mirror of
https://github.com/postgres/postgres.git
synced 2025-05-06 19:59:18 +03:00
e6867eebd4
called replication. Add host and port details, following format of messages in BackendInitialize().
918 lines
27 KiB
C
918 lines
27 KiB
C
/*-------------------------------------------------------------------------
|
|
*
|
|
* postinit.c
|
|
* postgres initialization utilities
|
|
*
|
|
* Portions Copyright (c) 1996-2010, PostgreSQL Global Development Group
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
*
|
|
*
|
|
* IDENTIFICATION
|
|
* $PostgreSQL: pgsql/src/backend/utils/init/postinit.c,v 1.207 2010/03/24 21:25:50 sriggs Exp $
|
|
*
|
|
*
|
|
*-------------------------------------------------------------------------
|
|
*/
|
|
#include "postgres.h"
|
|
|
|
#include <ctype.h>
|
|
#include <fcntl.h>
|
|
#include <unistd.h>
|
|
|
|
#include "access/heapam.h"
|
|
#include "access/sysattr.h"
|
|
#include "access/xact.h"
|
|
#include "catalog/catalog.h"
|
|
#include "catalog/indexing.h"
|
|
#include "catalog/namespace.h"
|
|
#include "catalog/pg_authid.h"
|
|
#include "catalog/pg_database.h"
|
|
#include "catalog/pg_db_role_setting.h"
|
|
#include "catalog/pg_tablespace.h"
|
|
#include "libpq/auth.h"
|
|
#include "libpq/libpq-be.h"
|
|
#include "mb/pg_wchar.h"
|
|
#include "miscadmin.h"
|
|
#include "pgstat.h"
|
|
#include "postmaster/autovacuum.h"
|
|
#include "postmaster/postmaster.h"
|
|
#include "replication/walsender.h"
|
|
#include "storage/bufmgr.h"
|
|
#include "storage/fd.h"
|
|
#include "storage/ipc.h"
|
|
#include "storage/lmgr.h"
|
|
#include "storage/proc.h"
|
|
#include "storage/procarray.h"
|
|
#include "storage/procsignal.h"
|
|
#include "storage/sinvaladt.h"
|
|
#include "storage/smgr.h"
|
|
#include "tcop/tcopprot.h"
|
|
#include "utils/acl.h"
|
|
#include "utils/fmgroids.h"
|
|
#include "utils/guc.h"
|
|
#include "utils/pg_locale.h"
|
|
#include "utils/portal.h"
|
|
#include "utils/ps_status.h"
|
|
#include "utils/snapmgr.h"
|
|
#include "utils/syscache.h"
|
|
#include "utils/tqual.h"
|
|
|
|
|
|
static HeapTuple GetDatabaseTuple(const char *dbname);
|
|
static HeapTuple GetDatabaseTupleByOid(Oid dboid);
|
|
static void PerformAuthentication(Port *port);
|
|
static void CheckMyDatabase(const char *name, bool am_superuser);
|
|
static void InitCommunication(void);
|
|
static void ShutdownPostgres(int code, Datum arg);
|
|
static bool ThereIsAtLeastOneRole(void);
|
|
static void process_settings(Oid databaseid, Oid roleid);
|
|
|
|
|
|
/*** InitPostgres support ***/
|
|
|
|
|
|
/*
|
|
* GetDatabaseTuple -- fetch the pg_database row for a database
|
|
*
|
|
* This is used during backend startup when we don't yet have any access to
|
|
* system catalogs in general. In the worst case, we can seqscan pg_database
|
|
* using nothing but the hard-wired descriptor that relcache.c creates for
|
|
* pg_database. In more typical cases, relcache.c was able to load
|
|
* descriptors for both pg_database and its indexes from the shared relcache
|
|
* cache file, and so we can do an indexscan. criticalSharedRelcachesBuilt
|
|
* tells whether we got the cached descriptors.
|
|
*/
|
|
static HeapTuple
|
|
GetDatabaseTuple(const char *dbname)
|
|
{
|
|
HeapTuple tuple;
|
|
Relation relation;
|
|
SysScanDesc scan;
|
|
ScanKeyData key[1];
|
|
|
|
/*
|
|
* form a scan key
|
|
*/
|
|
ScanKeyInit(&key[0],
|
|
Anum_pg_database_datname,
|
|
BTEqualStrategyNumber, F_NAMEEQ,
|
|
CStringGetDatum(dbname));
|
|
|
|
/*
|
|
* Open pg_database and fetch a tuple. Force heap scan if we haven't yet
|
|
* built the critical shared relcache entries (i.e., we're starting up
|
|
* without a shared relcache cache file).
|
|
*/
|
|
relation = heap_open(DatabaseRelationId, AccessShareLock);
|
|
scan = systable_beginscan(relation, DatabaseNameIndexId,
|
|
criticalSharedRelcachesBuilt,
|
|
SnapshotNow,
|
|
1, key);
|
|
|
|
tuple = systable_getnext(scan);
|
|
|
|
/* Must copy tuple before releasing buffer */
|
|
if (HeapTupleIsValid(tuple))
|
|
tuple = heap_copytuple(tuple);
|
|
|
|
/* all done */
|
|
systable_endscan(scan);
|
|
heap_close(relation, AccessShareLock);
|
|
|
|
return tuple;
|
|
}
|
|
|
|
/*
|
|
* GetDatabaseTupleByOid -- as above, but search by database OID
|
|
*/
|
|
static HeapTuple
|
|
GetDatabaseTupleByOid(Oid dboid)
|
|
{
|
|
HeapTuple tuple;
|
|
Relation relation;
|
|
SysScanDesc scan;
|
|
ScanKeyData key[1];
|
|
|
|
/*
|
|
* form a scan key
|
|
*/
|
|
ScanKeyInit(&key[0],
|
|
ObjectIdAttributeNumber,
|
|
BTEqualStrategyNumber, F_OIDEQ,
|
|
ObjectIdGetDatum(dboid));
|
|
|
|
/*
|
|
* Open pg_database and fetch a tuple. Force heap scan if we haven't yet
|
|
* built the critical shared relcache entries (i.e., we're starting up
|
|
* without a shared relcache cache file).
|
|
*/
|
|
relation = heap_open(DatabaseRelationId, AccessShareLock);
|
|
scan = systable_beginscan(relation, DatabaseOidIndexId,
|
|
criticalSharedRelcachesBuilt,
|
|
SnapshotNow,
|
|
1, key);
|
|
|
|
tuple = systable_getnext(scan);
|
|
|
|
/* Must copy tuple before releasing buffer */
|
|
if (HeapTupleIsValid(tuple))
|
|
tuple = heap_copytuple(tuple);
|
|
|
|
/* all done */
|
|
systable_endscan(scan);
|
|
heap_close(relation, AccessShareLock);
|
|
|
|
return tuple;
|
|
}
|
|
|
|
|
|
/*
|
|
* PerformAuthentication -- authenticate a remote client
|
|
*
|
|
* returns: nothing. Will not return at all if there's any failure.
|
|
*/
|
|
static void
|
|
PerformAuthentication(Port *port)
|
|
{
|
|
/* This should be set already, but let's make sure */
|
|
ClientAuthInProgress = true; /* limit visibility of log messages */
|
|
|
|
/*
|
|
* In EXEC_BACKEND case, we didn't inherit the contents of pg_hba.conf
|
|
* etcetera from the postmaster, and have to load them ourselves. Note we
|
|
* are loading them into the startup transaction's memory context, not
|
|
* PostmasterContext, but that shouldn't matter.
|
|
*
|
|
* FIXME: [fork/exec] Ugh. Is there a way around this overhead?
|
|
*/
|
|
#ifdef EXEC_BACKEND
|
|
if (!load_hba())
|
|
{
|
|
/*
|
|
* It makes no sense to continue if we fail to load the HBA file,
|
|
* since there is no way to connect to the database in this case.
|
|
*/
|
|
ereport(FATAL,
|
|
(errmsg("could not load pg_hba.conf")));
|
|
}
|
|
load_ident();
|
|
#endif
|
|
|
|
/*
|
|
* Set up a timeout in case a buggy or malicious client fails to respond
|
|
* during authentication. Since we're inside a transaction and might do
|
|
* database access, we have to use the statement_timeout infrastructure.
|
|
*/
|
|
if (!enable_sig_alarm(AuthenticationTimeout * 1000, true))
|
|
elog(FATAL, "could not set timer for authorization timeout");
|
|
|
|
/*
|
|
* Now perform authentication exchange.
|
|
*/
|
|
ClientAuthentication(port); /* might not return, if failure */
|
|
|
|
/*
|
|
* Done with authentication. Disable the timeout, and log if needed.
|
|
*/
|
|
if (!disable_sig_alarm(true))
|
|
elog(FATAL, "could not disable timer for authorization timeout");
|
|
|
|
/*
|
|
* Log connection for streaming replication even if Log_connections disabled.
