAXPGPATH, "%s/backup_label", pg_data);
2525 
2526  /*
2527  * Set mask based on PGDATA permissions,
2528  *
2529  * Don't error here if the data directory cannot be stat'd. This is
2530  * handled differently based on the command and we don't want to
2531  * interfere with that logic.
2532  */
2534  umask(pg_mode_mask);
2535  }
2536 
2537  switch (ctl_command)
2538  {
2539  case INIT_COMMAND:
2540  do_init();
2541  break;
2542  case STATUS_COMMAND:
2543  do_status();
2544  break;
2545  case START_COMMAND:
2546  do_start();
2547  break;
2548  case STOP_COMMAND:
2549  do_stop();
2550  break;
2551  case RESTART_COMMAND:
2552  do_restart();
2553  break;
2554  case RELOAD_COMMAND:
2555  do_reload();
2556  break;
2557  case PROMOTE_COMMAND:
2558  do_promote();
2559  break;
2560  case LOGROTATE_COMMAND:
2561  do_logrotate();
2562  break;
2563  case KILL_COMMAND:
2564  do_kill(killproc);
2565  break;
2566 #ifdef WIN32
2567  case REGISTER_COMMAND:
2568  pgwin32_doRegister();
2569  break;
2570  case UNREGISTER_COMMAND:
2571  pgwin32_doUnregister();
2572  break;
2574  pgwin32_doRunAsService();
2575  break;
2576 #endif
2577  default:
2578  break;
2579  }
2580 
2581  exit(0);
2582 }
#define LOCK_FILE_LINE_PID
Definition: pidfile.h:37
char * make_absolute_path(const char *path)
Definition: path.c:608
int find_other_exec(const char *argv0, const char *target, const char *versionstr, char *retpath)
Definition: exec.c:323
#define SIGQUIT
Definition: win32_port.h:160
static char logrotate_file[MAXPGPATH]
Definition: pg_ctl.c:106
static char * argv0
Definition: pg_ctl.c:97
static void read_post_opts(void)
Definition: pg_ctl.c:725
static int wait_seconds
Definition: pg_ctl.c:80
int pg_strip_crlf(char *str)
Definition: string.c:105
void * pg_malloc(size_t size)
Definition: fe_memutils.c:47
#define SIGUSR1
Definition: win32_port.h:171
const char * get_progname(const char *argv0)
Definition: path.c:453
int getopt_long(int argc, char *const argv[], const char *optstring, const struct option *longopts, int *longindex)
Definition: getopt_long.c:57
void appendPQExpBufferStr(PQExpBuffer str, const char *data)
Definition: pqexpbuffer.c:369
static char * log_file
Definition: pg_ctl.c:91
void pg_logging_init(const char *argv0)
Definition: logging.c:81
char * psprintf(const char *fmt,...)
Definition: psprintf.c:46
static void do_help(void)
Definition: pg_ctl.c:2025
void make_native_path(char *path)
Definition: path.c:166
static char * post_opts
Definition: pg_ctl.c:89
static void do_stop(void)
Definition: pg_ctl.c:950
void canonicalize_path(char *path)
Definition: path.c:254
#define MCXT_ALLOC_NO_OOM
Definition: fe_memutils.h:18
#define kill(pid, sig)
Definition: win32_port.h:454
#define printf(...)
Definition: port.h:221
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
static ShutdownMode shutdown_mode
Definition: pg_ctl.c:83
#define SIGUSR2
Definition: win32_port.h:172
BOOL AddUserToTokenDacl(HANDLE hToken)
static char ** readfile(const char *path, int *numlines)
Definition: pg_ctl.c:317
static void adjust_data_dir(void)
Definition: pg_ctl.c:2177
#define LOCK_FILE_LINE_START_TIME
Definition: pidfile.h:39
static int fd(const char *x, int i)
Definition: preproc-init.c:105
static char * pg_data
Definition: pg_ctl.c:86
#define PG_BINARY
Definition: c.h:1267
static time_t start_time
Definition: pg_ctl.c:99
#define pg_attribute_printf(f, a)
Definition: c.h:152
#define SIGABRT
Definition: win32_port.h:162
#define SIGKILL
Definition: win32_port.h:163
static char * register_password
Definition: pg_ctl.c:96
#define sprintf
Definition: port.h:217
WaitPMResult
Definition: pg_ctl.c:49
void pg_usleep(long microsec)
Definition: signal.c:53
#define fstat
Definition: win32_port.h:274
#define required_argument
Definition: getopt_long.h:25
void pfree(void *pointer)
Definition: mcxt.c:1057
int optind
Definition: getopt.c:50
static void do_logrotate(void)
Definition: pg_ctl.c:1262
static char pid_file[MAXPGPATH]
Definition: pg_ctl.c:103
long pgpid_t
Definition: pg_ctl.c:39
#define vsnprintf
Definition: port.h:214
static char backup_file[MAXPGPATH]
Definition: pg_ctl.c:104
#define MAXPGPATH
static char * register_username
Definition: pg_ctl.c:95
void appendPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:267
int find_my_exec(const char *argv0, char *retpath)
Definition: exec.c:128
static char * register_servicename
Definition: pg_ctl.c:94
