Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit09921f3

Browse files
committed
Refactor user-facing SQL functions signalling backends
This moves the system administration functions for signalling backendsfrom backend/utils/adt/misc.c into a separate file dedicated to backendsignalling. No new functionality is introduced in this commit.Author: Daniel GustafssonReviewed-by: Michael Paquier, Álvaro HerreraDiscussion:https://postgr.es/m/C2C7C3EC-CC5F-44B6-9C78-637C88BD7D14@yesql.se
1 parent803b130 commit09921f3

File tree

3 files changed

+217
-196
lines changed

3 files changed

+217
-196
lines changed

‎src/backend/storage/ipc/Makefile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ top_builddir = ../../../..
99
include$(top_builddir)/src/Makefile.global
1010

1111
OBJS = barrier.o dsm_impl.o dsm.o ipc.o ipci.o latch.o pmsignal.o procarray.o\
12-
procsignal.oshmem.o shmqueue.o shm_mq.o shm_toc.osinval.o\
13-
sinvaladt.o standby.o
12+
procsignal.o shmem.o shmqueue.o shm_mq.o shm_toc.osignalfuncs.o\
13+
sinval.osinvaladt.o standby.o
1414

1515
include$(top_srcdir)/src/backend/common.mk

‎src/backend/storage/ipc/signalfuncs.c

Lines changed: 215 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,215 @@
1+
/*-------------------------------------------------------------------------
2+
*
3+
* signalfuncs.c
4+
* Functions for signalling backends
5+
*
6+
* Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
7+
* Portions Copyright (c) 1994, Regents of the University of California
8+
*
9+
*
10+
* IDENTIFICATION
11+
* src/backend/storage/ipc/signalfuncs.c
12+
*
13+
*-------------------------------------------------------------------------
14+
*/
15+
#include"postgres.h"
16+
17+
#include<signal.h>
18+
19+
#include"catalog/pg_authid.h"
20+
#include"miscadmin.h"
21+
#include"postmaster/syslogger.h"
22+
#include"storage/pmsignal.h"
23+
#include"storage/proc.h"
24+
#include"storage/procarray.h"
25+
#include"utils/acl.h"
26+
#include"utils/builtins.h"
27+
28+
29+
/*
30+
* Send a signal to another backend.
31+
*
32+
* The signal is delivered if the user is either a superuser or the same
33+
* role as the backend being signaled. For "dangerous" signals, an explicit
34+
* check for superuser needs to be done prior to calling this function.
35+
*
36+
* Returns 0 on success, 1 on general failure, 2 on normal permission error
37+
* and 3 if the caller needs to be a superuser.
38+
*
39+
* In the event of a general failure (return code 1), a warning message will
40+
* be emitted. For permission errors, doing that is the responsibility of
41+
* the caller.
42+
*/
43+
#defineSIGNAL_BACKEND_SUCCESS 0
44+
#defineSIGNAL_BACKEND_ERROR 1
45+
#defineSIGNAL_BACKEND_NOPERMISSION 2
46+
#defineSIGNAL_BACKEND_NOSUPERUSER 3
47+
staticint
48+
pg_signal_backend(intpid,intsig)
49+
{
50+
PGPROC*proc=BackendPidGetProc(pid);
51+
52+
/*
53+
* BackendPidGetProc returns NULL if the pid isn't valid; but by the time
54+
* we reach kill(), a process for which we get a valid proc here might
55+
* have terminated on its own. There's no way to acquire a lock on an
56+
* arbitrary process to prevent that. But since so far all the callers of
57+
* this mechanism involve some request for ending the process anyway, that
58+
* it might end on its own first is not a problem.
59+
*/
60+
if (proc==NULL)
61+
{
62+
/*
63+
* This is just a warning so a loop-through-resultset will not abort
64+
* if one backend terminated on its own during the run.
65+
*/
66+
ereport(WARNING,
67+
(errmsg("PID %d is not a PostgreSQL server process",pid)));
68+
returnSIGNAL_BACKEND_ERROR;
69+
}
70+
71+
/* Only allow superusers to signal superuser-owned backends. */
72+
if (superuser_arg(proc->roleId)&& !superuser())
73+
returnSIGNAL_BACKEND_NOSUPERUSER;
74+
75+
/* Users can signal backends they have role membership in. */
76+
if (!has_privs_of_role(GetUserId(),proc->roleId)&&
77+
!has_privs_of_role(GetUserId(),DEFAULT_ROLE_SIGNAL_BACKENDID))
78+
returnSIGNAL_BACKEND_NOPERMISSION;
79+
80+
/*
81+
* Can the process we just validated above end, followed by the pid being