|
|
*/
|
|
if (am_walsender)
|
|
ereport(LOG,
|
|
(errmsg("replication connection authorized: user=%s host=%s%s%s",
|
|
port->user_name,
|
|
port->remote_host, port->remote_port[0] ? " port=" : "",
|
|
port->remote_port)));
|
|
|
|
else if (Log_connections)
|
|
ereport(LOG,
|
|
(errmsg("connection authorized: user=%s database=%s",
|
|
port->user_name, port->database_name)));
|
|
|
|
set_ps_display("startup", false);
|
|
|
|
ClientAuthInProgress = false; /* client_min_messages is active now */
|
|
}
|
|
|
|
|
|
/*
|
|
* CheckMyDatabase -- fetch information from the pg_database entry for our DB
|
|
*/
|
|
static void
|
|
CheckMyDatabase(const char *name, bool am_superuser)
|
|
{
|
|
HeapTuple tup;
|
|
Form_pg_database dbform;
|
|
char *collate;
|
|
char *ctype;
|
|
|
|
/* Fetch our pg_database row normally, via syscache */
|
|
tup = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(MyDatabaseId));
|
|
if (!HeapTupleIsValid(tup))
|
|
elog(ERROR, "cache lookup failed for database %u", MyDatabaseId);
|
|
dbform = (Form_pg_database) GETSTRUCT(tup);
|
|
|
|
/* This recheck is strictly paranoia */
|
|
if (strcmp(name, NameStr(dbform->datname)) != 0)
|
|
ereport(FATAL,
|
|
(errcode(ERRCODE_UNDEFINED_DATABASE),
|
|
errmsg("database \"%s\" has disappeared from pg_database",
|
|
name),
|
|
errdetail("Database OID %u now seems to belong to \"%s\".",
|
|
MyDatabaseId, NameStr(dbform->datname))));
|
|
|
|
/*
|
|
* Check permissions to connect to the database.
|
|
*
|
|
* These checks are not enforced when in standalone mode, so that there is
|
|
* a way to recover from disabling all access to all databases, for
|
|
* example "UPDATE pg_database SET datallowconn = false;".
|
|
*
|
|
* We do not enforce them for autovacuum worker processes either.
|
|
*/
|
|
if (IsUnderPostmaster && !IsAutoVacuumWorkerProcess())
|
|
{
|
|
/*
|
|
* Check that the database is currently allowing connections.
|
|
*/
|
|
if (!dbform->datallowconn)
|
|
ereport(FATAL,
|
|
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
|
|
errmsg("database \"%s\" is not currently accepting connections",
|
|
name)));
|
|
|
|
/*
|
|
* Check privilege to connect to the database. (The am_superuser test
|
|
* is redundant, but since we have the flag, might as well check it
|
|
* and save a few cycles.)
|
|
*/
|
|
if (!am_superuser &&
|
|
pg_database_aclcheck(MyDatabaseId, GetUserId(),
|
|
ACL_CONNECT) != ACLCHECK_OK)
|
|
ereport(FATAL,
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
errmsg("permission denied for database \"%s\"", name),
|
|
errdetail("User does not have CONNECT privilege.")));
|
|
|
|
/*
|
|
* Check connection limit for this database.
|
|
*
|
|
* There is a race condition here --- we create our PGPROC before
|
|
* checking for other PGPROCs. If two backends did this at about the
|
|
* same time, they might both think they were over the limit, while
|
|
* ideally one should succeed and one fail. Getting that to work
|
|
* exactly seems more trouble than it is worth, however; instead we
|
|
* just document that the connection limit is approximate.
|
|
*/
|
|
if (dbform->datconnlimit >= 0 &&
|
|
!am_superuser &&
|
|
CountDBBackends(MyDatabaseId) > dbform->datconnlimit)
|
|
ereport(FATAL,
|
|
(errcode(ERRCODE_TOO_MANY_CONNECTIONS),
|
|
errmsg("too many connections for database \"%s\"",
|
|
name)));
|
|
}
|
|
|
|
/*
|
|
* OK, we're golden. Next to-do item is to save the encoding info out of
|
|
* the pg_database tuple.
|
|
*/
|
|
SetDatabaseEncoding(dbform->encoding);
|
|
/* Record it as a GUC internal option, too */
|
|
SetConfigOption("server_encoding", GetDatabaseEncodingName(),
|
|
PGC_INTERNAL, PGC_S_OVERRIDE);
|
|
/* If we have no other source of client_encoding, use server encoding */
|
|
SetConfigOption("client_encoding", GetDatabaseEncodingName(),
|
|
PGC_BACKEND, PGC_S_DEFAULT);
|
|
|
|
/* assign locale variables */
|
|
collate = NameStr(dbform->datcollate);
|
|
ctype = NameStr(dbform->datctype);
|
|
|
|
if (pg_perm_setlocale(LC_COLLATE, collate) == NULL)
|
|
ereport(FATAL,
|
|
(errmsg("database locale is incompatible with operating system"),
|
|
errdetail("The database was initialized with LC_COLLATE \"%s\", "
|
|
" which is not recognized by setlocale().", collate),
|
|
errhint("Recreate the database with another locale or install the missing locale.")));
|
|
|
|
if (pg_perm_setlocale(LC_CTYPE, ctype) == NULL)
|
|
ereport(FATAL,
|
|
(errmsg("database locale is incompatible with operating system"),
|
|
errdetail("The database was initialized with LC_CTYPE \"%s\", "
|
|
" which is not recognized by setlocale().", ctype),
|
|
errhint("Recreate the database with another locale or install the missing locale.")));
|
|
|
|
/* Make the locale settings visible as GUC variables, too */
|
|
SetConfigOption("lc_collate", collate, PGC_INTERNAL, PGC_S_OVERRIDE);
|
|
SetConfigOption("lc_ctype", ctype, PGC_INTERNAL, PGC_S_OVERRIDE);
|
|
|
|
/* Use the right encoding in translated messages */
|
|
#ifdef ENABLE_NLS
|
|
pg_bind_textdomain_codeset(textdomain(NULL));
|
|
#endif
|
|
|
|
ReleaseSysCache(tup);
|
|
}
|
|
|
|
|
|
|
|
/* --------------------------------
|
|
* InitCommunication
|
|
*
|
|
* This routine initializes stuff needed for ipc, locking, etc.
|
|
* it should be called something more informative.
|
|
* --------------------------------
|
|
*/
|
|
static void
|
|
InitCommunication(void)
|
|
{
|
|
/*
|
|
* initialize shared memory and semaphores appropriately.
|
|
*/
|
|
if (!IsUnderPostmaster) /* postmaster already did this */
|
|
{
|
|
/*
|
|
* We're running a postgres bootstrap process or a standalone backend.
|
|
* Create private "shmem" and semaphores.
|
|
*/
|
|
CreateSharedMemoryAndSemaphores(true, 0);
|
|
}
|
|
}
|
|
|
|
|
|
/*
|
|
* pg_split_opts -- split a string of options and append it to an argv array
|
|
*
|
|
* NB: the input string is destructively modified! Also, caller is responsible
|
|
* for ensuring the argv array is large enough. The maximum possible number
|
|
* of arguments added by this routine is (strlen(optstr) + 1) / 2.
|
|
*
|
|
* Since no current POSTGRES arguments require any quoting characters,
|
|
* we can use the simple-minded tactic of assuming each set of space-
|
|
* delimited characters is a separate argv element.
|
|
*
|
|
* If you don't like that, well, we *used* to pass the whole option string
|
|
* as ONE argument to execl(), which was even less intelligent...
|
|
*/
|
|
void
|
|
pg_split_opts(char **argv, int *argcp, char *optstr)
|
|
{
|
|
while (*optstr)
|
|
{
|
|
while (isspace((unsigned char) *optstr))
|
|
optstr++;
|
|
if (*optstr == '\0')
|
|
break;
|
|
argv[(*argcp)++] = optstr;
|
|
while (*optstr && !isspace((unsigned char) *optstr))
|
|
optstr++;
|
|
if (*optstr)
|
|
*optstr++ = '\0';
|
|
}
|
|
}
|
|
|
|
|
|
/*
|
|
* Early initialization of a backend (either standalone or under postmaster).
|
|
* This happens even before InitPostgres.
|
|
*
|
|
* If you're wondering why this is separate from InitPostgres at all:
|
|
* the critical distinction is that this stuff has to happen before we can
|
|
* run XLOG-related initialization, which is done before InitPostgres --- in
|
|
* fact, for cases such as the background writer process, InitPostgres may
|
|
* never be done at all.
|
|
*/
|
|
void
|
|
BaseInit(void)
|
|
{
|
|
/*
|
|
* Attach to shared memory and semaphores, and initialize our
|
|
* input/output/debugging file descriptors.
|
|
*/
|
|
InitCommunication();
|
|
DebugFileOpen();
|
|
|
|
/* Do local initialization of file, storage and buffer managers */
|
|
InitFileAccess();
|
|
smgrinit();
|
|
InitBufferPoolAccess();
|
|
}
|
|
|
|
|
|
/* --------------------------------
|
|
* InitPostgres
|
|
* Initialize POSTGRES.
|
|
*
|
|
* The database can be specified by name, using the in_dbname parameter, or by
|
|
* OID, using the dboid parameter. In the latter case, the actual database
|
|
* name can be returned to the caller in out_dbname. If out_dbname isn't
|
|
* NULL, it must point to a buffer of size NAMEDATALEN.
|
|
*
|
|
* In bootstrap mode no parameters are used. The autovacuum launcher process
|
|
* doesn't use any parameters either, because it only goes far enough to be
|
|
* able to read pg_database; it doesn't connect to any particular database.
|
|
* In walsender mode only username is used.
|
|
*
|
|
* As of PostgreSQL 8.2, we expect InitProcess() was already called, so we
|
|
* already have a PGPROC struct ... but it's not completely filled in yet.
|
|
*
|
|
* Note:
|
|
* Be very careful with the order of calls in the InitPostgres function.
|
|
* --------------------------------
|
|
*/
|
|
void
|
|
InitPostgres(const char *in_dbname, Oid dboid, const char *username,
|
|
char *out_dbname)
|
|
{
|
|
bool bootstrap = IsBootstrapProcessingMode();
|
|
bool am_superuser;
|
|
GucContext gucctx;
|
|
char *fullpath;
|
|
char dbname[NAMEDATALEN];
|
|
|
|
elog(DEBUG3, "InitPostgres");
|
|
|
|
/*
|
|
* Add my PGPROC struct to the ProcArray.
|
|
*
|
|
* Once I have done this, I am visible to other backends!
|
|
*/
|
|
InitProcessPhase2();
|
|
|
|
/*
|
|
* Initialize my entry in the shared-invalidation manager's array of
|
|
* per-backend data.
|
|
*
|
|
* Sets up MyBackendId, a unique backend identifier.
|
|
*/
|
|
MyBackendId = InvalidBackendId;
|
|
|
|
SharedInvalBackendInit(false);
|
|
|
|
if (MyBackendId > MaxBackends || MyBackendId <= 0)
|
|
elog(FATAL, "bad backend id: %d", MyBackendId);
|
|
|
|
/* Now that we have a BackendId, we can participate in ProcSignal */
|
|
ProcSignalInit(MyBackendId);
|
|
|
|
/*
|
|
* bufmgr needs another initialization call too
|
|
*/
|
|
InitBufferPoolBackend();
|
|
|
|
/*
|
|
* Initialize local process's access to XLOG, if appropriate. In
|
|
* bootstrap case we skip this since StartupXLOG() was run instead.
|
|
*/
|
|
if (!bootstrap)
|
|
(void) RecoveryInProgress();
|
|
|
|
/*
|
|
* Initialize the relation cache and the system catalog caches. Note that
|
|
* no catalog access happens here; we only set up the hashtable structure.
|
|
* We must do this before starting a transaction because transaction abort
|
|
* would try to touch these hashtables.
|
|
*/
|
|
RelationCacheInitialize();
|
|
InitCatalogCache();
|
|
InitPlanCache();
|
|
|
|
/* Initialize portal manager */
|
|
EnablePortalManager();
|
|
|
|
/* Initialize stats collection --- must happen before first xact */
|
|
if (!bootstrap)
|
|
pgstat_initialize();
|
|
|
|
/*
|
|
* Load relcache entries for the shared system catalogs. This must create
|
|
* at least an entry for pg_database.
|
|
*/
|
|
RelationCacheInitializePhase2();
|
|
|
|
/*
|
|
* Set up process-exit callback to do pre-shutdown cleanup. This has to
|
|
* be after we've initialized all the low-level modules like the buffer
|
|
* manager, because during shutdown this has to run before the low-level
|
|
* modules start to close down. On the other hand, we want it in place
|
|
* before we begin our first transaction --- if we fail during the
|
|
* initialization transaction, as is entirely possible, we need the
|
|
* AbortTransaction call to clean up.
|
|
*/
|
|
on_shmem_exit(ShutdownPostgres, 0);
|
|
|
|
/* The autovacuum launcher is done here */
|
|
if (IsAutoVacuumLauncherProcess())
|
|
return;
|
|
|
|
/*
|
|
* Start a new transaction here before first access to db, and get a
|
|
* snapshot. We don't have a use for the snapshot itself, but we're
|
|
* interested in the secondary effect that it sets RecentGlobalXmin. (This
|
|
* is critical for anything that reads heap pages, because HOT may decide
|
|
* to prune them even if the process doesn't attempt to modify any
|
|
* tuples.)
|
|
*/
|
|
if (!bootstrap)
|
|
{
|
|
StartTransactionCommand();
|
|
(void) GetTransactionSnapshot();
|
|
}
|
|
|
|
/*
|
|
* Set up the global variables holding database id and default tablespace.
|
|
* But note we won't actually try to touch the database just yet.
|
|
*
|
|
* We take a shortcut in the bootstrap and walsender case, otherwise we
|
|
* have to look up the db's entry in pg_database.
|
|
*/
|
|
if (bootstrap || am_walsender)
|
|
{
|
|
MyDatabaseId = TemplateDbOid;
|
|
MyDatabaseTableSpace = DEFAULTTABLESPACE_OID;
|
|
}
|
|
else if (in_dbname != NULL)
|
|
{
|
|
HeapTuple tuple;
|
|
Form_pg_database dbform;
|
|
|
|
tuple = GetDatabaseTuple(in_dbname);
|
|
if (!HeapTupleIsValid(tuple))
|
|
ereport(FATAL,
|
|
(errcode(ERRCODE_UNDEFINED_DATABASE),
|
|
errmsg("database \"%s\" does not exist", in_dbname)));
|
|
dbform = (Form_pg_database) GETSTRUCT(tuple);
|
|
MyDatabaseId = HeapTupleGetOid(tuple);
|
|
MyDatabaseTableSpace = dbform->dattablespace;
|
|
/* take database name from the caller, just for paranoia */
|
|
strlcpy(dbname, in_dbname, sizeof(dbname));
|
|
}
|
|
else
|
|
{
|
|
/* caller specified database by OID */
|
|
HeapTuple tuple;
|
|
Form_pg_database dbform;
|
|
|
|
tuple = GetDatabaseTupleByOid(dboid);
|
|
if (!HeapTupleIsValid(tuple))
|
|
ereport(FATAL,
|
|
(errcode(ERRCODE_UNDEFINED_DATABASE),
|
|
errmsg("database %u does not exist", dboid)));
|
|
dbform = (Form_pg_database) GETSTRUCT(tuple);
|
|
MyDatabaseId = HeapTupleGetOid(tuple);
|
|
MyDatabaseTableSpace = dbform->dattablespace;
|
|
Assert(MyDatabaseId == dboid);
|
|
strlcpy(dbname, NameStr(dbform->datname), sizeof(dbname));
|
|
/* pass the database name back to the caller */
|
|
if (out_dbname)
|
|
strcpy(out_dbname, dbname);
|
|
}
|
|
|
|
/* Now we can mark our PGPROC entry with the database ID */
|
|
/* (We assume this is an atomic store so no lock is needed) */
|
|
MyProc->databaseId = MyDatabaseId;
|
|
|
|
/*
|
|
* Now, take a writer's lock on the database we are trying to connect to.
|
|
* If there is a concurrently running DROP DATABASE on that database, this
|
|
* will block us until it finishes (and has committed its update of
|
|
* pg_database).
|
|
*
|
|
* Note that the lock is not held long, only until the end of this startup
|
|
* transaction. This is OK since we are already advertising our use of
|
|
* the database in the PGPROC array; anyone trying a DROP DATABASE after
|
|
* this point will see us there.
|
|
*
|
|
* Note: use of RowExclusiveLock here is reasonable because we envision
|
|
* our session as being a concurrent writer of the database. If we had a
|
|
* way of declaring a session as being guaranteed-read-only, we could use
|
|
* AccessShareLock for such sessions and thereby not conflict against
|
|
* CREATE DATABASE.
|
|
*/
|
|
if (!bootstrap && !am_walsender)
|
|
LockSharedObject(DatabaseRelationId, MyDatabaseId, 0,
|
|
RowExclusiveLock);
|
|
|
|
/*
|
|
* Recheck pg_database to make sure the target database hasn't gone away.
|
|
* If there was a concurrent DROP DATABASE, this ensures we will die
|
|
* cleanly without creating a mess.
|
|
*/
|
|
if (!bootstrap && !am_walsender)
|
|
{
|
|
HeapTuple tuple;
|
|
|
|
tuple = GetDatabaseTuple(dbname);
|
|
if (!HeapTupleIsValid(tuple) ||
|
|
MyDatabaseId != HeapTupleGetOid(tuple) ||
|
|
MyDatabaseTableSpace != ((Form_pg_database) GETSTRUCT(tuple))->dattablespace)
|
|
ereport(FATAL,
|
|
(errcode(ERRCODE_UNDEFINED_DATABASE),
|
|
errmsg("database \"%s\" does not exist", dbname),
|
|
errdetail("It seems to have just been dropped or renamed.")));
|
|
}
|
|
|
|
/*
|
|
* Now we should be able to access the database directory safely. Verify
|
|
* it's there and looks reasonable.