char * c
static void do_start(void)
Definition: pg_ctl.c:857
#define PM_STATUS_READY
Definition: pidfile.h:53
#define SIGHUP
Definition: win32_port.h:159
char * pg_strdup(const char *in)
Definition: fe_memutils.c:85
static void trap_sigint_during_startup(int sig)
Definition: pg_ctl.c:780
void * pg_malloc_extended(size_t size, int flags)
Definition: fe_memutils.c:59
__int64 st_size
Definition: win32_port.h:265
#define DEVNULL
Definition: port.h:146
int pgwin32_is_service(void)
ShutdownMode
Definition: pg_ctl.c:42
#define USEC_PER_SEC
Definition: pg_ctl.c:75
int main(int argc, char **argv)
Definition: pg_ctl.c:2254
DBState
Definition: pg_control.h:85
static void do_kill(pgpid_t pid)
Definition: pg_ctl.c:1400
static void do_restart(void)
Definition: pg_ctl.c:1037
static pgpid_t get_pgpid(bool is_status_request)
Definition: pg_ctl.c:249
static volatile pgpid_t postmasterPID
Definition: pg_ctl.c:108
static void do_status(void)
Definition: pg_ctl.c:1343
#define no_argument
Definition: getopt_long.h:24
CtlCommand
Definition: pg_ctl.c:56
char my_exec_path[MAXPGPATH]
Definition: globals.c:72
#define PG_TEXTDOMAIN(domain)
Definition: c.h:1211
static char * pgdata_opt
Definition: pg_ctl.c:88
#define PG_MODE_MASK_OWNER
Definition: file_perm.h:24
PQExpBuffer createPQExpBuffer(void)
Definition: pqexpbuffer.c:74
static char postopts_file[MAXPGPATH]
Definition: pg_ctl.c:101
static int sig
Definition: pg_ctl.c:84
static void free_readfile(char **optlines)
Definition: pg_ctl.c:413
#define PG_BACKEND_VERSIONSTR
Definition: port.h:134
pqsigfunc pqsignal(int signum, pqsigfunc handler)
Definition: signal.c:170
#define free(a)
Definition: header.h:65
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: strlcpy.c:45
#define PM_STATUS_STANDBY
Definition: pidfile.h:54
#define DEFAULT_EVENT_SOURCE
#define SIG_DFL
Definition: win32_port.h:154
Definition: regguts.h:298
static void do_promote(void)
Definition: pg_ctl.c:1168
ControlFileData * get_controlfile(const char *DataDir, bool *crc_ok_p)
#define strerror
Definition: port.h:228
static WaitPMResult wait_for_postmaster(pgpid_t pm_pid, bool do_checkpoint)
Definition: pg_ctl.c:593
static bool allow_core_files
Definition: pg_ctl.c:98
static char * exec_path
Definition: pg_ctl.c:92
static bool postmaster_is_alive(pid_t pid)
Definition: pg_ctl.c:1319
static void do_init(void)
Definition: pg_ctl.c:829
#define putenv(x)
Definition: win32_port.h:502
static char * event_source
Definition: pg_ctl.c:93
static const char * progname
Definition: pg_ctl.c:90
static bool wait_seconds_arg
Definition: pg_ctl.c:81
static pgpid_t start_postmaster(void)
Definition: pg_ctl.c:443
static void write_stderr(const char *fmt,...) pg_attribute_printf(1
Definition: pg_ctl.c:205
static char promote_file[MAXPGPATH]
Definition: pg_ctl.c:105
bool GetDataDirectoryCreatePerm(const char *dataDir)
static char * filename
Definition: pg_dumpall.c:91
void set_pglocale_pgservice(const char *argv0, const char *app)
Definition: exec.c:434
static bool do_wait
Definition: pg_ctl.c:79
static void set_mode(char *modeopt)
Definition: pg_ctl.c:2099
static void do_reload(void)
Definition: pg_ctl.c:1131
char * optarg
Definition: getopt.c:52
static void static void do_advice(void)
Definition: pg_ctl.c:2017
int i
void(* pg_funcptr_t)(void)
Definition: c.h:328
static char version_file[MAXPGPATH]
Definition: pg_ctl.c:102
#define close(a)
Definition: win32.h:12
#define vfprintf
Definition: port.h:218
#define DEFAULT_WAIT
Definition: pg_ctl.c:73
static void static void status(const char *fmt,...) pg_attribute_printf(1
Definition: pg_regress.c:227
static DBState get_control_dbstate(void)
Definition: pg_ctl.c:2235
#define LOCK_FILE_LINE_PM_STATUS
Definition: pidfile.h:44
#define snprintf
Definition: port.h:215
static CtlCommand ctl_command
Definition: pg_ctl.c:85
static void print_msg(const char *msg)
Definition: pg_ctl.c:239
#define _(x)
Definition: elog.c:88
int pg_mode_mask
Definition: file_perm.c:25
static char * find_other_exec_or_die(const char *argv0, const char *target, const char *versionstr)
Definition: pg_ctl.c:798
static void set_sig(char *signame)
Definition: pg_ctl.c:2127
#define read(a, b, c)
Definition: win32.h:13
static bool silent_mode
Definition: pg_ctl.c:82
#define WAITS_PER_SEC
Definition: pg_ctl.c:77
#define stat
Definition: win32_port.h:275
static char * pg_config
Definition: pg_ctl.c:87