1 /*-------------------------------------------------------------------------
2 *
3 * main.c
4 * Stub main() routine for the postgres executable.
5 *
6 * This does some essential startup tasks for any incarnation of postgres
7 * (postmaster, standalone backend, standalone bootstrap process, or a
8 * separately exec'd child of a postmaster) and then dispatches to the
9 * proper FooMain() routine for the incarnation.
10 *
11 *
12 * Portions Copyright (c) 1996-2016, PostgreSQL Global Development Group
13 * Portions Copyright (c) 1994, Regents of the University of California
14 *
15 *
16 * IDENTIFICATION
17 * src/backend/main/main.c
18 *
19 *-------------------------------------------------------------------------
20 */
21 #include "postgres.h"
22
23 #include <unistd.h>
24
25 #if defined(__NetBSD__)
26 #include <sys/param.h>
27 #endif
28
29 #if defined(_M_AMD64) && _MSC_VER == 1800
30 #include <math.h>
31 #include <versionhelpers.h>
32 #endif
33
34 #include "bootstrap/bootstrap.h"
35 #include "common/username.h"
36 #include "postmaster/postmaster.h"
37 #include "storage/barrier.h"
38 #include "storage/s_lock.h"
39 #include "storage/spin.h"
40 #include "tcop/tcopprot.h"
41 #include "utils/help_config.h"
42 #include "utils/memutils.h"
43 #include "utils/pg_locale.h"
44 #include "utils/ps_status.h"
45
46
47 const char *progname;
48
49
50 static void startup_hacks(const char *progname);
51 static void init_locale(const char *categoryname, int category, const char *locale);
52 static void help(const char *progname);
53 static void check_root(const char *progname);
54
55
56 /*
57 * Any Postgres server process begins execution here.
58 */
59 int
main(int argc,char * argv[])60 main(int argc, char *argv[])
61 {
62 bool do_check_root = true;
63
64 /*
65 * If supported on the current platform, set up a handler to be called if
66 * the backend/postmaster crashes with a fatal signal or exception.
67 */
68 #if defined(WIN32) && defined(HAVE_MINIDUMP_TYPE)
69 pgwin32_install_crashdump_handler();
70 #endif
71
72 progname = get_progname(argv[0]);
73
74 /*
75 * Platform-specific startup hacks
76 */
77 startup_hacks(progname);
78
79 /*
80 * Remember the physical location of the initially given argv[] array for
81 * possible use by ps display. On some platforms, the argv[] storage must
82 * be overwritten in order to set the process title for ps. In such cases
83 * save_ps_display_args makes and returns a new copy of the argv[] array.
84 *
85 * save_ps_display_args may also move the environment strings to make
86 * extra room. Therefore this should be done as early as possible during
87 * startup, to avoid entanglements with code that might save a getenv()
88 * result pointer.
89 */
90 argv = save_ps_display_args(argc, argv);
91
92 /*
93 * Fire up essential subsystems: error and memory management
94 *
95 * Code after this point is allowed to use elog/ereport, though
96 * localization of messages may not work right away, and messages won't go
97 * anywhere but stderr until GUC settings get loaded.
98 */
99 MemoryContextInit();
100
101 /*
102 * Set up locale information from environment. Note that LC_CTYPE and
103 * LC_COLLATE will be overridden later from pg_control if we are in an
104 * already-initialized database. We set them here so that they will be
105 * available to fill pg_control during initdb. LC_MESSAGES will get set
106 * later during GUC option processing, but we set it here to allow startup
107 * error messages to be localized.
108 */
109
110 set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("postgres"));
111
112 #ifdef WIN32
113
114 /*
115 * Windows uses codepages rather than the environment, so we work around
116 * that by querying the environment explicitly first for LC_COLLATE and
117 * LC_CTYPE. We have to do this because initdb passes those values in the
118 * environment. If there is nothing there we fall back on the codepage.