|
|
*/
|
|
fullpath = GetDatabasePath(MyDatabaseId, MyDatabaseTableSpace);
|
|
|
|
if (!bootstrap && !am_walsender)
|
|
{
|
|
if (access(fullpath, F_OK) == -1)
|
|
{
|
|
if (errno == ENOENT)
|
|
ereport(FATAL,
|
|
(errcode(ERRCODE_UNDEFINED_DATABASE),
|
|
errmsg("database \"%s\" does not exist",
|
|
dbname),
|
|
errdetail("The database subdirectory \"%s\" is missing.",
|
|
fullpath)));
|
|
else
|
|
ereport(FATAL,
|
|
(errcode_for_file_access(),
|
|
errmsg("could not access directory \"%s\": %m",
|
|
fullpath)));
|
|
}
|
|
|
|
ValidatePgVersion(fullpath);
|
|
}
|
|
|
|
SetDatabasePath(fullpath);
|
|
|
|
/*
|
|
* It's now possible to do real access to the system catalogs.
|
|
*
|
|
* Load relcache entries for the system catalogs. This must create at
|
|
* least the minimum set of "nailed-in" cache entries.
|
|
*/
|
|
RelationCacheInitializePhase3();
|
|
|
|
/*
|
|
* Perform client authentication if necessary, then figure out our
|
|
* postgres user ID, and see if we are a superuser.
|
|
*
|
|
* In standalone mode and in autovacuum worker processes, we use a fixed
|
|
* ID, otherwise we figure it out from the authenticated user name.
|
|
*/
|
|
if (bootstrap || IsAutoVacuumWorkerProcess())
|
|
{
|
|
InitializeSessionUserIdStandalone();
|
|
am_superuser = true;
|
|
}
|
|
else if (!IsUnderPostmaster)
|
|
{
|
|
InitializeSessionUserIdStandalone();
|
|
am_superuser = true;
|
|
if (!ThereIsAtLeastOneRole())
|
|
ereport(WARNING,
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
errmsg("no roles are defined in this database system"),
|
|
errhint("You should immediately run CREATE USER \"%s\" SUPERUSER;.",
|
|
username)));
|
|
}
|
|
else
|
|
{
|
|
/* normal multiuser case */
|
|
Assert(MyProcPort != NULL);
|
|
PerformAuthentication(MyProcPort);
|
|
InitializeSessionUserId(username);
|
|
am_superuser = superuser();
|
|
}
|
|
|
|
/* set up ACL framework (so CheckMyDatabase can check permissions) */
|
|
initialize_acl();
|
|
|
|
/* Process pg_db_role_setting options */
|
|
process_settings(MyDatabaseId, GetSessionUserId());
|
|
|
|
/*
|
|
* Re-read the pg_database row for our database, check permissions and set
|
|
* up database-specific GUC settings. We can't do this until all the
|
|
* database-access infrastructure is up. (Also, it wants to know if the
|
|
* user is a superuser, so the above stuff has to happen first.)
|
|
*/
|
|
if (!bootstrap && !am_walsender)
|
|
CheckMyDatabase(dbname, am_superuser);
|
|
|
|
/*
|
|
* If we're trying to shut down, only superusers can connect.
|
|
*/
|
|
if (!am_superuser &&
|
|
MyProcPort != NULL &&
|
|
MyProcPort->canAcceptConnections == CAC_WAITBACKUP)
|
|
ereport(FATAL,
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
errmsg("must be superuser to connect during database shutdown")));
|
|
|
|
/*
|
|
* Check a normal user hasn't connected to a superuser reserved slot.
|
|
*/
|
|
if (!am_superuser &&
|
|
ReservedBackends > 0 &&
|
|
!HaveNFreeProcs(ReservedBackends))
|
|
ereport(FATAL,
|
|
(errcode(ERRCODE_TOO_MANY_CONNECTIONS),
|
|
errmsg("connection limit exceeded for non-superusers")));
|
|
|
|
/*
|
|
* Now process any command-line switches that were included in the startup
|
|
* packet, if we are in a regular backend. We couldn't do this before
|
|
* because we didn't know if client is a superuser.
|
|
*/
|
|
gucctx = am_superuser ? PGC_SUSET : PGC_BACKEND;
|
|
|
|
if (MyProcPort != NULL &&
|
|
MyProcPort->cmdline_options != NULL)
|
|
{
|
|
/*
|
|
* The maximum possible number of commandline arguments that could
|
|
* come from MyProcPort->cmdline_options is (strlen + 1) / 2; see
|
|
* pg_split_opts().
