1 /*-------------------------------------------------------------------------
3 * pg_ctl --- start/stops/restarts the PostgreSQL server
5 * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
7 * $PostgreSQL: pgsql/src/bin/pg_ctl/pg_ctl.c,v 1.112 2009/08/27 16:59:38 tgl Exp $
9 *-------------------------------------------------------------------------
14 * Need this to get defines for restricted tokens and jobs. And it
15 * has to be set before any header from the Win32 API is loaded.
17 #define _WIN32_WINNT 0x0500
20 #include "postgres_fe.h"
25 #include <sys/types.h>
29 #ifdef HAVE_SYS_RESOURCE_H
31 #include <sys/resource.h>
34 #include "libpq/pqsignal.h"
35 #include "getopt_long.h"
36 #include "miscadmin.h"
38 #if defined(__CYGWIN__)
39 #include <sys/cygwin.h>
41 /* Cygwin defines WIN32 in windows.h, but we don't want it. */
45 /* PID can be negative for standalone backend */
68 RUN_AS_SERVICE_COMMAND
71 #define DEFAULT_WAIT 60
73 static bool do_wait = false;
74 static bool wait_set = false;
75 static int wait_seconds = DEFAULT_WAIT;
76 static bool silent_mode = false;
77 static ShutdownMode shutdown_mode = SMART_MODE;
78 static int sig = SIGTERM; /* default */
79 static CtlCommand ctl_command = NO_COMMAND;
80 static char *pg_data = NULL;
81 static char *pgdata_opt = NULL;
82 static char *post_opts = NULL;
83 static const char *progname;
84 static char *log_file = NULL;
85 static char *postgres_path = NULL;
86 static char *register_servicename = "PostgreSQL"; /* FIXME: + version ID? */
87 static char *register_username = NULL;
88 static char *register_password = NULL;
89 static char *argv0 = NULL;
90 static bool allow_core_files = false;
93 write_stderr(const char *fmt,...)
94 /* This extension allows gcc to check the format string for consistency with
95 the supplied arguments. */
96 __attribute__((format(printf, 1, 2)));
97 static void *pg_malloc(size_t size);
98 static char *xstrdup(const char *s);
99 static void do_advice(void);
100 static void do_help(void);
101 static void set_mode(char *modeopt);
102 static void set_sig(char *signame);
103 static void do_start(void);
104 static void do_stop(void);
105 static void do_restart(void);
106 static void do_reload(void);
107 static void do_status(void);
108 static void do_kill(pgpid_t pid);
109 static void print_msg(const char *msg);
111 #if defined(WIN32) || defined(__CYGWIN__)
112 static bool pgwin32_IsInstalled(SC_HANDLE);
113 static char *pgwin32_CommandLine(bool);
114 static void pgwin32_doRegister(void);
115 static void pgwin32_doUnregister(void);
116 static void pgwin32_SetServiceStatus(DWORD);
117 static void WINAPI pgwin32_ServiceHandler(DWORD);
118 static void WINAPI pgwin32_ServiceMain(DWORD, LPTSTR *);
119 static void pgwin32_doRunAsService(void);
120 static int CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, bool as_service);
122 static SERVICE_STATUS status;
123 static SERVICE_STATUS_HANDLE hStatus = (SERVICE_STATUS_HANDLE) 0;
124 static HANDLE shutdownHandles[2];
125 static pid_t postmasterPID = -1;
127 #define shutdownEvent shutdownHandles[0]
128 #define postmasterProcess shutdownHandles[1]
131 static pgpid_t get_pgpid(void);
132 static char **readfile(const char *path);
133 static int start_postmaster(void);
134 static void read_post_opts(void);
136 static bool test_postmaster_connection(bool);
137 static bool postmaster_is_alive(pid_t pid);
139 static char postopts_file[MAXPGPATH];
140 static char pid_file[MAXPGPATH];
141 static char conf_file[MAXPGPATH];
142 static char backup_file[MAXPGPATH];
144 #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
145 static void unlimit_core_size(void);
149 #if defined(WIN32) || defined(__CYGWIN__)
151 write_eventlog(int level, const char *line)
153 static HANDLE evtHandle = INVALID_HANDLE_VALUE;
155 if (evtHandle == INVALID_HANDLE_VALUE)
157 evtHandle = RegisterEventSource(NULL, "PostgreSQL");
158 if (evtHandle == NULL)
160 evtHandle = INVALID_HANDLE_VALUE;
165 ReportEvent(evtHandle,
168 0, /* All events are Id 0 */
178 * Write errors to stderr (or by equal means when stderr is
182 write_stderr(const char *fmt,...)
187 #if !defined(WIN32) && !defined(__CYGWIN__)
188 /* On Unix, we just fprintf to stderr */
189 vfprintf(stderr, fmt, ap);
193 * On Win32, we print to stderr if running on a console, or write to
194 * eventlog if running as a service
196 if (!isatty(fileno(stderr))) /* Running as a service */
198 char errbuf[2048]; /* Arbitrary size? */
200 vsnprintf(errbuf, sizeof(errbuf), fmt, ap);
202 write_eventlog(EVENTLOG_ERROR_TYPE, errbuf);
205 /* Not running as service, write to stderr */
206 vfprintf(stderr, fmt, ap);
212 * routines to check memory allocations and fail noisily.
216 pg_malloc(size_t size)
220 result = malloc(size);
223 write_stderr(_("%s: out of memory\n"), progname);
231 xstrdup(const char *s)
238 write_stderr(_("%s: out of memory\n"), progname);
245 * Given an already-localized string, print it to stdout unless the
246 * user has specified that no messages should be printed.