82+
* recycled for a new process, before reaching here? Then we'd be trying
83+
* to kill the wrong thing. Seems near impossible when sequential pid
84+
* assignment and wraparound is used. Perhaps it could happen on a system
85+
* where pid re-use is randomized. That race condition possibility seems
86+
* too unlikely to worry about.
87+
*/
88+
89+
/* If we have setsid(), signal the backend's whole process group */
90+
#ifdefHAVE_SETSID
91+
if (kill(-pid,sig))
92+
#else
93+
if (kill(pid,sig))
94+
#endif
95+
{
96+
/* Again, just a warning to allow loops */
97+
ereport(WARNING,
98+
(errmsg("could not send signal to process %d: %m",pid)));
99+
returnSIGNAL_BACKEND_ERROR;
100+
}
101+
returnSIGNAL_BACKEND_SUCCESS;
102+
}
103+
104+
/*
105+
* Signal to cancel a backend process. This is allowed if you are a member of
106+
* the role whose process is being canceled.
107+
*
108+
* Note that only superusers can signal superuser-owned processes.
109+
*/
110+
Datum
111+
pg_cancel_backend(PG_FUNCTION_ARGS)
112+
{
113+
intr=pg_signal_backend(PG_GETARG_INT32(0),SIGINT);
114+
115+
if (r==SIGNAL_BACKEND_NOSUPERUSER)
116+
ereport(ERROR,
117+
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
118+
(errmsg("must be a superuser to cancel superuser query"))));
119+
120+
if (r==SIGNAL_BACKEND_NOPERMISSION)
121+
ereport(ERROR,
122+
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
123+
(errmsg("must be a member of the role whose query is being canceled or member of pg_signal_backend"))));
124+
125+
PG_RETURN_BOOL(r==SIGNAL_BACKEND_SUCCESS);
126+
}
127+
128+
/*
129+
* Signal to terminate a backend process. This is allowed if you are a member
130+
* of the role whose process is being terminated.
131+
*
132+
* Note that only superusers can signal superuser-owned processes.
133+
*/
134+
Datum
135+
pg_terminate_backend(PG_FUNCTION_ARGS)
136+
{
137+
intr=pg_signal_backend(PG_GETARG_INT32(0),SIGTERM);
138+
139+
if (r==SIGNAL_BACKEND_NOSUPERUSER)
140+
ereport(ERROR,
141+
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
142+
(errmsg("must be a superuser to terminate superuser process"))));
143+
144+
if (r==SIGNAL_BACKEND_NOPERMISSION)
145+
ereport(ERROR,
146+
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
147+
(errmsg("must be a member of the role whose process is being terminated or member of pg_signal_backend"))));
148+
149+
PG_RETURN_BOOL(r==SIGNAL_BACKEND_SUCCESS);
150+
}
151+
152+
/*
153+
* Signal to reload the database configuration
154+
*
155+
* Permission checking for this function is managed through the normal
156+
* GRANT system.
157+
*/
158+
Datum
159+
pg_reload_conf(PG_FUNCTION_ARGS)
160+
{
161+
if (kill(PostmasterPid,SIGHUP))
162+
{
163+
ereport(WARNING,
164+
(errmsg("failed to send signal to postmaster: %m")));
165+
PG_RETURN_BOOL(false);
166+
}
167+
168+
PG_RETURN_BOOL(true);
169+
}
170+
171+
172+
/*
173+
* Rotate log file
174+
*
175+
* This function is kept to support adminpack 1.0.
176+
*/
177+
Datum
178+
pg_rotate_logfile(PG_FUNCTION_ARGS)
179+
{
180+
if (!superuser())
181+
ereport(ERROR,
182+
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
183+
(errmsg("must be superuser to rotate log files with adminpack 1.0"),
184+
errhint("Consider using pg_logfile_rotate(), which is part of core, instead."))));
185+
186+
if (!Logging_collector)
187+
{
188+
ereport(WARNING,
189+
(errmsg("rotation not possible because log collection not active")));
190+
PG_RETURN_BOOL(false);
191+
}
192+
193+
SendPostmasterSignal(PMSIGNAL_ROTATE_LOGFILE);
194+
PG_RETURN_BOOL(true);
195+
}
196+
197+
/*
198+
* Rotate log file
199+
*
200+
* Permission checking for this function is managed through the normal
201+
* GRANT system.
202+
*/
203+
Datum
204+
pg_rotate_logfile_v2(PG_FUNCTION_ARGS)
205+
{
206+
if (!Logging_collector)
207+
{
208+
ereport(WARNING,
209+
(errmsg("rotation not possible because log collection not active")));
210+
PG_RETURN_BOOL(false);
211+
}
212+
213+
SendPostmasterSignal(PMSIGNAL_ROTATE_LOGFILE);
214+
PG_RETURN_BOOL(true);
215+
}

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp