Age Owner TLA Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * main.c
4 : * Stub main() routine for the postgres executable.
5 : *
6 : * This does some essential startup tasks for any incarnation of postgres
7 : * (postmaster, standalone backend, standalone bootstrap process, or a
8 : * separately exec'd child of a postmaster) and then dispatches to the
9 : * proper FooMain() routine for the incarnation.
10 : *
11 : *
12 : * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
13 : * Portions Copyright (c) 1994, Regents of the University of California
14 : *
15 : *
16 : * IDENTIFICATION
17 : * src/backend/main/main.c
18 : *
19 : *-------------------------------------------------------------------------
20 : */
21 : #include "postgres.h"
22 :
23 : #include <unistd.h>
24 :
25 : #if defined(WIN32)
26 : #include <crtdbg.h>
27 : #endif
28 :
29 : #if defined(__NetBSD__)
30 : #include <sys/param.h>
31 : #endif
32 :
33 : #include "bootstrap/bootstrap.h"
34 : #include "common/username.h"
35 : #include "port/atomics.h"
36 : #include "postmaster/postmaster.h"
37 : #include "storage/spin.h"
38 : #include "tcop/tcopprot.h"
39 : #include "utils/help_config.h"
40 : #include "utils/memutils.h"
41 : #include "utils/pg_locale.h"
42 : #include "utils/ps_status.h"
43 :
44 :
45 : const char *progname;
46 : static bool reached_main = false;
47 :
48 :
49 : static void startup_hacks(const char *progname);
50 : static void init_locale(const char *categoryname, int category, const char *locale);
51 : static void help(const char *progname);
52 : static void check_root(const char *progname);
53 :
54 :
4497 tgl 55 ECB : /*
56 : * Any Postgres server process begins execution here.
57 : */
58 : int
6139 peter_e 59 CBC 2619 : main(int argc, char *argv[])
60 : {
3292 tgl 61 GIC 2619 : bool do_check_root = true;
62 :
139 andres 63 GNC 2619 : reached_main = true;
64 :
65 : /*
66 : * If supported on the current platform, set up a handler to be called if
67 : * the backend/postmaster crashes with a fatal signal or exception.
68 : */
69 : #if defined(WIN32)
70 : pgwin32_install_crashdump_handler();
1974 noah 71 ECB : #endif
72 :
6276 bruce 73 GIC 2619 : progname = get_progname(argv[0]);
74 :
75 : /*
6139 peter_e 76 ECB : * Platform-specific startup hacks
77 : */
6139 peter_e 78 GIC 2619 : startup_hacks(progname);
79 :
80 : /*
81 : * Remember the physical location of the initially given argv[] array for
82 : * possible use by ps display. On some platforms, the argv[] storage must
83 : * be overwritten in order to set the process title for ps. In such cases
84 : * save_ps_display_args makes and returns a new copy of the argv[] array.
85 : *
86 : * save_ps_display_args may also move the environment strings to make
87 : * extra room. Therefore this should be done as early as possible during
88 : * startup, to avoid entanglements with code that might save a getenv()
6385 bruce 89 ECB : * result pointer.
90 : */
6986 tgl 91 GIC 2619 : argv = save_ps_display_args(argc, argv);
92 :
93 : /*
94 : * Fire up essential subsystems: error and memory management
95 : *
96 : * Code after this point is allowed to use elog/ereport, though
97 : * localization of messages may not work right away, and messages won't go
3375 tgl 98 ECB : * anywhere but stderr until GUC settings get loaded.
99 : */
3375 tgl 100 GIC 2619 : MemoryContextInit();
101 :
102 : /*
1334 peter 103 ECB : * Set up locale information
104 : */
5232 peter_e 105 GIC 2619 : set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("postgres"));
106 :
107 : /*
108 : * In the postmaster, absorb the environment values for LC_COLLATE and
109 : * LC_CTYPE. Individual backends will change these later to settings
110 : * taken from pg_database, but the postmaster cannot do that. If we leave
111 : * these set to "C" then message localization might not work well in the
1334 peter 112 ECB : * postmaster.
6964 bruce 113 : */
2861 tgl 114 GIC 2619 : init_locale("LC_COLLATE", LC_COLLATE, "");
115 2619 : init_locale("LC_CTYPE", LC_CTYPE, "");
116 :
117 : /*
118 : * LC_MESSAGES will get set later during GUC option processing, but we set
119 : * it here to allow startup error messages to be localized.
1334 peter 120 ECB : */
121 : #ifdef LC_MESSAGES
2861 tgl 122 GIC 2619 : init_locale("LC_MESSAGES", LC_MESSAGES, "");
123 : #endif
124 :
125 : /*
126 : * We keep these set to "C" always, except transiently in pg_locale.c; see
6385 bruce 127 ECB : * that file for explanations.
7522 128 : */
2861 tgl 129 CBC 2619 : init_locale("LC_MONETARY", LC_MONETARY, "C");
2861 tgl 130 GIC 2619 : init_locale("LC_NUMERIC", LC_NUMERIC, "C");
131 2619 : init_locale("LC_TIME", LC_TIME, "C");
132 :
133 : /*
134 : * Now that we have absorbed as much as we wish to from the locale
135 : * environment, remove any LC_ALL setting, so that the environment
6311 tgl 136 ECB : * variables installed by pg_perm_setlocale have force.
137 : */
6311 tgl 138 CBC 2619 : unsetenv("LC_ALL");
139 :
2832 noah 140 GIC 2619 : check_strxfrm_bug();
141 :
142 : /*
143 : * Catch standard options before doing much else, in particular before we
3292 tgl 144 ECB : * insist on not being root.
145 : */
6139 peter_e 146 CBC 2619 : if (argc > 1)
147 : {
6139 peter_e 148 GBC 2619 : if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
8023 tgl 149 EUB : {
6139 peter_e 150 UIC 0 : help(progname);
6139 peter_e 151 LBC 0 : exit(0);
152 : }
6139 peter_e 153 CBC 2619 : if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
6863 tgl 154 ECB : {
2111 tgl 155 GIC 762 : fputs(PG_BACKEND_VERSIONSTR, stdout);
6139 peter_e 156 762 : exit(0);
157 : }
158 :
159 : /*
160 : * In addition to the above, we allow "--describe-config" and "-C var"
161 : * to be called by root. This is reasonably safe since these are
162 : * read-only activities. The -C case is important because pg_ctl may
163 : * try to invoke it while still holding administrator privileges on
164 : * Windows. Note that while -C can normally be in any argv position,
165 : * if you want to bypass the root check you must put it first. This
166 : * reduces the risk that we might misinterpret some other mode's -C
3292 tgl 167 ECB : * switch as being the postmaster/postgres one.
3292 tgl 168 EUB : */
3292 tgl 169 CBC 1857 : if (strcmp(argv[1], "--describe-config") == 0)
3292 tgl 170 UBC 0 : do_check_root = false;
3292 tgl 171 GIC 1857 : else if (argc > 2 && strcmp(argv[1], "-C") == 0)
3292 tgl 172 UIC 0 : do_check_root = false;
173 : }
174 :
175 : /*
176 : * Make sure we are not running as root, unless it's safe for the selected
3292 tgl 177 ECB : * option.
8170 178 : */
3292 tgl 179 GIC 1857 : if (do_check_root)
180 1857 : check_root(progname);
181 :
182 : /*
183 : * Dispatch to one of various subprograms depending on first argument.
9345 bruce 184 ECB : */
6139 peter_e 185 :
612 andres 186 CBC 1857 : if (argc > 1 && strcmp(argv[1], "--check") == 0)
187 634 : BootstrapModeMain(argc, argv, true);
612 andres 188 GIC 1223 : else if (argc > 1 && strcmp(argv[1], "--boot") == 0)
189 306 : BootstrapModeMain(argc, argv, false);
190 : #ifdef EXEC_BACKEND
191 : else if (argc > 1 && strncmp(argv[1], "--fork", 6) == 0)
612 andres 192 ECB : SubPostmasterMain(argc, argv);
612 andres 193 EUB : #endif
3940 peter_e 194 CBC 917 : else if (argc > 1 && strcmp(argv[1], "--describe-config") == 0)
612 andres 195 LBC 0 : GucInfoMain();
3940 peter_e 196 CBC 917 : else if (argc > 1 && strcmp(argv[1], "--single") == 0)
578 andres 197 GIC 316 : PostgresSingleUserMain(argc, argv,
578 andres 198 CBC 316 : strdup(get_user_name_or_exit(progname)));
199 : else
612 andres 200 GIC 601 : PostmasterMain(argc, argv);
201 : /* the functions above should not return */
202 : abort();
203 : }
204 :
205 :
206 :
207 : /*
208 : * Place platform-specific startup hacks here. This is the right
209 : * place to put code that must be executed early in the launch of any new
210 : * server process. Note that this code will NOT be executed when a backend
211 : * or sub-bootstrap process is forked, unless we are in a fork/exec
212 : * environment (ie EXEC_BACKEND is defined).
213 : *
214 : * XXX The need for code here is proof that the platform in question
215 : * is too brain-dead to provide a standard C execution environment
216 : * without help. Avoid adding more here, if you can.
6139 peter_e 217 ECB : */
218 : static void
6139 peter_e 219 GIC 2619 : startup_hacks(const char *progname)
220 : {
221 : /*
222 : * Windows-specific execution environment hacking.
223 : */
224 : #ifdef WIN32
225 : {
226 : WSADATA wsaData;
227 : int err;
228 :
229 : /* Make output streams unbuffered by default */
230 : setvbuf(stdout, NULL, _IONBF, 0);
231 : setvbuf(stderr, NULL, _IONBF, 0);
232 :
233 : /* Prepare Winsock */
234 : err = WSAStartup(MAKEWORD(2, 2), &wsaData);
235 : if (err != 0)
236 : {
237 : write_stderr("%s: WSAStartup failed: %d\n",
238 : progname, err);
239 : exit(1);
240 : }
241 :
242 : /*
243 : * By default abort() only generates a crash-dump in *non* debug
244 : * builds. As our Assert() / ExceptionalCondition() uses abort(),
245 : * leaving the default in place would make debugging harder.
246 : *
247 : * MINGW's own C runtime doesn't have _set_abort_behavior(). When
248 : * targeting Microsoft's UCRT with mingw, it never links to the debug
249 : * version of the library and thus doesn't need the call to
250 : * _set_abort_behavior() either.
251 : */
252 : #if !defined(__MINGW32__) && !defined(__MINGW64__)
253 : _set_abort_behavior(_CALL_REPORTFAULT | _WRITE_ABORT_MSG,
254 : _CALL_REPORTFAULT | _WRITE_ABORT_MSG);
255 : #endif /* !defined(__MINGW32__) &&
256 : * !defined(__MINGW64__) */
257 :
258 : /*
259 : * SEM_FAILCRITICALERRORS causes more errors to be reported to
260 : * callers.
261 : *
262 : * We used to also specify SEM_NOGPFAULTERRORBOX, but that prevents
263 : * windows crash reporting from working. Which includes registered
264 : * just-in-time debuggers, making it unnecessarily hard to debug
265 : * problems on windows. Now we try to disable sources of popups
266 : * separately below (note that SEM_NOGPFAULTERRORBOX did not actually
267 : * prevent all sources of such popups).
268 : */
269 : SetErrorMode(SEM_FAILCRITICALERRORS);
270 :
271 : /*
272 : * Show errors on stderr instead of popup box (note this doesn't
273 : * affect errors originating in the C runtime, see below).
274 : */
275 : _set_error_mode(_OUT_TO_STDERR);
276 :
277 : /*
278 : * In DEBUG builds, errors, including assertions, C runtime errors are
279 : * reported via _CrtDbgReport. By default such errors are displayed
280 : * with a popup (even with NOGPFAULTERRORBOX), preventing forward
281 : * progress. Instead report such errors stderr (and the debugger).
282 : * This is C runtime specific and thus the above incantations aren't
283 : * sufficient to suppress these popups.
284 : */
285 : _CrtSetReportMode(_CRT_ERROR, _CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG);
286 : _CrtSetReportFile(_CRT_ERROR, _CRTDBG_FILE_STDERR);
287 : _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG);
288 : _CrtSetReportFile(_CRT_ASSERT, _CRTDBG_FILE_STDERR);
289 : _CrtSetReportMode(_CRT_WARN, _CRTDBG_MODE_FILE | _CRTDBG_MODE_DEBUG);
290 : _CrtSetReportFile(_CRT_WARN, _CRTDBG_FILE_STDERR);
6139 peter_e 291 ECB : }
292 : #endif /* WIN32 */
3249 tgl 293 :
3249 tgl 294 EUB : /*
295 : * Initialize dummy_spinlock, in case we are on a platform where we have
296 : * to use the fallback implementation of pg_memory_barrier().
3249 tgl 297 ECB : */
3249 tgl 298 GIC 2619 : SpinLockInit(&dummy_spinlock);
6139 peter_e 299 2619 : }
300 :
301 :
302 : /*
303 : * Make the initial permanent setting for a locale category. If that fails,
304 : * perhaps due to LC_foo=invalid in the environment, use locale C. If even
305 : * that fails, perhaps due to out-of-memory, the entire startup fails with it.
306 : * When this returns, we are guaranteed to have a setting for the given
307 : * category's environment variable.
308 : */
309 : static void
2861 tgl 310 GBC 15714 : init_locale(const char *categoryname, int category, const char *locale)
311 : {
3014 noah 312 15714 : if (pg_perm_setlocale(category, locale) == NULL &&
3014 noah 313 UBC 0 : pg_perm_setlocale(category, "C") == NULL)
2861 tgl 314 0 : elog(FATAL, "could not adopt \"%s\" locale nor C locale for %s",
2861 tgl 315 EUB : locale, categoryname);
3014 noah 316 GBC 15714 : }
3014 noah 317 EUB :
318 :
319 :
5939 tgl 320 : /*
321 : * Help display should match the options accepted by PostmasterMain()
322 : * and PostgresMain().
3574 noah 323 : *
324 : * XXX On Windows, non-ASCII localizations of these messages only display
325 : * correctly if the console output code page covers the necessary characters.
326 : * Messages emitted in write_console() do not exhibit this problem.
327 : */
6139 peter_e 328 : static void
6139 peter_e 329 UBC 0 : help(const char *progname)
6139 peter_e 330 EUB : {
6139 peter_e 331 UBC 0 : printf(_("%s is the PostgreSQL server.\n\n"), progname);
332 0 : printf(_("Usage:\n %s [OPTION]...\n\n"), progname);
333 0 : printf(_("Options:\n"));
3978 334 0 : printf(_(" -B NBUFFERS number of shared buffers\n"));
335 0 : printf(_(" -c NAME=VALUE set run-time parameter\n"));
3952 peter_e 336 UIC 0 : printf(_(" -C NAME print value of run-time parameter, then exit\n"));
3978 peter_e 337 UBC 0 : printf(_(" -d 1-5 debugging level\n"));
338 0 : printf(_(" -D DATADIR database directory\n"));
339 0 : printf(_(" -e use European date input format (DMY)\n"));
340 0 : printf(_(" -F turn fsync off\n"));
341 0 : printf(_(" -h HOSTNAME host name or IP address to listen on\n"));
38 dgustafsson 342 UNC 0 : printf(_(" -i enable TCP/IP connections (deprecated)\n"));
3978 peter_e 343 UBC 0 : printf(_(" -k DIRECTORY Unix-domain socket location\n"));
344 : #ifdef USE_SSL
345 0 : printf(_(" -l enable SSL connections\n"));
6139 peter_e 346 EUB : #endif
3978 peter_e 347 UBC 0 : printf(_(" -N MAX-CONNECT maximum number of allowed connections\n"));
348 0 : printf(_(" -p PORT port number to listen on\n"));
349 0 : printf(_(" -s show statistics after each query\n"));
350 0 : printf(_(" -S WORK-MEM set amount of memory for sorts (in kB)\n"));
3947 351 0 : printf(_(" -V, --version output version information, then exit\n"));
3978 peter_e 352 UIC 0 : printf(_(" --NAME=VALUE set run-time parameter\n"));
6139 peter_e 353 UBC 0 : printf(_(" --describe-config describe configuration parameters, then exit\n"));
3947 354 0 : printf(_(" -?, --help show this help, then exit\n"));
6139 peter_e 355 EUB :
6139 peter_e 356 UBC 0 : printf(_("\nDeveloper options:\n"));
237 michael 357 0 : printf(_(" -f s|i|o|b|t|n|m|h forbid use of some plan types\n"));
3978 peter_e 358 0 : printf(_(" -O allow system table structure changes\n"));
3978 peter_e 359 UIC 0 : printf(_(" -P disable system indexes\n"));
360 0 : printf(_(" -t pa|pl|ex show timings after each query\n"));
139 tgl 361 UNC 0 : printf(_(" -T send SIGABRT to all backend processes if one dies\n"));
3978 peter_e 362 UBC 0 : printf(_(" -W NUM wait NUM seconds to allow attach from a debugger\n"));
6139 peter_e 363 EUB :
6139 peter_e 364 UIC 0 : printf(_("\nOptions for single-user mode:\n"));
3978 365 0 : printf(_(" --single selects single-user mode (must be first argument)\n"));
366 0 : printf(_(" DBNAME database name (defaults to user name)\n"));
367 0 : printf(_(" -d 0-5 override debugging level\n"));
3978 peter_e 368 LBC 0 : printf(_(" -E echo statement before execution\n"));
3978 peter_e 369 UIC 0 : printf(_(" -j do not use newline as interactive query delimiter\n"));
370 0 : printf(_(" -r FILENAME send stdout and stderr to given file\n"));
6139 peter_e 371 ECB :
6139 peter_e 372 UIC 0 : printf(_("\nOptions for bootstrapping mode:\n"));
3978 peter_e 373 UBC 0 : printf(_(" --boot selects bootstrapping mode (must be first argument)\n"));
612 andres 374 UIC 0 : printf(_(" --check selects check mode (must be first argument)\n"));
3978 peter_e 375 0 : printf(_(" DBNAME database name (mandatory argument in bootstrapping mode)\n"));
376 0 : printf(_(" -r FILENAME send stdout and stderr to given file\n"));
6139 peter_e 377 EUB :
6139 peter_e 378 UIC 0 : printf(_("\nPlease read the documentation for the complete list of run-time\n"
379 : "configuration settings and how to set them on the command line or in\n"
380 : "the configuration file.\n\n"
381 : "Report bugs to <%s>.\n"), PACKAGE_BUGREPORT);
1136 peter 382 0 : printf(_("%s home page: <%s>\n"), PACKAGE_NAME, PACKAGE_URL);
6139 peter_e 383 0 : }
384 :
385 :
386 :
387 : static void
6139 peter_e 388 CBC 1857 : check_root(const char *progname)
389 : {
6139 peter_e 390 EUB : #ifndef WIN32
6139 peter_e 391 GIC 1857 : if (geteuid() == 0)
6139 peter_e 392 EUB : {
6139 peter_e 393 UIC 0 : write_stderr("\"root\" execution of the PostgreSQL server is not permitted.\n"
394 : "The server must be started under an unprivileged user ID to prevent\n"
395 : "possible system security compromise. See the documentation for\n"
396 : "more information on how to properly start the server.\n");
397 0 : exit(1);
398 : }
399 :
400 : /*
401 : * Also make sure that real and effective uids are the same. Executing as
402 : * a setuid program from a root shell is a security hole, since on many
403 : * platforms a nefarious subroutine could setuid back to root if real uid
404 : * is root. (Since nobody actually uses postgres as a setuid program,
6031 bruce 405 ECB : * trying to actively fix this situation seems more trouble than it's
406 : * worth; we'll just expend the effort to check for it.)
407 : */
6139 peter_e 408 GIC 1857 : if (getuid() != geteuid())
409 : {
6139 peter_e 410 UIC 0 : write_stderr("%s: real and effective user IDs must match\n",
411 : progname);
412 0 : exit(1);
413 : }
414 : #else /* WIN32 */
415 : if (pgwin32_is_admin())
416 : {
417 : write_stderr("Execution of PostgreSQL by a user with administrative permissions is not\n"
418 : "permitted.\n"
419 : "The server must be started under an unprivileged user ID to prevent\n"
420 : "possible system security compromises. See the documentation for\n"
421 : "more information on how to properly start the server.\n");
422 : exit(1);
423 : }
424 : #endif /* WIN32 */
6139 peter_e 425 GBC 1857 : }
426 :
427 : /*
428 : * At least on linux, set_ps_display() breaks /proc/$pid/environ. The
429 : * sanitizer library uses /proc/$pid/environ to implement getenv() as it wants
430 : * to work independent of libc. When just using undefined and alignment
431 : * sanitizers, the sanitizer library is only initialized when the first error
432 : * occurs, by which time we've often already called set_ps_display(),
433 : * preventing the sanitizer libraries from seeing the options.
434 : *
435 : * We can work around that by defining __ubsan_default_options, a weak symbol
436 : * libsanitizer uses to get defaults from the application, and return
437 : * getenv("UBSAN_OPTIONS"). But only if main already was reached, so that we
438 : * don't end up relying on a not-yet-working getenv().
439 : *
440 : * As this function won't get called when not running a sanitizer, it doesn't
441 : * seem necessary to only compile it conditionally.
442 : */
443 : const char *__ubsan_default_options(void);
444 : const char *
139 andres 445 UNC 0 : __ubsan_default_options(void)
446 : {
447 : /* don't call libc before it's guaranteed to be initialized */
448 0 : if (!reached_main)
449 0 : return "";
450 :
451 0 : return getenv("UBSAN_OPTIONS");
452 : }
|