249 print_msg(const char *msg)
264 pidf = fopen(pid_file, "r");
267 /* No pid file, not an error on startup */
272 write_stderr(_("%s: could not open PID file \"%s\": %s\n"),
273 progname, pid_file, strerror(errno));
277 if (fscanf(pidf, "%ld", &pid) != 1)
279 write_stderr(_("%s: invalid data in PID file \"%s\"\n"),
284 return (pgpid_t) pid;
289 * get the lines from a text file - return NULL if file can't be opened
292 readfile(const char *path)
302 if ((infile = fopen(path, "r")) == NULL)
305 /* pass over the file twice - the first time to size the result */
307 while ((c = fgetc(infile)) != EOF)
313 if (linelen > maxlength)
319 /* handle last line without a terminating newline (yuck) */
322 if (linelen > maxlength)
325 /* set up the result and the line buffer */
326 result = (char **) pg_malloc((nlines + 1) * sizeof(char *));
327 buffer = (char *) pg_malloc(maxlength + 1);
329 /* now reprocess the file and store the lines */
332 while (fgets(buffer, maxlength + 1, infile) != NULL)
333 result[nlines++] = xstrdup(buffer);
337 result[nlines] = NULL;
345 * start/test/stop routines
349 start_postmaster(void)
356 * Since there might be quotes to handle here, it is easier simply to pass
357 * everything to a shell to process them.
359 if (log_file != NULL)
360 snprintf(cmd, MAXPGPATH, SYSTEMQUOTE "\"%s\" %s%s < \"%s\" >> \"%s\" 2>&1 &" SYSTEMQUOTE,
361 postgres_path, pgdata_opt, post_opts,
364 snprintf(cmd, MAXPGPATH, SYSTEMQUOTE "\"%s\" %s%s < \"%s\" 2>&1 &" SYSTEMQUOTE,
365 postgres_path, pgdata_opt, post_opts, DEVNULL);
371 * On win32 we don't use system(). So we don't need to use & (which would
372 * be START /B on win32). However, we still call the shell (CMD.EXE) with
373 * it to handle redirection etc.
375 PROCESS_INFORMATION pi;
377 if (log_file != NULL)
378 snprintf(cmd, MAXPGPATH, "CMD /C " SYSTEMQUOTE "\"%s\" %s%s < \"%s\" >> \"%s\" 2>&1" SYSTEMQUOTE,
379 postgres_path, pgdata_opt, post_opts, DEVNULL, log_file);
381 snprintf(cmd, MAXPGPATH, "CMD /C " SYSTEMQUOTE "\"%s\" %s%s < \"%s\" 2>&1" SYSTEMQUOTE,
382 postgres_path, pgdata_opt, post_opts, DEVNULL);
384 if (!CreateRestrictedProcess(cmd, &pi, false))
385 return GetLastError();
386 CloseHandle(pi.hProcess);
387 CloseHandle(pi.hThread);
395 * Find the pgport and try a connection
396 * Note that the checkpoint parameter enables a Windows service control
397 * manager checkpoint, it's got nothing to do with database checkpoints!!
400 test_postmaster_connection(bool do_checkpoint)
403 bool success = false;
408 char connstr[128]; /* Should be way more than enough! */
413 * Look in post_opts for a -p switch.
415 * This parsing code is not amazingly bright; it could for instance get
416 * fooled if ' -p' occurs within a quoted argument value. Given that few
417 * people pass complicated settings in post_opts, it's probably good
420 for (p = post_opts; *p;)
422 /* advance past whitespace */
423 while (isspace((unsigned char) *p))
426 if (strncmp(p, "-p", 2) == 0)
429 /* advance past any whitespace/quoting */
430 while (isspace((unsigned char) *p) || *p == '\'' || *p == '"')
432 /* find end of value (not including any ending quote!) */
435 !(isspace((unsigned char) *q) || *q == '\'' || *q == '"'))
437 /* and save the argument value */
438 strlcpy(portstr, p, Min((q - p) + 1, sizeof(portstr)));
439 /* keep looking, maybe there is another -p */
442 /* Advance to next whitespace */
443 while (*p && !isspace((unsigned char) *p))
448 * Search config file for a 'port' option.
450 * This parsing code isn't amazingly bright either, but it should be okay
451 * for valid port settings.
457 optlines = readfile(conf_file);
458 if (optlines != NULL)
460 for (; *optlines != NULL; optlines++)
464 while (isspace((unsigned char) *p))
466 if (strncmp(p, "port", 4) != 0)
469 while (isspace((unsigned char) *p))
474 /* advance past any whitespace/quoting */
475 while (isspace((unsigned char) *p) || *p == '\'' || *p == '"')
477 /* find end of value (not including any ending quote/comment!) */
480 !(isspace((unsigned char) *q) ||
481 *q == '\'' || *q == '"' || *q == '#'))
483 /* and save the argument value */
484 strlcpy(portstr, p, Min((q - p) + 1, sizeof(portstr)));
485 /* keep looking, maybe there is another */
490 /* Check environment */
491 if (!*portstr && getenv("PGPORT") != NULL)
492 strlcpy(portstr, getenv("PGPORT"), sizeof(portstr));
494 /* Else use compiled-in default */
496 snprintf(portstr, sizeof(portstr), "%d", DEF_PGPORT);
499 * We need to set a connect timeout otherwise on Windows the SCM will
500 * probably timeout first
502 snprintf(connstr, sizeof(connstr),
503 "dbname=postgres port=%s connect_timeout=5", portstr);
505 for (i = 0; i < wait_seconds; i++)
507 if ((conn = PQconnectdb(connstr)) != NULL &&
508 (PQstatus(conn) == CONNECTION_OK ||
509 PQconnectionNeedsPassword(conn)))
523 * Increment the wait hint by 6 secs (connection timeout +
524 * sleep) We must do this to indicate to the SCM that our
525 * startup time is changing, otherwise it'll usually send a
526 * stop signal after 20 seconds, despite incrementing the
527 * checkpoint counter.
529 status.dwWaitHint += 6000;
530 status.dwCheckPoint++;
531 SetServiceStatus(hStatus, (LPSERVICE_STATUS) &status);
538 pg_usleep(1000000); /* 1 sec */
546 #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
548 unlimit_core_size(void)
552 getrlimit(RLIMIT_CORE, &lim);
553 if (lim.rlim_max == 0)
555 write_stderr(_("%s: cannot set core file size limit; disallowed by hard limit\n"),
559 else if (lim.rlim_max == RLIM_INFINITY || lim.rlim_cur < lim.rlim_max)
561 lim.rlim_cur = lim.rlim_max;
562 setrlimit(RLIMIT_CORE, &lim);
570 if (post_opts == NULL)
572 post_opts = ""; /* default */
573 if (ctl_command == RESTART_COMMAND)
577 optlines = readfile(postopts_file);
578 if (optlines == NULL)
580 write_stderr(_("%s: could not read file \"%s\"\n"), progname, postopts_file);
583 else if (optlines[0] == NULL || optlines[1] != NULL)
585 write_stderr(_("%s: option file \"%s\" must have exactly one line\n"),
586 progname, postopts_file);
595 optline = optlines[0];
596 /* trim off line endings */
597 len = strcspn(optline, "\r\n");
601 * Are we at the first option, as defined by space and
604 if ((arg1 = strstr(optline, " \"")) != NULL)
606 *arg1 = '\0'; /* terminate so we get only program
608 post_opts = arg1 + 1; /* point past whitespace */
610 if (postgres_path == NULL)
611 postgres_path = optline;
624 if (ctl_command != RESTART_COMMAND)
626 old_pid = get_pgpid();
628 write_stderr(_("%s: another server might be running; "
629 "trying to start server anyway\n"),
635 /* No -D or -D already added during server start */
636 if (ctl_command == RESTART_COMMAND || pgdata_opt == NULL)
639 if (postgres_path == NULL)
641 char *postmaster_path;
644 postmaster_path = pg_malloc(MAXPGPATH);
646 if ((ret = find_other_exec(argv0, "postgres", PG_BACKEND_VERSIONSTR,
647 postmaster_path)) < 0)
649 char full_path[MAXPGPATH];
651 if (find_my_exec(argv0, full_path) < 0)
652 strlcpy(full_path, progname, sizeof(full_path));
655 write_stderr(_("The program \"postgres\" is needed by %s "
656 "but was not found in the\n"
657 "same directory as \"%s\".\n"
658 "Check your installation.\n"),
659 progname, full_path);
661 write_stderr(_("The program \"postgres\" was found by \"%s\"\n"
662 "but was not the same version as %s.\n"
663 "Check your installation.\n"),
664 full_path, progname);
667 postgres_path = postmaster_path;
670 #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
671 if (allow_core_files)
676 * If possible, tell the postmaster our parent shell's PID (see the
677 * comments in CreateLockFile() for motivation). Windows hasn't got
678 * getppid() unfortunately.
682 static char env_var[32];
684 snprintf(env_var, sizeof(env_var), "PG_GRANDPARENT_PID=%d",
690 exitcode = start_postmaster();
693 write_stderr(_("%s: could not start server: exit code was %d\n"),
704 write_stderr(_("%s: could not start server\n"
705 "Examine the log output.\n"),
713 print_msg(_("waiting for server to start..."));
715 if (test_postmaster_connection(false) == false)
717 printf(_("could not start server\n"));
722 print_msg(_(" done\n"));
723 print_msg(_("server started\n"));
727 print_msg(_("server starting\n"));
740 if (pid == 0) /* no pid file */
742 write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
743 write_stderr(_("Is server running?\n"));
746 else if (pid < 0) /* standalone backend, not postmaster */
749 write_stderr(_("%s: cannot stop server; "
750 "single-user server is running (PID: %ld)\n"),
755 if (kill((pid_t) pid, sig) != 0)
757 write_stderr(_("%s: could not send stop signal (PID: %ld): %s\n"), progname, pid,
764 print_msg(_("server shutting down\n"));
769 if ((shutdown_mode == SMART_MODE) && (stat(backup_file, &statbuf) == 0))
771 print_msg(_("WARNING: online backup mode is active\n"
772 "Shutdown will not complete until pg_stop_backup() is called.\n\n"));
775 print_msg(_("waiting for server to shut down..."));
777 for (cnt = 0; cnt < wait_seconds; cnt++)
779 if ((pid = get_pgpid()) != 0)
782 pg_usleep(1000000); /* 1 sec */
788 if (pid != 0) /* pid file still exists */
790 print_msg(_(" failed\n"));
792 write_stderr(_("%s: server does not shut down\n"), progname);
795 print_msg(_(" done\n"));
797 printf(_("server stopped\n"));
803 * restart/reload routines
815 if (pid == 0) /* no pid file */
817 write_stderr(_("%s: PID file \"%s\" does not exist\n"),
819 write_stderr(_("Is server running?\n"));
820 write_stderr(_("starting server anyway\n"));
824 else if (pid < 0) /* standalone backend, not postmaster */
827 if (postmaster_is_alive((pid_t) pid))
829 write_stderr(_("%s: cannot restart server; "
830 "single-user server is running (PID: %ld)\n"),
832 write_stderr(_("Please terminate the single-user server and try again.\n"));
837 if (postmaster_is_alive((pid_t) pid))
839 if (kill((pid_t) pid, sig) != 0)
841 write_stderr(_("%s: could not send stop signal (PID: %ld): %s\n"), progname, pid,
846 if ((shutdown_mode == SMART_MODE) && (stat(backup_file, &statbuf) == 0))
848 print_msg(_("WARNING: online backup mode is active\n"
849 "Shutdown will not complete until pg_stop_backup() is called.\n\n"));
852 print_msg(_("waiting for server to shut down..."));
854 /* always wait for restart */
856 for (cnt = 0; cnt < wait_seconds; cnt++)
858 if ((pid = get_pgpid()) != 0)
861 pg_usleep(1000000); /* 1 sec */
867 if (pid != 0) /* pid file still exists */
869 print_msg(_(" failed\n"));
871 write_stderr(_("%s: server does not shut down\n"), progname);
875 print_msg(_(" done\n"));
876 printf(_("server stopped\n"));
880 write_stderr(_("%s: old server process (PID: %ld) seems to be gone\n"),
882 write_stderr(_("starting server anyway\n"));
895 if (pid == 0) /* no pid file */
897 write_stderr(_("%s: PID file \"%s\" does not exist\n"), progname, pid_file);
898 write_stderr(_("Is server running?\n"));
901 else if (pid < 0) /* standalone backend, not postmaster */
904 write_stderr(_("%s: cannot reload server; "
905 "single-user server is running (PID: %ld)\n"),
907 write_stderr(_("Please terminate the single-user server and try again.\n"));
911 if (kill((pid_t) pid, sig) != 0)
913 write_stderr(_("%s: could not send reload signal (PID: %ld): %s\n"),
914 progname, pid, strerror(errno));
918 print_msg(_("server signaled\n"));
926 postmaster_is_alive(pid_t pid)
929 * Test to see if the process is still there. Note that we do not
930 * consider an EPERM failure to mean that the process is still there;
931 * EPERM must mean that the given PID belongs to some other userid, and
932 * considering the permissions on $PGDATA, that means it's not the
933 * postmaster we are after.
935 * Don't believe that our own PID or parent shell's PID is the postmaster,
936 * either. (Windows hasn't got getppid(), though.)
941 if (pid == getppid())
944 if (kill(pid, 0) == 0)
955 if (pid != 0) /* 0 means no pid file */
957 if (pid < 0) /* standalone backend */
960 if (postmaster_is_alive((pid_t) pid))
962 printf(_("%s: single-user server is running (PID: %ld)\n"),
970 if (postmaster_is_alive((pid_t) pid))
974 printf(_("%s: server is running (PID: %ld)\n"),
977 optlines = readfile(postopts_file);
978 if (optlines != NULL)
979 for (; *optlines != NULL; optlines++)
980 fputs(*optlines, stdout);
985 printf(_("%s: no server running\n"), progname);
994 if (kill((pid_t) pid, sig) != 0)
996 write_stderr(_("%s: could not send signal %d (PID: %ld): %s\n"),
997 progname, sig, pid, strerror(errno));
1002 #if defined(WIN32) || defined(__CYGWIN__)
1005 pgwin32_IsInstalled(SC_HANDLE hSCM)
1007 SC_HANDLE hService = OpenService(hSCM, register_servicename, SERVICE_QUERY_CONFIG);
1008 bool bResult = (hService != NULL);
1011 CloseServiceHandle(hService);
1016 pgwin32_CommandLine(bool registration)
1018 static char cmdLine[MAXPGPATH];
1022 char buf[MAXPGPATH];
1027 ret = find_my_exec(argv0, cmdLine);
1030 write_stderr(_("%s: could not find own program executable\n"), progname);
1036 ret = find_other_exec(argv0, "postgres", PG_BACKEND_VERSIONSTR,
1040 write_stderr(_("%s: could not find postgres program executable\n"), progname);
1046 /* need to convert to windows path */
1047 cygwin_conv_to_full_win32_path(cmdLine, buf);
1048 strcpy(cmdLine, buf);
1053 if (pg_strcasecmp(cmdLine + strlen(cmdLine) - 4, ".exe"))
1055 /* If commandline does not end in .exe, append it */
1056 strcat(cmdLine, ".exe");
1058 strcat(cmdLine, " runservice -N \"");
1059 strcat(cmdLine, register_servicename);
1060 strcat(cmdLine, "\"");
1065 strcat(cmdLine, " -D \"");
1066 strcat(cmdLine, pg_data);
1067 strcat(cmdLine, "\"");
1070 if (registration && do_wait)
1071 strcat(cmdLine, " -w");
1073 if (registration && wait_seconds != DEFAULT_WAIT)
1075 sprintf(cmdLine + strlen(cmdLine), " -t %d", wait_seconds);
1079 strcat(cmdLine, " ");
1081 strcat(cmdLine, " -o \"");
1082 strcat(cmdLine, post_opts);
1084 strcat(cmdLine, "\"");
1091 pgwin32_doRegister(void)
1094 SC_HANDLE hSCM = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
1098 write_stderr(_("%s: could not open service manager\n"), progname);
1101 if (pgwin32_IsInstalled(hSCM))
1103 CloseServiceHandle(hSCM);
1104 write_stderr(_("%s: service \"%s\" already registered\n"), progname, register_servicename);
1108 if ((hService = CreateService(hSCM, register_servicename, register_servicename,
1109 SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS,
1110 SERVICE_AUTO_START, SERVICE_ERROR_NORMAL,
1111 pgwin32_CommandLine(true),
1112 NULL, NULL, "RPCSS\0", register_username, register_password)) == NULL)
1114 CloseServiceHandle(hSCM);
1115 write_stderr(_("%s: could not register service \"%s\": error code %d\n"), progname, register_servicename, (int) GetLastError());
1118 CloseServiceHandle(hService);
1119 CloseServiceHandle(hSCM);
1123 pgwin32_doUnregister(void)
1126 SC_HANDLE hSCM = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
1130 write_stderr(_("%s: could not open service manager\n"), progname);
1133 if (!pgwin32_IsInstalled(hSCM))
1135 CloseServiceHandle(hSCM);
1136 write_stderr(_("%s: service \"%s\" not registered\n"), progname, register_servicename);
1140 if ((hService = OpenService(hSCM, register_servicename, DELETE)) == NULL)
1142 CloseServiceHandle(hSCM);
1143 write_stderr(_("%s: could not open service \"%s\": error code %d\n"), progname, register_servicename, (int) GetLastError());
1146 if (!DeleteService(hService))
1148 CloseServiceHandle(hService);
1149 CloseServiceHandle(hSCM);
1150 write_stderr(_("%s: could not unregister service \"%s\": error code %d\n"), progname, register_servicename, (int) GetLastError());
1153 CloseServiceHandle(hService);
1154 CloseServiceHandle(hSCM);
1158 pgwin32_SetServiceStatus(DWORD currentState)
1160 status.dwCurrentState = currentState;
1161 SetServiceStatus(hStatus, (LPSERVICE_STATUS) &status);
1165 pgwin32_ServiceHandler(DWORD request)
1169 case SERVICE_CONTROL_STOP:
1170 case SERVICE_CONTROL_SHUTDOWN:
1173 * We only need a short wait hint here as it just needs to wait
1174 * for the next checkpoint. They occur every 5 seconds during
1177 status.dwWaitHint = 10000;