|
|
*/
|
|
char **av;
|
|
int maxac;
|
|
int ac;
|
|
|
|
maxac = 2 + (strlen(MyProcPort->cmdline_options) + 1) / 2;
|
|
|
|
av = (char **) palloc(maxac * sizeof(char *));
|
|
ac = 0;
|
|
|
|
av[ac++] = "postgres";
|
|
|
|
/* Note this mangles MyProcPort->cmdline_options */
|
|
pg_split_opts(av, &ac, MyProcPort->cmdline_options);
|
|
|
|
av[ac] = NULL;
|
|
|
|
Assert(ac < maxac);
|
|
|
|
(void) process_postgres_switches(ac, av, gucctx);
|
|
}
|
|
|
|
/*
|
|
* Process any additional GUC variable settings passed in startup packet.
|
|
* These are handled exactly like command-line variables.
|
|
*/
|
|
if (MyProcPort != NULL)
|
|
{
|
|
ListCell *gucopts = list_head(MyProcPort->guc_options);
|
|
|
|
while (gucopts)
|
|
{
|
|
char *name;
|
|
char *value;
|
|
|
|
name = lfirst(gucopts);
|
|
gucopts = lnext(gucopts);
|
|
|
|
value = lfirst(gucopts);
|
|
gucopts = lnext(gucopts);
|
|
|
|
SetConfigOption(name, value, gucctx, PGC_S_CLIENT);
|
|
}
|
|
}
|
|
|
|
/* Apply PostAuthDelay as soon as we've read all options */
|
|
if (PostAuthDelay > 0)
|
|
pg_usleep(PostAuthDelay * 1000000L);
|
|
|
|
/*
|
|
* Initialize various default states that can't be set up until we've
|
|
* selected the active user and gotten the right GUC settings.
|
|
*/
|
|
|
|
/* set default namespace search path */
|
|
InitializeSearchPath();
|
|
|
|
/* initialize client encoding */
|
|
InitializeClientEncoding();
|
|
|
|
/* reset the database for walsender */
|
|
if (am_walsender)
|
|
MyProc->databaseId = MyDatabaseId = InvalidOid;
|
|
|
|
/* report this backend in the PgBackendStatus array */
|
|
if (!bootstrap)
|
|
pgstat_bestart();
|
|
|
|
/* close the transaction we started above */
|
|
if (!bootstrap)
|
|
CommitTransactionCommand();
|
|
}
|
|
|
|
/*
|
|
* Load GUC settings from pg_db_role_setting.
|
|
*
|
|
* We try specific settings for the database/role combination, as well as
|
|
* general for this database and for this user.
|
|
*/
|
|
static void
|
|
process_settings(Oid databaseid, Oid roleid)
|
|
{
|
|
Relation relsetting;
|
|
|
|
if (!IsUnderPostmaster)
|
|
return;
|
|
|
|
relsetting = heap_open(DbRoleSettingRelationId, AccessShareLock);
|
|
|
|
/* Later settings are ignored if set earlier. */
|
|
ApplySetting(databaseid, roleid, relsetting, PGC_S_DATABASE_USER);
|
|
ApplySetting(InvalidOid, roleid, relsetting, PGC_S_USER);
|
|
ApplySetting(databaseid, InvalidOid, relsetting, PGC_S_DATABASE);
|
|
|
|
heap_close(relsetting, AccessShareLock);
|
|
}
|
|
|
|
/*
|
|
* Backend-shutdown callback. Do cleanup that we want to be sure happens
|
|
* before all the supporting modules begin to nail their doors shut via
|
|
* their own callbacks.
|
|
*
|
|
* User-level cleanup, such as temp-relation removal and UNLISTEN, happens
|
|
* via separate callbacks that execute before this one. We don't combine the
|
|
* callbacks because we still want this one to happen if the user-level
|
|
* cleanup fails.
|
|
*/
|
|
static void
|
|
ShutdownPostgres(int code, Datum arg)
|
|
{
|
|
/* Make sure we've killed any active transaction */
|
|
AbortOutOfAnyTransaction();
|
|
|
|
/*
|
|
* User locks are not released by transaction end, so be sure to release
|
|
* them explicitly.
|
|
*/
|
|
LockReleaseAll(USER_LOCKMETHOD, true);
|
|
}
|
|
|
|
|
|
/*
|
|
* Returns true if at least one role is defined in this database cluster.
|
|
*/
|
|
static bool
|
|
ThereIsAtLeastOneRole(void)
|
|
{
|
|
Relation pg_authid_rel;
|
|
HeapScanDesc scan;
|
|
bool result;
|
|
|
|
pg_authid_rel = heap_open(AuthIdRelationId, AccessShareLock);
|
|
|
|
scan = heap_beginscan(pg_authid_rel, SnapshotNow, 0, NULL);
|
|
result = (heap_getnext(scan, ForwardScanDirection) != NULL);
|
|
|
|
heap_endscan(scan);
|
|
heap_close(pg_authid_rel, AccessShareLock);
|
|
|
|
return result;
|
|
}
|