119 */
120 {
121 char *env_locale;
122
123 if ((env_locale = getenv("LC_COLLATE")) != NULL)
124 init_locale("LC_COLLATE", LC_COLLATE, env_locale);
125 else
126 init_locale("LC_COLLATE", LC_COLLATE, "");
127
128 if ((env_locale = getenv("LC_CTYPE")) != NULL)
129 init_locale("LC_CTYPE", LC_CTYPE, env_locale);
130 else
131 init_locale("LC_CTYPE", LC_CTYPE, "");
132 }
133 #else
134 init_locale("LC_COLLATE", LC_COLLATE, "");
135 init_locale("LC_CTYPE", LC_CTYPE, "");
136 #endif
137
138 #ifdef LC_MESSAGES
139 init_locale("LC_MESSAGES", LC_MESSAGES, "");
140 #endif
141
142 /*
143 * We keep these set to "C" always, except transiently in pg_locale.c; see
144 * that file for explanations.
145 */
146 init_locale("LC_MONETARY", LC_MONETARY, "C");
147 init_locale("LC_NUMERIC", LC_NUMERIC, "C");
148 init_locale("LC_TIME", LC_TIME, "C");
149
150 /*
151 * Now that we have absorbed as much as we wish to from the locale
152 * environment, remove any LC_ALL setting, so that the environment
153 * variables installed by pg_perm_setlocale have force.
154 */
155 unsetenv("LC_ALL");
156
157 check_strxfrm_bug();
158
159 /*
160 * Catch standard options before doing much else, in particular before we
161 * insist on not being root.
162 */
163 if (argc > 1)
164 {
165 if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
166 {
167 help(progname);
168 exit(0);
169 }
170 if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
171 {
172 puts("postgres (PostgreSQL) " PG_VERSION);
173 exit(0);
174 }
175
176 /*
177 * In addition to the above, we allow "--describe-config" and "-C var"
178 * to be called by root. This is reasonably safe since these are
179 * read-only activities. The -C case is important because pg_ctl may
180 * try to invoke it while still holding administrator privileges on
181 * Windows. Note that while -C can normally be in any argv position,
182 * if you want to bypass the root check you must put it first. This
183 * reduces the risk that we might misinterpret some other mode's -C
184 * switch as being the postmaster/postgres one.
185 */
186 if (strcmp(argv[1], "--describe-config") == 0)
187 do_check_root = false;
188 else if (argc > 2 && strcmp(argv[1], "-C") == 0)
189 do_check_root = false;
190 }
191
192 /*
193 * Make sure we are not running as root, unless it's safe for the selected
194 * option.
195 */
196 if (do_check_root)
197 check_root(progname);
198
199 /*
200 * Dispatch to one of various subprograms depending on first argument.
201 */
202
203 #ifdef EXEC_BACKEND
204 if (argc > 1 && strncmp(argv[1], "--fork", 6) == 0)
205 SubPostmasterMain(argc, argv); /* does not return */
206 #endif
207
208 #ifdef WIN32
209
210 /*
211 * Start our win32 signal implementation
212 *
213 * SubPostmasterMain() will do this for itself, but the remaining modes
214 * need it here
215 */
216 pgwin32_signal_initialize();
217 #endif
218
219 if (argc > 1 && strcmp(argv[1], "--boot") == 0)
220 AuxiliaryProcessMain(argc, argv); /* does not return */
221 else if (argc > 1 && strcmp(argv[1], "--describe-config") == 0)
222 GucInfoMain(); /* does not return */
223 else if (argc > 1 && strcmp(argv[1], "--single") == 0)
224 PostgresMain(argc, argv,
225 NULL, /* no dbname */
226 strdup(get_user_name_or_exit(progname))); /* does not return */
227 else
228 PostmasterMain(argc, argv); /* does not return */
229 abort(); /* should not get here */
230 }
231
232
233
234 /*
235 * Place platform-specific startup hacks here. This is the right
236 * place to put code that must be executed early in the launch of any new
237 * server process. Note that this code will NOT be executed when a backend
238 * or sub-bootstrap process is forked, unless we are in a fork/exec
239 * environment (ie EXEC_BACKEND is defined).
240 *
241 * XXX The need for code here is proof that the platform in question
242 * is too brain-dead to provide a standard C execution environment
243 * without help. Avoid adding more here, if you can.
244 */
245 static void
startup_hacks(const char * progname)246 startup_hacks(const char *progname)
247 {
248 /*
249 * Windows-specific execution environment hacking.
250 */
251 #ifdef WIN32
252 {
253 WSADATA wsaData;
254 int err;
255
256 /* Make output streams unbuffered by default */
257 setvbuf(stdout, NULL, _IONBF, 0);
258 setvbuf(stderr, NULL, _IONBF, 0);
259
260 /* Prepare Winsock */
261 err = WSAStartup(MAKEWORD(2, 2), &wsaData);
262 if (err != 0)
263 {
264 write_stderr("%s: WSAStartup failed: %d\n",
265 progname, err);
266 exit(1);
267 }
268
269 /* In case of general protection fault, don't show GUI popup box */
270 SetErrorMode(SEM_FAILCRITICALERRORS | SEM_NOGPFAULTERRORBOX);
271
272 #if defined(_M_AMD64) && _MSC_VER == 1800
273
274 /*----------
275 * Avoid crashing in certain floating-point operations if we were
276 * compiled for x64 with MS Visual Studio 2013 and are running on
277 * Windows prior to 7/2008R2 SP1 on an AVX2-capable CPU.
278 *
279 * Ref: https://connect.microsoft.com/VisualStudio/feedback/details/811093/visual-studio-2013-rtm-c-x64-code-generation-bug-for-avx2-instructions
280 *----------
281 */
282 if (!IsWindows7SP1OrGreater())
283 {
284 _set_FMA3_enable(0);
285 }
286 #endif /* defined(_M_AMD64) && _MSC_VER == 1800 */
287
288 }
289 #endif /* WIN32 */
290
291 /*
292 * Initialize dummy_spinlock, in case we are on a platform where we have
293 * to use the fallback implementation of pg_memory_barrier().
294 */
295 SpinLockInit(&dummy_spinlock);
296 }
297
298
299 /*
300 * Make the initial permanent setting for a locale category. If that fails,
301 * perhaps due to LC_foo=invalid in the environment, use locale C. If even
302 * that fails, perhaps due to out-of-memory, the entire startup fails with it.
303 * When this returns, we are guaranteed to have a setting for the given
304 * category's environment variable.
305 */
306 static void
init_locale(const char * categoryname,int category,const char * locale)307 init_locale(const char *categoryname, int category, const char *locale)
308 {
309 if (pg_perm_setlocale(category, locale) == NULL &&
310 pg_perm_setlocale(category, "C") == NULL)
311 elog(FATAL, "could not adopt \"%s\" locale nor C locale for %s",
312 locale, categoryname);
313 }
314
315
316
317 /*
318 * Help display should match the options accepted by PostmasterMain()
319 * and PostgresMain().
320 *
321 * XXX On Windows, non-ASCII localizations of these messages only display
322 * correctly if the console output code page covers the necessary characters.
323 * Messages emitted in write_console() do not exhibit this problem.
324 */
325 static void
help(const char * progname)326 help(const char *progname)
327 {
328 printf(_("%s is the PostgreSQL server.\n\n"), progname);
329 printf(_("Usage:\n %s [OPTION]...\n\n"), progname);
330 printf(_("Options:\n"));
331 printf(_(" -B NBUFFERS number of shared buffers\n"));
332 printf(_(" -c NAME=VALUE set run-time parameter\n"));
333 printf(_(" -C NAME print value of run-time parameter, then exit\n"));
334 printf(_(" -d 1-5 debugging level\n"));
335 printf(_(" -D DATADIR database directory\n"));
336 printf(_(" -e use European date input format (DMY)\n"));
337 printf(_(" -F turn fsync off\n"));
338 printf(_(" -h HOSTNAME host name or IP address to listen on\n"));
339 printf(_(" -i enable TCP/IP connections\n"));
340 printf(_(" -k DIRECTORY Unix-domain socket location\n"));
341 #ifdef USE_SSL
342 printf(_(" -l enable SSL connections\n"));
343 #endif
344 printf(_(" -N MAX-CONNECT maximum number of allowed connections\n"));
345 printf(_(" -o OPTIONS pass \"OPTIONS\" to each server process (obsolete)\n"));
346 printf(_(" -p PORT port number to listen on\n"));
347 printf(_(" -s show statistics after each query\n"));
348 printf(_(" -S WORK-MEM set amount of memory for sorts (in kB)\n"));
349 printf(_(" -V, --version output version information, then exit\n"));
350 printf(_(" --NAME=VALUE set run-time parameter\n"));
351 printf(_(" --describe-config describe configuration parameters, then exit\n"));
352 printf(_(" -?, --help show this help, then exit\n"));
353
354 printf(_("\nDeveloper options:\n"));
355 printf(_(" -f s|i|n|m|h forbid use of some plan types\n"));
356 printf(_(" -n do not reinitialize shared memory after abnormal exit\n"));
357 printf(_(" -O allow system table structure changes\n"));
358 printf(_(" -P disable system indexes\n"));
359 printf(_(" -t pa|pl|ex show timings after each query\n"));
360 printf(_(" -T send SIGSTOP to all backend processes if one dies\n"));
361 printf(_(" -W NUM wait NUM seconds to allow attach from a debugger\n"));
362
363 printf(_("\nOptions for single-user mode:\n"));
364 printf(_(" --single selects single-user mode (must be first argument)\n"));
365 printf(_(" DBNAME database name (defaults to user name)\n"));
366 printf(_(" -d 0-5 override debugging level\n"));
367 printf(_(" -E echo statement before execution\n"));
368 printf(_(" -j do not use newline as interactive query delimiter\n"));
369 printf(_(" -r FILENAME send stdout and stderr to given file\n"));
370
371 printf(_("\nOptions for bootstrapping mode:\n"));
372 printf(_(" --boot selects bootstrapping mode (must be first argument)\n"));
373 printf(_(" DBNAME database name (mandatory argument in bootstrapping mode)\n"));
374 printf(_(" -r FILENAME send stdout and stderr to given file\n"));
375 printf(_(" -x NUM internal use\n"));
376
377 printf(_("\nPlease read the documentation for the complete list of run-time\n"
378 "configuration settings and how to set them on the command line or in\n"
379 "the configuration file.\n\n"
380 "Report bugs to <pgsql-bugs@postgresql.org>.\n"));
381 }
382
383
384
385 static void
check_root(const char * progname)386 check_root(const char *progname)
387 {
388 #ifndef WIN32
389 if (geteuid() == 0)
390 {
391 write_stderr("\"root\" execution of the PostgreSQL server is not permitted.\n"
392 "The server must be started under an unprivileged user ID to prevent\n"
393 "possible system security compromise. See the documentation for\n"
394 "more information on how to properly start the server.\n");
395 exit(1);
396 }
397
398 /*
399 * Also make sure that real and effective uids are the same. Executing as
400 * a setuid program from a root shell is a security hole, since on many
401 * platforms a nefarious subroutine could setuid back to root if real uid
402 * is root. (Since nobody actually uses postgres as a setuid program,
403 * trying to actively fix this situation seems more trouble than it's
404 * worth; we'll just expend the effort to check for it.)
405 */
406 if (getuid() != geteuid())
407 {
408 write_stderr("%s: real and effective user IDs must match\n",
409 progname);
410 exit(1);
411 }
412 #else /* WIN32 */
413 if (pgwin32_is_admin())
414 {
415 write_stderr("Execution of PostgreSQL by a user with administrative permissions is not\n"
416 "permitted.\n"
417 "The server must be started under an unprivileged user ID to prevent\n"
418 "possible system security compromises. See the documentation for\n"
419 "more information on how to properly start the server.\n");
420 exit(1);
421 }
422 #endif /* WIN32 */
423 }
424