1178 pgwin32_SetServiceStatus(SERVICE_STOP_PENDING);
1179 SetEvent(shutdownEvent);
1182 case SERVICE_CONTROL_PAUSE:
1183 /* Win32 config reloading */
1184 status.dwWaitHint = 5000;
1185 kill(postmasterPID, SIGHUP);
1188 /* FIXME: These could be used to replace other signals etc */
1189 case SERVICE_CONTROL_CONTINUE:
1190 case SERVICE_CONTROL_INTERROGATE:
1197 pgwin32_ServiceMain(DWORD argc, LPTSTR *argv)
1199 PROCESS_INFORMATION pi;
1201 DWORD check_point_start;
1203 /* Initialize variables */
1204 status.dwWin32ExitCode = S_OK;
1205 status.dwCheckPoint = 0;
1206 status.dwWaitHint = 60000;
1207 status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
1208 status.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN | SERVICE_ACCEPT_PAUSE_CONTINUE;
1209 status.dwServiceSpecificExitCode = 0;
1210 status.dwCurrentState = SERVICE_START_PENDING;
1212 memset(&pi, 0, sizeof(pi));
1216 /* Register the control request handler */
1217 if ((hStatus = RegisterServiceCtrlHandler(register_servicename, pgwin32_ServiceHandler)) == (SERVICE_STATUS_HANDLE) 0)
1220 if ((shutdownEvent = CreateEvent(NULL, true, false, NULL)) == NULL)
1223 /* Start the postmaster */
1224 pgwin32_SetServiceStatus(SERVICE_START_PENDING);
1225 if (!CreateRestrictedProcess(pgwin32_CommandLine(false), &pi, true))
1227 pgwin32_SetServiceStatus(SERVICE_STOPPED);
1230 postmasterPID = pi.dwProcessId;
1231 postmasterProcess = pi.hProcess;
1232 CloseHandle(pi.hThread);
1236 write_eventlog(EVENTLOG_INFORMATION_TYPE, _("Waiting for server startup...\n"));
1237 if (test_postmaster_connection(true) == false)
1239 write_eventlog(EVENTLOG_INFORMATION_TYPE, _("Timed out waiting for server startup\n"));
1240 pgwin32_SetServiceStatus(SERVICE_STOPPED);
1243 write_eventlog(EVENTLOG_INFORMATION_TYPE, _("Server started and accepting connections\n"));
1247 * Save the checkpoint value as it might have been incremented in
1248 * test_postmaster_connection
1250 check_point_start = status.dwCheckPoint;
1252 pgwin32_SetServiceStatus(SERVICE_RUNNING);
1254 /* Wait for quit... */
1255 ret = WaitForMultipleObjects(2, shutdownHandles, FALSE, INFINITE);
1257 pgwin32_SetServiceStatus(SERVICE_STOP_PENDING);
1260 case WAIT_OBJECT_0: /* shutdown event */
1261 kill(postmasterPID, SIGINT);
1264 * Increment the checkpoint and try again Abort after 12
1265 * checkpoints as the postmaster has probably hung
1267 while (WaitForSingleObject(postmasterProcess, 5000) == WAIT_TIMEOUT && status.dwCheckPoint < 12)
1268 status.dwCheckPoint++;
1271 case (WAIT_OBJECT_0 + 1): /* postmaster went down */
1275 /* shouldn't get here? */
1279 CloseHandle(shutdownEvent);
1280 CloseHandle(postmasterProcess);
1282 pgwin32_SetServiceStatus(SERVICE_STOPPED);
1286 pgwin32_doRunAsService(void)
1288 SERVICE_TABLE_ENTRY st[] = {{register_servicename, pgwin32_ServiceMain},
1291 if (StartServiceCtrlDispatcher(st) == 0)
1293 write_stderr(_("%s: could not start service \"%s\": error code %d\n"), progname, register_servicename, (int) GetLastError());
1300 * Mingw headers are incomplete, and so are the libraries. So we have to load
1301 * a whole lot of API functions dynamically. Since we have to do this anyway,
1302 * also load the couple of functions that *do* exist in minwg headers but not
1303 * on NT4. That way, we don't break on NT4.
1305 typedef BOOL (WINAPI * __CreateRestrictedToken) (HANDLE, DWORD, DWORD, PSID_AND_ATTRIBUTES, DWORD, PLUID_AND_ATTRIBUTES, DWORD, PSID_AND_ATTRIBUTES, PHANDLE);
1306 typedef BOOL (WINAPI * __IsProcessInJob) (HANDLE, HANDLE, PBOOL);
1307 typedef HANDLE (WINAPI * __CreateJobObject) (LPSECURITY_ATTRIBUTES, LPCTSTR);
1308 typedef BOOL (WINAPI * __SetInformationJobObject) (HANDLE, JOBOBJECTINFOCLASS, LPVOID, DWORD);
1309 typedef BOOL (WINAPI * __AssignProcessToJobObject) (HANDLE, HANDLE);
1310 typedef BOOL (WINAPI * __QueryInformationJobObject) (HANDLE, JOBOBJECTINFOCLASS, LPVOID, DWORD, LPDWORD);
1312 /* Windows API define missing from MingW headers */
1313 #define DISABLE_MAX_PRIVILEGE 0x1
1316 * Create a restricted token, a job object sandbox, and execute the specified
1319 * Returns 0 on success, non-zero on failure, same as CreateProcess().
1321 * On NT4, or any other system not containing the required functions, will
1322 * launch the process under the current token without doing any modifications.
1324 * NOTE! Job object will only work when running as a service, because it's
1325 * automatically destroyed when pg_ctl exits.
1328 CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, bool as_service)
1334 HANDLE restrictedToken;
1335 SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
1336 SID_AND_ATTRIBUTES dropSids[2];
1338 /* Functions loaded dynamically */
1339 __CreateRestrictedToken _CreateRestrictedToken = NULL;
1340 __IsProcessInJob _IsProcessInJob = NULL;
1341 __CreateJobObject _CreateJobObject = NULL;
1342 __SetInformationJobObject _SetInformationJobObject = NULL;
1343 __AssignProcessToJobObject _AssignProcessToJobObject = NULL;
1344 __QueryInformationJobObject _QueryInformationJobObject = NULL;
1345 HANDLE Kernel32Handle;
1346 HANDLE Advapi32Handle;
1348 ZeroMemory(&si, sizeof(si));
1351 Advapi32Handle = LoadLibrary("ADVAPI32.DLL");
1352 if (Advapi32Handle != NULL)
1354 _CreateRestrictedToken = (__CreateRestrictedToken) GetProcAddress(Advapi32Handle, "CreateRestrictedToken");
1357 if (_CreateRestrictedToken == NULL)
1360 * NT4 doesn't have CreateRestrictedToken, so just call ordinary
1363 write_stderr("WARNING: cannot create restricted tokens on this platform\n");
1364 if (Advapi32Handle != NULL)
1365 FreeLibrary(Advapi32Handle);
1366 return CreateProcess(NULL, cmd, NULL, NULL, FALSE, 0, NULL, NULL, &si, processInfo);
1369 /* Open the current token to use as a base for the restricted one */
1370 if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &origToken))
1372 write_stderr("Failed to open process token: %lu\n", GetLastError());
1376 /* Allocate list of SIDs to remove */
1377 ZeroMemory(&dropSids, sizeof(dropSids));
1378 if (!AllocateAndInitializeSid(&NtAuthority, 2,
1379 SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0,
1380 0, &dropSids[0].Sid) ||
1381 !AllocateAndInitializeSid(&NtAuthority, 2,
1382 SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS, 0, 0, 0, 0, 0,
1383 0, &dropSids[1].Sid))
1385 write_stderr("Failed to allocate SIDs: %lu\n", GetLastError());
1389 b = _CreateRestrictedToken(origToken,
1390 DISABLE_MAX_PRIVILEGE,
1391 sizeof(dropSids) / sizeof(dropSids[0]),
1397 FreeSid(dropSids[1].Sid);
1398 FreeSid(dropSids[0].Sid);
1399 CloseHandle(origToken);
1400 FreeLibrary(Advapi32Handle);
1404 write_stderr("Failed to create restricted token: %lu\n", GetLastError());
1408 r = CreateProcessAsUser(restrictedToken, NULL, cmd, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, &si, processInfo);
1410 Kernel32Handle = LoadLibrary("KERNEL32.DLL");
1411 if (Kernel32Handle != NULL)
1413 _IsProcessInJob = (__IsProcessInJob) GetProcAddress(Kernel32Handle, "IsProcessInJob");
1414 _CreateJobObject = (__CreateJobObject) GetProcAddress(Kernel32Handle, "CreateJobObjectA");
1415 _SetInformationJobObject = (__SetInformationJobObject) GetProcAddress(Kernel32Handle, "SetInformationJobObject");
1416 _AssignProcessToJobObject = (__AssignProcessToJobObject) GetProcAddress(Kernel32Handle, "AssignProcessToJobObject");
1417 _QueryInformationJobObject = (__QueryInformationJobObject) GetProcAddress(Kernel32Handle, "QueryInformationJobObject");
1420 /* Verify that we found all functions */
1421 if (_IsProcessInJob == NULL || _CreateJobObject == NULL || _SetInformationJobObject == NULL || _AssignProcessToJobObject == NULL || _QueryInformationJobObject == NULL)
1424 * IsProcessInJob() is not available on < WinXP, so there is no need
1425 * to log the error every time in that case
1429 osv.dwOSVersionInfoSize = sizeof(osv);
1430 if (!GetVersionEx(&osv) || /* could not get version */
1431 (osv.dwMajorVersion == 5 && osv.dwMinorVersion > 0) || /* 5.1=xp, 5.2=2003, etc */
1432 osv.dwMajorVersion > 5) /* anything newer should have the API */
1435 * Log error if we can't get version, or if we're on WinXP/2003 or
1438 write_stderr("WARNING: could not locate all job object functions in system API\n");
1444 if (_IsProcessInJob(processInfo->hProcess, NULL, &inJob))
1449 * Job objects are working, and the new process isn't in one,
1450 * so we can create one safely. If any problems show up when
1451 * setting it, we're going to ignore them.
1456 sprintf(jobname, "PostgreSQL_%lu", processInfo->dwProcessId);
1458 job = _CreateJobObject(NULL, jobname);
1461 JOBOBJECT_BASIC_LIMIT_INFORMATION basicLimit;
1462 JOBOBJECT_BASIC_UI_RESTRICTIONS uiRestrictions;
1463 JOBOBJECT_SECURITY_LIMIT_INFORMATION securityLimit;
1466 ZeroMemory(&basicLimit, sizeof(basicLimit));
1467 ZeroMemory(&uiRestrictions, sizeof(uiRestrictions));
1468 ZeroMemory(&securityLimit, sizeof(securityLimit));
1470 basicLimit.LimitFlags = JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION | JOB_OBJECT_LIMIT_PRIORITY_CLASS;
1471 basicLimit.PriorityClass = NORMAL_PRIORITY_CLASS;
1472 _SetInformationJobObject(job, JobObjectBasicLimitInformation, &basicLimit, sizeof(basicLimit));
1474 uiRestrictions.UIRestrictionsClass = JOB_OBJECT_UILIMIT_DESKTOP | JOB_OBJECT_UILIMIT_DISPLAYSETTINGS |
1475 JOB_OBJECT_UILIMIT_EXITWINDOWS | JOB_OBJECT_UILIMIT_READCLIPBOARD |
1476 JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS | JOB_OBJECT_UILIMIT_WRITECLIPBOARD;
1480 osv.dwOSVersionInfoSize = sizeof(osv);
1481 if (!GetVersionEx(&osv) ||
1482 osv.dwMajorVersion < 6 ||
1483 (osv.dwMajorVersion == 6 && osv.dwMinorVersion == 0))
1486 * On Windows 7 (and presumably later),
1487 * JOB_OBJECT_UILIMIT_HANDLES prevents us from
1488 * starting as a service. So we only enable it on
1489 * Vista and earlier (version <= 6.0)
1491 uiRestrictions.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_HANDLES;
1494 _SetInformationJobObject(job, JobObjectBasicUIRestrictions, &uiRestrictions, sizeof(uiRestrictions));
1496 securityLimit.SecurityLimitFlags = JOB_OBJECT_SECURITY_NO_ADMIN | JOB_OBJECT_SECURITY_ONLY_TOKEN;
1497 securityLimit.JobToken = restrictedToken;
1498 _SetInformationJobObject(job, JobObjectSecurityLimitInformation, &securityLimit, sizeof(securityLimit));
1500 _AssignProcessToJobObject(job, processInfo->hProcess);
1507 AddUserToDacl(processInfo->hProcess);
1510 CloseHandle(restrictedToken);
1512 ResumeThread(processInfo->hThread);
1514 FreeLibrary(Kernel32Handle);
1517 * We intentionally don't close the job object handle, because we want the
1518 * object to live on until pg_ctl shuts down.
1527 write_stderr(_("Try \"%s --help\" for more information.\n"), progname);
1535 printf(_("%s is a utility to start, stop, restart, reload configuration files,\n"
1536 "report the status of a PostgreSQL server, or signal a PostgreSQL process.\n\n"), progname);
1537 printf(_("Usage:\n"));
1538 printf(_(" %s start [-w] [-t SECS] [-D DATADIR] [-s] [-l FILENAME] [-o \"OPTIONS\"]\n"), progname);
1539 printf(_(" %s stop [-W] [-t SECS] [-D DATADIR] [-s] [-m SHUTDOWN-MODE]\n"), progname);
1540 printf(_(" %s restart [-w] [-t SECS] [-D DATADIR] [-s] [-m SHUTDOWN-MODE]\n"
1541 " [-o \"OPTIONS\"]\n"), progname);
1542 printf(_(" %s reload [-D DATADIR] [-s]\n"), progname);
1543 printf(_(" %s status [-D DATADIR]\n"), progname);
1544 printf(_(" %s kill SIGNALNAME PID\n"), progname);
1545 #if defined(WIN32) || defined(__CYGWIN__)
1546 printf(_(" %s register [-N SERVICENAME] [-U USERNAME] [-P PASSWORD] [-D DATADIR]\n"
1547 " [-w] [-t SECS] [-o \"OPTIONS\"]\n"), progname);
1548 printf(_(" %s unregister [-N SERVICENAME]\n"), progname);
1551 printf(_("\nCommon options:\n"));
1552 printf(_(" -D, --pgdata DATADIR location of the database storage area\n"));
1553 printf(_(" -s, --silent only print errors, no informational messages\n"));
1554 printf(_(" -t SECS seconds to wait when using -w option\n"));
1555 printf(_(" -w wait until operation completes\n"));
1556 printf(_(" -W do not wait until operation completes\n"));
1557 printf(_(" --help show this help, then exit\n"));
1558 printf(_(" --version output version information, then exit\n"));
1559 printf(_("(The default is to wait for shutdown, but not for start or restart.)\n\n"));
1560 printf(_("If the -D option is omitted, the environment variable PGDATA is used.\n"));
1562 printf(_("\nOptions for start or restart:\n"));
1563 #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_CORE)
1564 printf(_(" -c, --core-files allow postgres to produce core files\n"));
1566 printf(_(" -c, --core-files not applicable on this platform\n"));
1568 printf(_(" -l, --log FILENAME write (or append) server log to FILENAME\n"));
1569 printf(_(" -o OPTIONS command line options to pass to postgres\n"
1570 " (PostgreSQL server executable)\n"));
1571 printf(_(" -p PATH-TO-POSTGRES normally not necessary\n"));
1572 printf(_("\nOptions for stop or restart:\n"));
1573 printf(_(" -m SHUTDOWN-MODE can be \"smart\", \"fast\", or \"immediate\"\n"));
1575 printf(_("\nShutdown modes are:\n"));
1576 printf(_(" smart quit after all clients have disconnected\n"));
1577 printf(_(" fast quit directly, with proper shutdown\n"));
1578 printf(_(" immediate quit without complete shutdown; will lead to recovery on restart\n"));
1580 printf(_("\nAllowed signal names for kill:\n"));
1581 printf(" HUP INT QUIT ABRT TERM USR1 USR2\n");
1583 #if defined(WIN32) || defined(__CYGWIN__)
1584 printf(_("\nOptions for register and unregister:\n"));
1585 printf(_(" -N SERVICENAME service name with which to register PostgreSQL server\n"));
1586 printf(_(" -P PASSWORD password of account to register PostgreSQL server\n"));
1587 printf(_(" -U USERNAME user name of account to register PostgreSQL server\n"));
1590 printf(_("\nReport bugs to <pgsql-bugs@postgresql.org>.\n"));
1596 set_mode(char *modeopt)
1598 if (strcmp(modeopt, "s") == 0 || strcmp(modeopt, "smart") == 0)
1600 shutdown_mode = SMART_MODE;
1603 else if (strcmp(modeopt, "f") == 0 || strcmp(modeopt, "fast") == 0)
1605 shutdown_mode = FAST_MODE;
1608 else if (strcmp(modeopt, "i") == 0 || strcmp(modeopt, "immediate") == 0)
1610 shutdown_mode = IMMEDIATE_MODE;
1615 write_stderr(_("%s: unrecognized shutdown mode \"%s\"\n"), progname, modeopt);
1624 set_sig(char *signame)
1626 if (!strcmp(signame, "HUP"))
1628 else if (!strcmp(signame, "INT"))
1630 else if (!strcmp(signame, "QUIT"))
1632 else if (!strcmp(signame, "ABRT"))
1636 * probably should NOT provide SIGKILL
1638 * else if (!strcmp(signame,"KILL")) sig = SIGKILL;
1640 else if (!strcmp(signame, "TERM"))
1642 else if (!strcmp(signame, "USR1"))
1644 else if (!strcmp(signame, "USR2"))
1648 write_stderr(_("%s: unrecognized signal name \"%s\"\n"), progname, signame);
1658 main(int argc, char **argv)
1660 static struct option long_options[] = {
1661 {"help", no_argument, NULL, '?'},
1662 {"version", no_argument, NULL, 'V'},
1663 {"log", required_argument, NULL, 'l'},
1664 {"mode", required_argument, NULL, 'm'},
1665 {"pgdata", required_argument, NULL, 'D'},
1666 {"silent", no_argument, NULL, 's'},
1667 {"timeout", required_argument, NULL, 't'},
1668 {"core-files", no_argument, NULL, 'c'},
1674 pgpid_t killproc = 0;
1676 #if defined(WIN32) || defined(__CYGWIN__)
1677 setvbuf(stderr, NULL, _IONBF, 0);
1680 progname = get_progname(argv[0]);
1681 set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pg_ctl"));
1684 * save argv[0] so do_start() can look for the postmaster if necessary. we
1685 * don't look for postmaster here because in many cases we won't need it.
1691 /* support --help and --version even if invoked as root */
1694 if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 ||
1695 strcmp(argv[1], "-?") == 0)
1700 else if (strcmp(argv[1], "-V") == 0 || strcmp(argv[1], "--version") == 0)
1702 puts("pg_ctl (PostgreSQL) " PG_VERSION);
1708 * Disallow running as root, to forestall any possible security holes.
1713 write_stderr(_("%s: cannot be run as root\n"
1714 "Please log in (using, e.g., \"su\") as the "
1715 "(unprivileged) user that will\n"
1716 "own the server process.\n"),
1723 * 'Action' can be before or after args so loop over both. Some
1724 * getopt_long() implementations will reorder argv[] to place all flags
1725 * first (GNU?), but we don't rely on it. Our /port version doesn't do
1730 /* process command-line options */
1731 while (optind < argc)
1733 while ((c = getopt_long(argc, argv, "cD:l:m:N:o:p:P:st:U:wW", long_options, &option_index)) != -1)
1740 char *env_var = pg_malloc(strlen(optarg) + 8);
1742 pgdata_D = xstrdup(optarg);
1743 canonicalize_path(pgdata_D);
1744 snprintf(env_var, strlen(optarg) + 8, "PGDATA=%s",
1749 * We could pass PGDATA just in an environment
1750 * variable but we do -D too for clearer postmaster
1753 pgdata_opt = pg_malloc(strlen(pgdata_D) + 7);
1754 snprintf(pgdata_opt, strlen(pgdata_D) + 7,
1760 log_file = xstrdup(optarg);
1766 register_servicename = xstrdup(optarg);
1769 post_opts = xstrdup(optarg);
1772 postgres_path = xstrdup(optarg);
1775 register_password = xstrdup(optarg);
1781 wait_seconds = atoi(optarg);
1784 if (strchr(optarg, '\\'))
1785 register_username = xstrdup(optarg);
1787 /* Prepend .\ for local accounts */
1789 register_username = malloc(strlen(optarg) + 3);
1790 if (!register_username)
1792 write_stderr(_("%s: out of memory\n"), progname);
1795 strcpy(register_username, ".\\");
1796 strcat(register_username, optarg);
1808 allow_core_files = true;
1811 /* getopt_long already issued a suitable error message */
1817 /* Process an action */
1820 if (ctl_command != NO_COMMAND)
1822 write_stderr(_("%s: too many command-line arguments (first is \"%s\")\n"), progname, argv[optind]);
1827 if (strcmp(argv[optind], "start") == 0)
1828 ctl_command = START_COMMAND;
1829 else if (strcmp(argv[optind], "stop") == 0)
1830 ctl_command = STOP_COMMAND;
1831 else if (strcmp(argv[optind], "restart") == 0)
1832 ctl_command = RESTART_COMMAND;
1833 else if (strcmp(argv[optind], "reload") == 0)
1834 ctl_command = RELOAD_COMMAND;
1835 else if (strcmp(argv[optind], "status") == 0)
1836 ctl_command = STATUS_COMMAND;
1837 else if (strcmp(argv[optind], "kill") == 0)
1839 if (argc - optind < 3)
1841 write_stderr(_("%s: missing arguments for kill mode\n"), progname);
1845 ctl_command = KILL_COMMAND;
1846 set_sig(argv[++optind]);
1847 killproc = atol(argv[++optind]);
1849 #if defined(WIN32) || defined(__CYGWIN__)
1850 else if (strcmp(argv[optind], "register") == 0)
1851 ctl_command = REGISTER_COMMAND;
1852 else if (strcmp(argv[optind], "unregister") == 0)
1853 ctl_command = UNREGISTER_COMMAND;
1854 else if (strcmp(argv[optind], "runservice") == 0)
1855 ctl_command = RUN_AS_SERVICE_COMMAND;
1859 write_stderr(_("%s: unrecognized operation mode \"%s\"\n"), progname, argv[optind]);
1867 if (ctl_command == NO_COMMAND)
1869 write_stderr(_("%s: no operation specified\n"), progname);
1874 /* Note we put any -D switch into the env var above */
1875 pg_data = getenv("PGDATA");
1878 pg_data = xstrdup(pg_data);
1879 canonicalize_path(pg_data);
1882 if (pg_data == NULL &&
1883 ctl_command != KILL_COMMAND && ctl_command != UNREGISTER_COMMAND)
1885 write_stderr(_("%s: no database directory specified "
1886 "and environment variable PGDATA unset\n"),
1894 switch (ctl_command)
1896 case RESTART_COMMAND:
1908 if (ctl_command == RELOAD_COMMAND)
1916 snprintf(postopts_file, MAXPGPATH, "%s/postmaster.opts", pg_data);
1917 snprintf(pid_file, MAXPGPATH, "%s/postmaster.pid", pg_data);
1918 snprintf(conf_file, MAXPGPATH, "%s/postgresql.conf", pg_data);
1919 snprintf(backup_file, MAXPGPATH, "%s/backup_label", pg_data);
1922 switch (ctl_command)
1924 case STATUS_COMMAND:
1933 case RESTART_COMMAND:
1936 case RELOAD_COMMAND:
1942 #if defined(WIN32) || defined(__CYGWIN__)
1943 case REGISTER_COMMAND:
1944 pgwin32_doRegister();
1946 case UNREGISTER_COMMAND:
1947 pgwin32_doUnregister();
1949 case RUN_AS_SERVICE_COMMAND:
1950 pgwin32_doRunAsService();