Header And Logo
|
00001 /*------------------------------------------------------------------------- 00002 * 00003 * dbcommands.c 00004 * Database management commands (create/drop database). 00005 * 00006 * Note: database creation/destruction commands use exclusive locks on 00007 * the database objects (as expressed by LockSharedObject()) to avoid 00008 * stepping on each others' toes. Formerly we used table-level locks 00009 * on pg_database, but that's too coarse-grained. 00010 * 00011 * Portions Copyright (c) 1996-2013, PostgreSQL Global Development Group 00012 * Portions Copyright (c) 1994, Regents of the University of California 00013 * 00014 * 00015 * IDENTIFICATION 00016 * src/backend/commands/dbcommands.c 00017 * 00018 *------------------------------------------------------------------------- 00019 */ 00020 #include "postgres.h" 00021 00022 #include <fcntl.h> 00023 #include <locale.h> 00024 #include <unistd.h> 00025 #include <sys/stat.h> 00026 00027 #include "access/genam.h" 00028 #include "access/heapam.h" 00029 #include "access/htup_details.h" 00030 #include "access/xact.h" 00031 #include "access/xlogutils.h" 00032 #include "catalog/catalog.h" 00033 #include "catalog/dependency.h" 00034 #include "catalog/indexing.h" 00035 #include "catalog/objectaccess.h" 00036 #include "catalog/pg_authid.h" 00037 #include "catalog/pg_database.h" 00038 #include "catalog/pg_db_role_setting.h" 00039 #include "catalog/pg_tablespace.h" 00040 #include "commands/comment.h" 00041 #include "commands/dbcommands.h" 00042 #include "commands/seclabel.h" 00043 #include "commands/tablespace.h" 00044 #include "mb/pg_wchar.h" 00045 #include "miscadmin.h" 00046 #include "pgstat.h" 00047 #include "postmaster/bgwriter.h" 00048 #include "storage/copydir.h" 00049 #include "storage/fd.h" 00050 #include "storage/lmgr.h" 00051 #include "storage/ipc.h" 00052 #include "storage/procarray.h" 00053 #include "storage/smgr.h" 00054 #include "utils/acl.h" 00055 #include "utils/builtins.h" 00056 #include "utils/fmgroids.h" 00057 #include "utils/pg_locale.h" 00058 #include "utils/snapmgr.h" 00059 #include "utils/syscache.h" 00060 #include "utils/tqual.h" 00061 00062 00063 typedef struct 00064 { 00065 Oid src_dboid; /* source (template) DB */ 00066 Oid dest_dboid; /* DB we are trying to create */ 00067 } createdb_failure_params; 00068 00069 typedef struct 00070 { 00071 Oid dest_dboid; /* DB we are trying to move */ 00072 Oid dest_tsoid; /* tablespace we are trying to move to */ 00073 } movedb_failure_params; 00074 00075 /* non-export function prototypes */ 00076 static void createdb_failure_callback(int code, Datum arg); 00077 static void movedb(const char *dbname, const char *tblspcname); 00078 static void movedb_failure_callback(int code, Datum arg); 00079 static bool get_db_info(const char *name, LOCKMODE lockmode, 00080 Oid *dbIdP, Oid *ownerIdP, 00081 int *encodingP, bool *dbIsTemplateP, bool *dbAllowConnP, 00082 Oid *dbLastSysOidP, TransactionId *dbFrozenXidP, 00083 MultiXactId *dbMinMultiP, 00084 Oid *dbTablespace, char **dbCollate, char **dbCtype); 00085 static bool have_createdb_privilege(void); 00086 static void remove_dbtablespaces(Oid db_id); 00087 static bool check_db_file_conflict(Oid db_id); 00088 static int errdetail_busy_db(int notherbackends, int npreparedxacts); 00089 00090 00091 /* 00092 * CREATE DATABASE 00093 */ 00094 Oid 00095 createdb(const CreatedbStmt *stmt) 00096 { 00097 HeapScanDesc scan; 00098 Relation rel; 00099 Oid src_dboid; 00100 Oid src_owner; 00101 int src_encoding; 00102 char *src_collate; 00103 char *src_ctype; 00104 bool src_istemplate; 00105 bool src_allowconn; 00106 Oid src_lastsysoid; 00107 TransactionId src_frozenxid; 00108 MultiXactId src_minmxid; 00109 Oid src_deftablespace; 00110 volatile Oid dst_deftablespace; 00111 Relation pg_database_rel; 00112 HeapTuple tuple; 00113 Datum new_record[Natts_pg_database]; 00114 bool new_record_nulls[Natts_pg_database]; 00115 Oid dboid; 00116 Oid datdba; 00117 ListCell *option; 00118 DefElem *dtablespacename = NULL; 00119 DefElem *downer = NULL; 00120 DefElem *dtemplate = NULL; 00121 DefElem *dencoding = NULL; 00122 DefElem *dcollate = NULL; 00123 DefElem *dctype = NULL; 00124 DefElem *dconnlimit = NULL; 00125 char *dbname = stmt->dbname; 00126 char *dbowner = NULL; 00127 const char *dbtemplate = NULL; 00128 char *dbcollate = NULL; 00129 char *dbctype = NULL; 00130 char *canonname; 00131 int encoding = -1; 00132 int dbconnlimit = -1; 00133 int notherbackends; 00134 int npreparedxacts; 00135 createdb_failure_params fparms; 00136 Snapshot snapshot; 00137 00138 /* Extract options from the statement node tree */ 00139 foreach(option, stmt->options) 00140 { 00141 DefElem *defel = (DefElem *) lfirst(option); 00142 00143 if (strcmp(defel->defname, "tablespace") == 0) 00144 { 00145 if (dtablespacename) 00146 ereport(ERROR, 00147 (errcode(ERRCODE_SYNTAX_ERROR), 00148 errmsg("conflicting or redundant options"))); 00149 dtablespacename = defel; 00150 } 00151 else if (strcmp(defel->defname, "owner") == 0) 00152 { 00153 if (downer) 00154 ereport(ERROR, 00155 (errcode(ERRCODE_SYNTAX_ERROR), 00156 errmsg("conflicting or redundant options"))); 00157 downer = defel; 00158 } 00159 else if (strcmp(defel->defname, "template") == 0) 00160 { 00161 if (dtemplate) 00162 ereport(ERROR, 00163 (errcode(ERRCODE_SYNTAX_ERROR), 00164 errmsg("conflicting or redundant options"))); 00165 dtemplate = defel; 00166 } 00167 else if (strcmp(defel->defname, "encoding") == 0) 00168 { 00169 if (dencoding) 00170 ereport(ERROR, 00171 (errcode(ERRCODE_SYNTAX_ERROR), 00172 errmsg("conflicting or redundant options"))); 00173 dencoding = defel; 00174 } 00175 else if (strcmp(defel->defname, "lc_collate") == 0) 00176 { 00177 if (dcollate) 00178 ereport(ERROR, 00179 (errcode(ERRCODE_SYNTAX_ERROR), 00180 errmsg("conflicting or redundant options"))); 00181 dcollate = defel; 00182 } 00183 else if (strcmp(defel->defname, "lc_ctype") == 0) 00184 { 00185 if (dctype) 00186 ereport(ERROR, 00187 (errcode(ERRCODE_SYNTAX_ERROR), 00188 errmsg("conflicting or redundant options"))); 00189 dctype = defel; 00190 } 00191 else if (strcmp(defel->defname, "connectionlimit") == 0) 00192 { 00193 if (dconnlimit) 00194 ereport(ERROR, 00195 (errcode(ERRCODE_SYNTAX_ERROR), 00196 errmsg("conflicting or redundant options"))); 00197 dconnlimit = defel; 00198 } 00199 else if (strcmp(defel->defname, "location") == 0) 00200 { 00201 ereport(WARNING, 00202 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), 00203 errmsg("LOCATION is not supported anymore"), 00204 errhint("Consider using tablespaces instead."))); 00205 } 00206 else 00207 elog(ERROR, "option \"%s\" not recognized", 00208 defel->defname); 00209 } 00210 00211 if (downer && downer->arg) 00212 dbowner = strVal(downer->arg); 00213 if (dtemplate && dtemplate->arg) 00214 dbtemplate = strVal(dtemplate->arg); 00215 if (dencoding && dencoding->arg) 00216 { 00217 const char *encoding_name; 00218 00219 if (IsA(dencoding->arg, Integer)) 00220 { 00221 encoding = intVal(dencoding->arg); 00222 encoding_name = pg_encoding_to_char(encoding); 00223 if (strcmp(encoding_name, "") == 0 || 00224 pg_valid_server_encoding(encoding_name) < 0) 00225 ereport(ERROR, 00226 (errcode(ERRCODE_UNDEFINED_OBJECT), 00227 errmsg("%d is not a valid encoding code", 00228 encoding))); 00229 } 00230 else if (IsA(dencoding->arg, String)) 00231 { 00232 encoding_name = strVal(dencoding->arg); 00233 encoding = pg_valid_server_encoding(encoding_name); 00234 if (encoding < 0) 00235 ereport(ERROR, 00236 (errcode(ERRCODE_UNDEFINED_OBJECT), 00237 errmsg("%s is not a valid encoding name", 00238 encoding_name))); 00239 } 00240 else 00241 elog(ERROR, "unrecognized node type: %d", 00242 nodeTag(dencoding->arg)); 00243 } 00244 if (dcollate && dcollate->arg) 00245 dbcollate = strVal(dcollate->arg); 00246 if (dctype && dctype->arg) 00247 dbctype = strVal(dctype->arg); 00248 00249 if (dconnlimit && dconnlimit->arg) 00250 { 00251 dbconnlimit = intVal(dconnlimit->arg); 00252 if (dbconnlimit < -1) 00253 ereport(ERROR, 00254 (errcode(ERRCODE_INVALID_PARAMETER_VALUE), 00255 errmsg("invalid connection limit: %d", dbconnlimit))); 00256 } 00257 00258 /* obtain OID of proposed owner */ 00259 if (dbowner) 00260 datdba = get_role_oid(dbowner, false); 00261 else 00262 datdba = GetUserId(); 00263 00264 /* 00265 * To create a database, must have createdb privilege and must be able to 00266 * become the target role (this does not imply that the target role itself 00267 * must have createdb privilege). The latter provision guards against 00268 * "giveaway" attacks. Note that a superuser will always have both of 00269 * these privileges a fortiori. 00270 */ 00271 if (!have_createdb_privilege()) 00272 ereport(ERROR, 00273 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), 00274 errmsg("permission denied to create database"))); 00275 00276 check_is_member_of_role(GetUserId(), datdba); 00277 00278 /* 00279 * Lookup database (template) to be cloned, and obtain share lock on it. 00280 * ShareLock allows two CREATE DATABASEs to work from the same template 00281 * concurrently, while ensuring no one is busy dropping it in parallel 00282 * (which would be Very Bad since we'd likely get an incomplete copy 00283 * without knowing it). This also prevents any new connections from being 00284 * made to the source until we finish copying it, so we can be sure it 00285 * won't change underneath us. 00286 */ 00287 if (!dbtemplate) 00288 dbtemplate = "template1"; /* Default template database name */ 00289 00290 if (!get_db_info(dbtemplate, ShareLock, 00291 &src_dboid, &src_owner, &src_encoding, 00292 &src_istemplate, &src_allowconn, &src_lastsysoid, 00293 &src_frozenxid, &src_minmxid, &src_deftablespace, 00294 &src_collate, &src_ctype)) 00295 ereport(ERROR, 00296 (errcode(ERRCODE_UNDEFINED_DATABASE), 00297 errmsg("template database \"%s\" does not exist", 00298 dbtemplate))); 00299 00300 /* 00301 * Permission check: to copy a DB that's not marked datistemplate, you 00302 * must be superuser or the owner thereof. 00303 */ 00304 if (!src_istemplate) 00305 { 00306 if (!pg_database_ownercheck(src_dboid, GetUserId())) 00307 ereport(ERROR, 00308 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), 00309 errmsg("permission denied to copy database \"%s\"", 00310 dbtemplate))); 00311 } 00312 00313 /* If encoding or locales are defaulted, use source's setting */ 00314 if (encoding < 0) 00315 encoding = src_encoding; 00316 if (dbcollate == NULL) 00317 dbcollate = src_collate; 00318 if (dbctype == NULL) 00319 dbctype = src_ctype; 00320 00321 /* Some encodings are client only */ 00322 if (!PG_VALID_BE_ENCODING(encoding)) 00323 ereport(ERROR, 00324 (errcode(ERRCODE_WRONG_OBJECT_TYPE), 00325 errmsg("invalid server encoding %d", encoding))); 00326 00327 /* Check that the chosen locales are valid, and get canonical spellings */ 00328 if (!check_locale(LC_COLLATE, dbcollate, &canonname)) 00329 ereport(ERROR, 00330 (errcode(ERRCODE_WRONG_OBJECT_TYPE), 00331 errmsg("invalid locale name: \"%s\"", dbcollate))); 00332 dbcollate = canonname; 00333 if (!check_locale(LC_CTYPE, dbctype, &canonname)) 00334 ereport(ERROR, 00335 (errcode(ERRCODE_WRONG_OBJECT_TYPE), 00336 errmsg("invalid locale name: \"%s\"", dbctype))); 00337 dbctype = canonname; 00338 00339 check_encoding_locale_matches(encoding, dbcollate, dbctype); 00340 00341 /* 00342 * Check that the new encoding and locale settings match the source 00343 * database. We insist on this because we simply copy the source data --- 00344 * any non-ASCII data would be wrongly encoded, and any indexes sorted 00345 * according to the source locale would be wrong. 00346 * 00347 * However, we assume that template0 doesn't contain any non-ASCII data 00348 * nor any indexes that depend on collation or ctype, so template0 can be 00349 * used as template for creating a database with any encoding or locale. 00350 */ 00351 if (strcmp(dbtemplate, "template0") != 0) 00352 { 00353 if (encoding != src_encoding) 00354 ereport(ERROR, 00355 (errcode(ERRCODE_INVALID_PARAMETER_VALUE), 00356 errmsg("new encoding (%s) is incompatible with the encoding of the template database (%s)", 00357 pg_encoding_to_char(encoding), 00358 pg_encoding_to_char(src_encoding)), 00359 errhint("Use the same encoding as in the template database, or use template0 as template."))); 00360 00361 if (strcmp(dbcollate, src_collate) != 0) 00362 ereport(ERROR, 00363 (errcode(ERRCODE_INVALID_PARAMETER_VALUE), 00364 errmsg("new collation (%s) is incompatible with the collation of the template database (%s)", 00365 dbcollate, src_collate), 00366 errhint("Use the same collation as in the template database, or use template0 as template."))); 00367 00368 if (strcmp(dbctype, src_ctype) != 0) 00369 ereport(ERROR, 00370 (errcode(ERRCODE_INVALID_PARAMETER_VALUE), 00371 errmsg("new LC_CTYPE (%s) is incompatible with the LC_CTYPE of the template database (%s)", 00372 dbctype, src_ctype), 00373 errhint("Use the same LC_CTYPE as in the template database, or use template0 as template."))); 00374 } 00375 00376 /* Resolve default tablespace for new database */ 00377 if (dtablespacename && dtablespacename->arg) 00378 { 00379 char *tablespacename; 00380 AclResult aclresult; 00381 00382 tablespacename = strVal(dtablespacename->arg); 00383 dst_deftablespace = get_tablespace_oid(tablespacename, false); 00384 /* check permissions */ 00385 aclresult = pg_tablespace_aclcheck(dst_deftablespace, GetUserId(), 00386 ACL_CREATE); 00387 if (aclresult != ACLCHECK_OK) 00388 aclcheck_error(aclresult, ACL_KIND_TABLESPACE, 00389 tablespacename); 00390 00391 /* pg_global must never be the default tablespace */ 00392 if (dst_deftablespace == GLOBALTABLESPACE_OID) 00393 ereport(ERROR, 00394 (errcode(ERRCODE_INVALID_PARAMETER_VALUE), 00395 errmsg("pg_global cannot be used as default tablespace"))); 00396 00397 /* 00398 * If we are trying to change the default tablespace of the template, 00399 * we require that the template not have any files in the new default 00400 * tablespace. This is necessary because otherwise the copied 00401 * database would contain pg_class rows that refer to its default 00402 * tablespace both explicitly (by OID) and implicitly (as zero), which 00403 * would cause problems. For example another CREATE DATABASE using 00404 * the copied database as template, and trying to change its default 00405 * tablespace again, would yield outright incorrect results (it would 00406 * improperly move tables to the new default tablespace that should 00407 * stay in the same tablespace). 00408 */ 00409 if (dst_deftablespace != src_deftablespace) 00410 { 00411 char *srcpath; 00412 struct stat st; 00413 00414 srcpath = GetDatabasePath(src_dboid, dst_deftablespace); 00415 00416 if (stat(srcpath, &st) == 0 && 00417 S_ISDIR(st.st_mode) && 00418 !directory_is_empty(srcpath)) 00419 ereport(ERROR, 00420 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), 00421 errmsg("cannot assign new default tablespace \"%s\"", 00422 tablespacename), 00423 errdetail("There is a conflict because database \"%s\" already has some tables in this tablespace.", 00424 dbtemplate))); 00425 pfree(srcpath); 00426 } 00427 } 00428 else 00429 { 00430 /* Use template database's default tablespace */ 00431 dst_deftablespace = src_deftablespace; 00432 /* Note there is no additional permission check in this path */ 00433 } 00434 00435 /* 00436 * Check for db name conflict. This is just to give a more friendly error 00437 * message than "unique index violation". There's a race condition but 00438 * we're willing to accept the less friendly message in that case. 00439 */ 00440 if (OidIsValid(get_database_oid(dbname, true))) 00441 ereport(ERROR, 00442 (errcode(ERRCODE_DUPLICATE_DATABASE), 00443 errmsg("database \"%s\" already exists", dbname))); 00444 00445 /* 00446 * The source DB can't have any active backends, except this one 00447 * (exception is to allow CREATE DB while connected to template1). 00448 * Otherwise we might copy inconsistent data. 00449 * 00450 * This should be last among the basic error checks, because it involves 00451 * potential waiting; we may as well throw an error first if we're gonna 00452 * throw one. 00453 */ 00454 if (CountOtherDBBackends(src_dboid, ¬herbackends, &npreparedxacts)) 00455 ereport(ERROR, 00456 (errcode(ERRCODE_OBJECT_IN_USE), 00457 errmsg("source database \"%s\" is being accessed by other users", 00458 dbtemplate), 00459 errdetail_busy_db(notherbackends, npreparedxacts))); 00460 00461 /* 00462 * Select an OID for the new database, checking that it doesn't have a 00463 * filename conflict with anything already existing in the tablespace 00464 * directories. 00465 */ 00466 pg_database_rel = heap_open(DatabaseRelationId, RowExclusiveLock); 00467 00468 do 00469 { 00470 dboid = GetNewOid(pg_database_rel); 00471 } while (check_db_file_conflict(dboid)); 00472 00473 /* 00474 * Insert a new tuple into pg_database. This establishes our ownership of 00475 * the new database name (anyone else trying to insert the same name will 00476 * block on the unique index, and fail after we commit). 00477 */ 00478 00479 /* Form tuple */ 00480 MemSet(new_record, 0, sizeof(new_record)); 00481 MemSet(new_record_nulls, false, sizeof(new_record_nulls)); 00482 00483 new_record[Anum_pg_database_datname - 1] = 00484 DirectFunctionCall1(namein, CStringGetDatum(dbname)); 00485 new_record[Anum_pg_database_datdba - 1] = ObjectIdGetDatum(datdba); 00486 new_record[Anum_pg_database_encoding - 1] = Int32GetDatum(encoding); 00487 new_record[Anum_pg_database_datcollate - 1] = 00488 DirectFunctionCall1(namein, CStringGetDatum(dbcollate)); 00489 new_record[Anum_pg_database_datctype - 1] = 00490 DirectFunctionCall1(namein, CStringGetDatum(dbctype)); 00491 new_record[Anum_pg_database_datistemplate - 1] = BoolGetDatum(false); 00492 new_record[Anum_pg_database_datallowconn - 1] = BoolGetDatum(true); 00493 new_record[Anum_pg_database_datconnlimit - 1] = Int32GetDatum(dbconnlimit); 00494 new_record[Anum_pg_database_datlastsysoid - 1] = ObjectIdGetDatum(src_lastsysoid); 00495 new_record[Anum_pg_database_datfrozenxid - 1] = TransactionIdGetDatum(src_frozenxid); 00496 new_record[Anum_pg_database_datminmxid - 1] = TransactionIdGetDatum(src_minmxid); 00497 new_record[Anum_pg_database_dattablespace - 1] = ObjectIdGetDatum(dst_deftablespace); 00498 00499 /* 00500 * We deliberately set datacl to default (NULL), rather than copying it 00501 * from the template database. Copying it would be a bad idea when the 00502 * owner is not the same as the template's owner. 00503 */ 00504 new_record_nulls[Anum_pg_database_datacl - 1] = true; 00505 00506 tuple = heap_form_tuple(RelationGetDescr(pg_database_rel), 00507 new_record, new_record_nulls); 00508 00509 HeapTupleSetOid(tuple, dboid); 00510 00511 simple_heap_insert(pg_database_rel, tuple); 00512 00513 /* Update indexes */ 00514 CatalogUpdateIndexes(pg_database_rel, tuple); 00515 00516 /* 00517 * Now generate additional catalog entries associated with the new DB 00518 */ 00519 00520 /* Register owner dependency */ 00521 recordDependencyOnOwner(DatabaseRelationId, dboid, datdba); 00522 00523 /* Create pg_shdepend entries for objects within database */ 00524 copyTemplateDependencies(src_dboid, dboid); 00525 00526 /* Post creation hook for new database */ 00527 InvokeObjectPostCreateHook(DatabaseRelationId, dboid, 0); 00528 00529 /* 00530 * Force a checkpoint before starting the copy. This will force dirty 00531 * buffers out to disk, to ensure source database is up-to-date on disk 00532 * for the copy. FlushDatabaseBuffers() would suffice for that, but we 00533 * also want to process any pending unlink requests. Otherwise, if a 00534 * checkpoint happened while we're copying files, a file might be deleted 00535 * just when we're about to copy it, causing the lstat() call in copydir() 00536 * to fail with ENOENT. 00537 */ 00538 RequestCheckpoint(CHECKPOINT_IMMEDIATE | CHECKPOINT_FORCE | CHECKPOINT_WAIT); 00539 00540 /* 00541 * Take an MVCC snapshot to use while scanning through pg_tablespace. For 00542 * safety, register the snapshot (this prevents it from changing if 00543 * something else were to request a snapshot during the loop). 00544 * 00545 * Traversing pg_tablespace with an MVCC snapshot is necessary to provide 00546 * us with a consistent view of the tablespaces that exist. Using 00547 * SnapshotNow here would risk seeing the same tablespace multiple times, 00548 * or worse not seeing a tablespace at all, if its tuple is moved around 00549 * by a concurrent update (eg an ACL change). 00550 * 00551 * Inconsistency of this sort is inherent to all SnapshotNow scans, unless 00552 * some lock is held to prevent concurrent updates of the rows being 00553 * sought. There should be a generic fix for that, but in the meantime 00554 * it's worth fixing this case in particular because we are doing very 00555 * heavyweight operations within the scan, so that the elapsed time for 00556 * the scan is vastly longer than for most other catalog scans. That 00557 * means there's a much wider window for concurrent updates to cause 00558 * trouble here than anywhere else. XXX this code should be changed 00559 * whenever a generic fix is implemented. 00560 */ 00561 snapshot = RegisterSnapshot(GetLatestSnapshot()); 00562 00563 /* 00564 * Once we start copying subdirectories, we need to be able to clean 'em 00565 * up if we fail. Use an ENSURE block to make sure this happens. (This 00566 * is not a 100% solution, because of the possibility of failure during 00567 * transaction commit after we leave this routine, but it should handle 00568 * most scenarios.) 00569 */ 00570 fparms.src_dboid = src_dboid; 00571 fparms.dest_dboid = dboid; 00572 PG_ENSURE_ERROR_CLEANUP(createdb_failure_callback, 00573 PointerGetDatum(&fparms)); 00574 { 00575 /* 00576 * Iterate through all tablespaces of the template database, and copy 00577 * each one to the new database. 00578 */ 00579 rel = heap_open(TableSpaceRelationId, AccessShareLock); 00580 scan = heap_beginscan(rel, snapshot, 0, NULL); 00581 while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL) 00582 { 00583 Oid srctablespace = HeapTupleGetOid(tuple); 00584 Oid dsttablespace; 00585 char *srcpath; 00586 char *dstpath; 00587 struct stat st; 00588 00589 /* No need to copy global tablespace */ 00590 if (srctablespace == GLOBALTABLESPACE_OID) 00591 continue; 00592 00593 srcpath = GetDatabasePath(src_dboid, srctablespace); 00594 00595 if (stat(srcpath, &st) < 0 || !S_ISDIR(st.st_mode) || 00596 directory_is_empty(srcpath)) 00597 { 00598 /* Assume we can ignore it */ 00599 pfree(srcpath); 00600 continue; 00601 } 00602 00603 if (srctablespace == src_deftablespace) 00604 dsttablespace = dst_deftablespace; 00605 else 00606 dsttablespace = srctablespace; 00607 00608 dstpath = GetDatabasePath(dboid, dsttablespace); 00609 00610 /* 00611 * Copy this subdirectory to the new location 00612 * 00613 * We don't need to copy subdirectories 00614 */ 00615 copydir(srcpath, dstpath, false); 00616 00617 /* Record the filesystem change in XLOG */ 00618 { 00619 xl_dbase_create_rec xlrec; 00620 XLogRecData rdata[1]; 00621 00622 xlrec.db_id = dboid; 00623 xlrec.tablespace_id = dsttablespace; 00624 xlrec.src_db_id = src_dboid; 00625 xlrec.src_tablespace_id = srctablespace; 00626 00627 rdata[0].data = (char *) &xlrec; 00628 rdata[0].len = sizeof(xl_dbase_create_rec); 00629 rdata[0].buffer = InvalidBuffer; 00630 rdata[0].next = NULL; 00631 00632 (void) XLogInsert(RM_DBASE_ID, XLOG_DBASE_CREATE, rdata); 00633 } 00634 } 00635 heap_endscan(scan); 00636 heap_close(rel, AccessShareLock); 00637 00638 /* 00639 * We force a checkpoint before committing. This effectively means 00640 * that committed XLOG_DBASE_CREATE operations will never need to be 00641 * replayed (at least not in ordinary crash recovery; we still have to 00642 * make the XLOG entry for the benefit of PITR operations). This 00643 * avoids two nasty scenarios: 00644 * 00645 * #1: When PITR is off, we don't XLOG the contents of newly created 00646 * indexes; therefore the drop-and-recreate-whole-directory behavior 00647 * of DBASE_CREATE replay would lose such indexes. 00648 * 00649 * #2: Since we have to recopy the source database during DBASE_CREATE 00650 * replay, we run the risk of copying changes in it that were 00651 * committed after the original CREATE DATABASE command but before the 00652 * system crash that led to the replay. This is at least unexpected 00653 * and at worst could lead to inconsistencies, eg duplicate table 00654 * names. 00655 * 00656 * (Both of these were real bugs in releases 8.0 through 8.0.3.) 00657 * 00658 * In PITR replay, the first of these isn't an issue, and the second 00659 * is only a risk if the CREATE DATABASE and subsequent template 00660 * database change both occur while a base backup is being taken. 00661 * There doesn't seem to be much we can do about that except document 00662 * it as a limitation. 00663 * 00664 * Perhaps if we ever implement CREATE DATABASE in a less cheesy way, 00665 * we can avoid this. 00666 */ 00667 RequestCheckpoint(CHECKPOINT_IMMEDIATE | CHECKPOINT_FORCE | CHECKPOINT_WAIT); 00668 00669 /* 00670 * Close pg_database, but keep lock till commit. 00671 */ 00672 heap_close(pg_database_rel, NoLock); 00673 00674 /* 00675 * Force synchronous commit, thus minimizing the window between 00676 * creation of the database files and commital of the transaction. If 00677 * we crash before committing, we'll have a DB that's taking up disk 00678 * space but is not in pg_database, which is not good. 00679 */ 00680 ForceSyncCommit(); 00681 } 00682 PG_END_ENSURE_ERROR_CLEANUP(createdb_failure_callback, 00683 PointerGetDatum(&fparms)); 00684 00685 /* Free our snapshot */ 00686 UnregisterSnapshot(snapshot); 00687 00688 return dboid; 00689 } 00690 00691 /* 00692 * Check whether chosen encoding matches chosen locale settings. This 00693 * restriction is necessary because libc's locale-specific code usually 00694 * fails when presented with data in an encoding it's not expecting. We 00695 * allow mismatch in four cases: 00696 * 00697 * 1. locale encoding = SQL_ASCII, which means that the locale is C/POSIX 00698 * which works with any encoding. 00699 * 00700 * 2. locale encoding = -1, which means that we couldn't determine the 00701 * locale's encoding and have to trust the user to get it right. 00702 * 00703 * 3. selected encoding is UTF8 and platform is win32. This is because 00704 * UTF8 is a pseudo codepage that is supported in all locales since it's 00705 * converted to UTF16 before being used. 00706 * 00707 * 4. selected encoding is SQL_ASCII, but only if you're a superuser. This 00708 * is risky but we have historically allowed it --- notably, the 00709 * regression tests require it. 00710 * 00711 * Note: if you change this policy, fix initdb to match. 00712 */ 00713 void 00714 check_encoding_locale_matches(int encoding, const char *collate, const char *ctype) 00715 { 00716 int ctype_encoding = pg_get_encoding_from_locale(ctype, true); 00717 int collate_encoding = pg_get_encoding_from_locale(collate, true); 00718 00719 if (!(ctype_encoding == encoding || 00720 ctype_encoding == PG_SQL_ASCII || 00721 ctype_encoding == -1 || 00722 #ifdef WIN32 00723 encoding == PG_UTF8 || 00724 #endif 00725 (encoding == PG_SQL_ASCII && superuser()))) 00726 ereport(ERROR, 00727 (errcode(ERRCODE_INVALID_PARAMETER_VALUE), 00728 errmsg("encoding \"%s\" does not match locale \"%s\"", 00729 pg_encoding_to_char(encoding), 00730 ctype), 00731 errdetail("The chosen LC_CTYPE setting requires encoding \"%s\".", 00732 pg_encoding_to_char(ctype_encoding)))); 00733 00734 if (!(collate_encoding == encoding || 00735 collate_encoding == PG_SQL_ASCII || 00736 collate_encoding == -1 || 00737 #ifdef WIN32 00738 encoding == PG_UTF8 || 00739 #endif 00740 (encoding == PG_SQL_ASCII && superuser()))) 00741 ereport(ERROR, 00742 (errcode(ERRCODE_INVALID_PARAMETER_VALUE), 00743 errmsg("encoding \"%s\" does not match locale \"%s\"", 00744 pg_encoding_to_char(encoding), 00745 collate), 00746 errdetail("The chosen LC_COLLATE setting requires encoding \"%s\".", 00747 pg_encoding_to_char(collate_encoding)))); 00748 } 00749 00750 /* Error cleanup callback for createdb */ 00751 static void 00752 createdb_failure_callback(int code, Datum arg) 00753 { 00754 createdb_failure_params *fparms = (createdb_failure_params *) DatumGetPointer(arg); 00755 00756 /* 00757 * Release lock on source database before doing recursive remove. This is 00758 * not essential but it seems desirable to release the lock as soon as 00759 * possible. 00760 */ 00761 UnlockSharedObject(DatabaseRelationId, fparms->src_dboid, 0, ShareLock); 00762 00763 /* Throw away any successfully copied subdirectories */ 00764 remove_dbtablespaces(fparms->dest_dboid); 00765 } 00766 00767 00768 /* 00769 * DROP DATABASE 00770 */ 00771 void 00772 dropdb(const char *dbname, bool missing_ok) 00773 { 00774 Oid db_id; 00775 bool db_istemplate; 00776 Relation pgdbrel; 00777 HeapTuple tup; 00778 int notherbackends; 00779 int npreparedxacts; 00780 00781 /* 00782 * Look up the target database's OID, and get exclusive lock on it. We 00783 * need this to ensure that no new backend starts up in the target 00784 * database while we are deleting it (see postinit.c), and that no one is 00785 * using it as a CREATE DATABASE template or trying to delete it for 00786 * themselves. 00787 */ 00788 pgdbrel = heap_open(DatabaseRelationId, RowExclusiveLock); 00789 00790 if (!get_db_info(dbname, AccessExclusiveLock, &db_id, NULL, NULL, 00791 &db_istemplate, NULL, NULL, NULL, NULL, NULL, NULL, NULL)) 00792 { 00793 if (!missing_ok) 00794 { 00795 ereport(ERROR, 00796 (errcode(ERRCODE_UNDEFINED_DATABASE), 00797 errmsg("database \"%s\" does not exist", dbname))); 00798 } 00799 else 00800 { 00801 /* Close pg_database, release the lock, since we changed nothing */ 00802 heap_close(pgdbrel, RowExclusiveLock); 00803 ereport(NOTICE, 00804 (errmsg("database \"%s\" does not exist, skipping", 00805 dbname))); 00806 return; 00807 } 00808 } 00809 00810 /* 00811 * Permission checks 00812 */ 00813 if (!pg_database_ownercheck(db_id, GetUserId())) 00814 aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE, 00815 dbname); 00816 00817 /* DROP hook for the database being removed */ 00818 InvokeObjectDropHook(DatabaseRelationId, db_id, 0); 00819 00820 /* 00821 * Disallow dropping a DB that is marked istemplate. This is just to 00822 * prevent people from accidentally dropping template0 or template1; they 00823 * can do so if they're really determined ... 00824 */ 00825 if (db_istemplate) 00826 ereport(ERROR, 00827 (errcode(ERRCODE_WRONG_OBJECT_TYPE), 00828 errmsg("cannot drop a template database"))); 00829 00830 /* Obviously can't drop my own database */ 00831 if (db_id == MyDatabaseId) 00832 ereport(ERROR, 00833 (errcode(ERRCODE_OBJECT_IN_USE), 00834 errmsg("cannot drop the currently open database"))); 00835 00836 /* 00837 * Check for other backends in the target database. (Because we hold the 00838 * database lock, no new ones can start after this.) 00839 * 00840 * As in CREATE DATABASE, check this after other error conditions. 00841 */ 00842 if (CountOtherDBBackends(db_id, ¬herbackends, &npreparedxacts)) 00843 ereport(ERROR, 00844 (errcode(ERRCODE_OBJECT_IN_USE), 00845 errmsg("database \"%s\" is being accessed by other users", 00846 dbname), 00847 errdetail_busy_db(notherbackends, npreparedxacts))); 00848 00849 /* 00850 * Remove the database's tuple from pg_database. 00851 */ 00852 tup = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(db_id)); 00853 if (!HeapTupleIsValid(tup)) 00854 elog(ERROR, "cache lookup failed for database %u", db_id); 00855 00856 simple_heap_delete(pgdbrel, &tup->t_self); 00857 00858 ReleaseSysCache(tup); 00859 00860 /* 00861 * Delete any comments or security labels associated with the database. 00862 */ 00863 DeleteSharedComments(db_id, DatabaseRelationId); 00864 DeleteSharedSecurityLabel(db_id, DatabaseRelationId); 00865 00866 /* 00867 * Remove settings associated with this database 00868 */ 00869 DropSetting(db_id, InvalidOid); 00870 00871 /* 00872 * Remove shared dependency references for the database. 00873 */ 00874 dropDatabaseDependencies(db_id); 00875 00876 /* 00877 * Drop pages for this database that are in the shared buffer cache. This 00878 * is important to ensure that no remaining backend tries to write out a 00879 * dirty buffer to the dead database later... 00880 */ 00881 DropDatabaseBuffers(db_id); 00882 00883 /* 00884 * Tell the stats collector to forget it immediately, too. 00885 */ 00886 pgstat_drop_database(db_id); 00887 00888 /* 00889 * Tell checkpointer to forget any pending fsync and unlink requests for 00890 * files in the database; else the fsyncs will fail at next checkpoint, or 00891 * worse, it will delete files that belong to a newly created database 00892 * with the same OID. 00893 */ 00894 ForgetDatabaseFsyncRequests(db_id); 00895 00896 /* 00897 * Force a checkpoint to make sure the checkpointer has received the 00898 * message sent by ForgetDatabaseFsyncRequests. On Windows, this also 00899 * ensures that background procs don't hold any open files, which would 00900 * cause rmdir() to fail. 00901 */ 00902 RequestCheckpoint(CHECKPOINT_IMMEDIATE | CHECKPOINT_FORCE | CHECKPOINT_WAIT); 00903 00904 /* 00905 * Remove all tablespace subdirs belonging to the database. 00906 */ 00907 remove_dbtablespaces(db_id); 00908 00909 /* 00910 * Close pg_database, but keep lock till commit. 00911 */ 00912 heap_close(pgdbrel, NoLock); 00913 00914 /* 00915 * Force synchronous commit, thus minimizing the window between removal of 00916 * the database files and commital of the transaction. If we crash before 00917 * committing, we'll have a DB that's gone on disk but still there 00918 * according to pg_database, which is not good. 00919 */ 00920 ForceSyncCommit(); 00921 } 00922 00923 00924 /* 00925 * Rename database 00926 */ 00927 Oid 00928 RenameDatabase(const char *oldname, const char *newname) 00929 { 00930 Oid db_id; 00931 HeapTuple newtup; 00932 Relation rel; 00933 int notherbackends; 00934 int npreparedxacts; 00935 00936 /* 00937 * Look up the target database's OID, and get exclusive lock on it. We 00938 * need this for the same reasons as DROP DATABASE. 00939 */ 00940 rel = heap_open(DatabaseRelationId, RowExclusiveLock); 00941 00942 if (!get_db_info(oldname, AccessExclusiveLock, &db_id, NULL, NULL, 00943 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL)) 00944 ereport(ERROR, 00945 (errcode(ERRCODE_UNDEFINED_DATABASE), 00946 errmsg("database \"%s\" does not exist", oldname))); 00947 00948 /* must be owner */ 00949 if (!pg_database_ownercheck(db_id, GetUserId())) 00950 aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE, 00951 oldname); 00952 00953 /* must have createdb rights */ 00954 if (!have_createdb_privilege()) 00955 ereport(ERROR, 00956 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), 00957 errmsg("permission denied to rename database"))); 00958 00959 /* 00960 * Make sure the new name doesn't exist. See notes for same error in 00961 * CREATE DATABASE. 00962 */ 00963 if (OidIsValid(get_database_oid(newname, true))) 00964 ereport(ERROR, 00965 (errcode(ERRCODE_DUPLICATE_DATABASE), 00966 errmsg("database \"%s\" already exists", newname))); 00967 00968 /* 00969 * XXX Client applications probably store the current database somewhere, 00970 * so renaming it could cause confusion. On the other hand, there may not 00971 * be an actual problem besides a little confusion, so think about this 00972 * and decide. 00973 */ 00974 if (db_id == MyDatabaseId) 00975 ereport(ERROR, 00976 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), 00977 errmsg("current database cannot be renamed"))); 00978 00979 /* 00980 * Make sure the database does not have active sessions. This is the same 00981 * concern as above, but applied to other sessions. 00982 * 00983 * As in CREATE DATABASE, check this after other error conditions. 00984 */ 00985 if (CountOtherDBBackends(db_id, ¬herbackends, &npreparedxacts)) 00986 ereport(ERROR, 00987 (errcode(ERRCODE_OBJECT_IN_USE), 00988 errmsg("database \"%s\" is being accessed by other users", 00989 oldname), 00990 errdetail_busy_db(notherbackends, npreparedxacts))); 00991 00992 /* rename */ 00993 newtup = SearchSysCacheCopy1(DATABASEOID, ObjectIdGetDatum(db_id)); 00994 if (!HeapTupleIsValid(newtup)) 00995 elog(ERROR, "cache lookup failed for database %u", db_id); 00996 namestrcpy(&(((Form_pg_database) GETSTRUCT(newtup))->datname), newname); 00997 simple_heap_update(rel, &newtup->t_self, newtup); 00998 CatalogUpdateIndexes(rel, newtup); 00999 01000 InvokeObjectPostAlterHook(DatabaseRelationId, db_id, 0); 01001 01002 /* 01003 * Close pg_database, but keep lock till commit. 01004 */ 01005 heap_close(rel, NoLock); 01006 01007 return db_id; 01008 } 01009 01010 01011 /* 01012 * ALTER DATABASE SET TABLESPACE 01013 */ 01014 static void 01015 movedb(const char *dbname, const char *tblspcname) 01016 { 01017 Oid db_id; 01018 Relation pgdbrel; 01019 int notherbackends; 01020 int npreparedxacts; 01021 HeapTuple oldtuple, 01022 newtuple; 01023 Oid src_tblspcoid, 01024 dst_tblspcoid; 01025 Datum new_record[Natts_pg_database]; 01026 bool new_record_nulls[Natts_pg_database]; 01027 bool new_record_repl[Natts_pg_database]; 01028 ScanKeyData scankey; 01029 SysScanDesc sysscan; 01030 AclResult aclresult; 01031 char *src_dbpath; 01032 char *dst_dbpath; 01033 DIR *dstdir; 01034 struct dirent *xlde; 01035 movedb_failure_params fparms; 01036 01037 /* 01038 * Look up the target database's OID, and get exclusive lock on it. We 01039 * need this to ensure that no new backend starts up in the database while 01040 * we are moving it, and that no one is using it as a CREATE DATABASE 01041 * template or trying to delete it. 01042 */ 01043 pgdbrel = heap_open(DatabaseRelationId, RowExclusiveLock); 01044 01045 if (!get_db_info(dbname, AccessExclusiveLock, &db_id, NULL, NULL, 01046 NULL, NULL, NULL, NULL, NULL, &src_tblspcoid, NULL, NULL)) 01047 ereport(ERROR, 01048 (errcode(ERRCODE_UNDEFINED_DATABASE), 01049 errmsg("database \"%s\" does not exist", dbname))); 01050 01051 /* 01052 * We actually need a session lock, so that the lock will persist across 01053 * the commit/restart below. (We could almost get away with letting the 01054 * lock be released at commit, except that someone could try to move 01055 * relations of the DB back into the old directory while we rmtree() it.) 01056 */ 01057 LockSharedObjectForSession(DatabaseRelationId, db_id, 0, 01058 AccessExclusiveLock); 01059 01060 /* 01061 * Permission checks 01062 */ 01063 if (!pg_database_ownercheck(db_id, GetUserId())) 01064 aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE, 01065 dbname); 01066 01067 /* 01068 * Obviously can't move the tables of my own database 01069 */ 01070 if (db_id == MyDatabaseId) 01071 ereport(ERROR, 01072 (errcode(ERRCODE_OBJECT_IN_USE), 01073 errmsg("cannot change the tablespace of the currently open database"))); 01074 01075 /* 01076 * Get tablespace's oid 01077 */ 01078 dst_tblspcoid = get_tablespace_oid(tblspcname, false); 01079 01080 /* 01081 * Permission checks 01082 */ 01083 aclresult = pg_tablespace_aclcheck(dst_tblspcoid, GetUserId(), 01084 ACL_CREATE); 01085 if (aclresult != ACLCHECK_OK) 01086 aclcheck_error(aclresult, ACL_KIND_TABLESPACE, 01087 tblspcname); 01088 01089 /* 01090 * pg_global must never be the default tablespace 01091 */ 01092 if (dst_tblspcoid == GLOBALTABLESPACE_OID) 01093 ereport(ERROR, 01094 (errcode(ERRCODE_INVALID_PARAMETER_VALUE), 01095 errmsg("pg_global cannot be used as default tablespace"))); 01096 01097 /* 01098 * No-op if same tablespace 01099 */ 01100 if (src_tblspcoid == dst_tblspcoid) 01101 { 01102 heap_close(pgdbrel, NoLock); 01103 UnlockSharedObjectForSession(DatabaseRelationId, db_id, 0, 01104 AccessExclusiveLock); 01105 return; 01106 } 01107 01108 /* 01109 * Check for other backends in the target database. (Because we hold the 01110 * database lock, no new ones can start after this.) 01111 * 01112 * As in CREATE DATABASE, check this after other error conditions. 01113 */ 01114 if (CountOtherDBBackends(db_id, ¬herbackends, &npreparedxacts)) 01115 ereport(ERROR, 01116 (errcode(ERRCODE_OBJECT_IN_USE), 01117 errmsg("database \"%s\" is being accessed by other users", 01118 dbname), 01119 errdetail_busy_db(notherbackends, npreparedxacts))); 01120 01121 /* 01122 * Get old and new database paths 01123 */ 01124 src_dbpath = GetDatabasePath(db_id, src_tblspcoid); 01125 dst_dbpath = GetDatabasePath(db_id, dst_tblspcoid); 01126 01127 /* 01128 * Force a checkpoint before proceeding. This will force dirty buffers out 01129 * to disk, to ensure source database is up-to-date on disk for the copy. 01130 * FlushDatabaseBuffers() would suffice for that, but we also want to 01131 * process any pending unlink requests. Otherwise, the check for existing 01132 * files in the target directory might fail unnecessarily, not to mention 01133 * that the copy might fail due to source files getting deleted under it. 01134 * On Windows, this also ensures that background procs don't hold any open 01135 * files, which would cause rmdir() to fail. 01136 */ 01137 RequestCheckpoint(CHECKPOINT_IMMEDIATE | CHECKPOINT_FORCE | CHECKPOINT_WAIT); 01138 01139 /* 01140 * Check for existence of files in the target directory, i.e., objects of 01141 * this database that are already in the target tablespace. We can't 01142 * allow the move in such a case, because we would need to change those 01143 * relations' pg_class.reltablespace entries to zero, and we don't have 01144 * access to the DB's pg_class to do so. 01145 */ 01146 dstdir = AllocateDir(dst_dbpath); 01147 if (dstdir != NULL) 01148 { 01149 while ((xlde = ReadDir(dstdir, dst_dbpath)) != NULL) 01150 { 01151 if (strcmp(xlde->d_name, ".") == 0 || 01152 strcmp(xlde->d_name, "..") == 0) 01153 continue; 01154 01155 ereport(ERROR, 01156 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE), 01157 errmsg("some relations of database \"%s\" are already in tablespace \"%s\"", 01158 dbname, tblspcname), 01159 errhint("You must move them back to the database's default tablespace before using this command."))); 01160 } 01161 01162 FreeDir(dstdir); 01163 01164 /* 01165 * The directory exists but is empty. We must remove it before using 01166 * the copydir function. 01167 */ 01168 if (rmdir(dst_dbpath) != 0) 01169 elog(ERROR, "could not remove directory \"%s\": %m", 01170 dst_dbpath); 01171 } 01172 01173 /* 01174 * Use an ENSURE block to make sure we remove the debris if the copy fails 01175 * (eg, due to out-of-disk-space). This is not a 100% solution, because 01176 * of the possibility of failure during transaction commit, but it should 01177 * handle most scenarios. 01178 */ 01179 fparms.dest_dboid = db_id; 01180 fparms.dest_tsoid = dst_tblspcoid; 01181 PG_ENSURE_ERROR_CLEANUP(movedb_failure_callback, 01182 PointerGetDatum(&fparms)); 01183 { 01184 /* 01185 * Copy files from the old tablespace to the new one 01186 */ 01187 copydir(src_dbpath, dst_dbpath, false); 01188 01189 /* 01190 * Record the filesystem change in XLOG 01191 */ 01192 { 01193 xl_dbase_create_rec xlrec; 01194 XLogRecData rdata[1]; 01195 01196 xlrec.db_id = db_id; 01197 xlrec.tablespace_id = dst_tblspcoid; 01198 xlrec.src_db_id = db_id; 01199 xlrec.src_tablespace_id = src_tblspcoid; 01200 01201 rdata[0].data = (char *) &xlrec; 01202 rdata[0].len = sizeof(xl_dbase_create_rec); 01203 rdata[0].buffer = InvalidBuffer; 01204 rdata[0].next = NULL; 01205 01206 (void) XLogInsert(RM_DBASE_ID, XLOG_DBASE_CREATE, rdata); 01207 } 01208 01209 /* 01210 * Update the database's pg_database tuple 01211 */ 01212 ScanKeyInit(&scankey, 01213 Anum_pg_database_datname, 01214 BTEqualStrategyNumber, F_NAMEEQ, 01215 NameGetDatum(dbname)); 01216 sysscan = systable_beginscan(pgdbrel, DatabaseNameIndexId, true, 01217 SnapshotNow, 1, &scankey); 01218 oldtuple = systable_getnext(sysscan); 01219 if (!HeapTupleIsValid(oldtuple)) /* shouldn't happen... */ 01220 ereport(ERROR, 01221 (errcode(ERRCODE_UNDEFINED_DATABASE), 01222 errmsg("database \"%s\" does not exist", dbname))); 01223 01224 MemSet(new_record, 0, sizeof(new_record)); 01225 MemSet(new_record_nulls, false, sizeof(new_record_nulls)); 01226 MemSet(new_record_repl, false, sizeof(new_record_repl)); 01227 01228 new_record[Anum_pg_database_dattablespace - 1] = ObjectIdGetDatum(dst_tblspcoid); 01229 new_record_repl[Anum_pg_database_dattablespace - 1] = true; 01230 01231 newtuple = heap_modify_tuple(oldtuple, RelationGetDescr(pgdbrel), 01232 new_record, 01233 new_record_nulls, new_record_repl); 01234 simple_heap_update(pgdbrel, &oldtuple->t_self, newtuple); 01235 01236 /* Update indexes */ 01237 CatalogUpdateIndexes(pgdbrel, newtuple); 01238 01239 InvokeObjectPostAlterHook(DatabaseRelationId, 01240 HeapTupleGetOid(newtuple), 0); 01241 01242 systable_endscan(sysscan); 01243 01244 /* 01245 * Force another checkpoint here. As in CREATE DATABASE, this is to 01246 * ensure that we don't have to replay a committed XLOG_DBASE_CREATE 01247 * operation, which would cause us to lose any unlogged operations 01248 * done in the new DB tablespace before the next checkpoint. 01249 */ 01250 RequestCheckpoint(CHECKPOINT_IMMEDIATE | CHECKPOINT_FORCE | CHECKPOINT_WAIT); 01251 01252 /* 01253 * Force synchronous commit, thus minimizing the window between 01254 * copying the database files and commital of the transaction. If we 01255 * crash before committing, we'll leave an orphaned set of files on 01256 * disk, which is not fatal but not good either. 01257 */ 01258 ForceSyncCommit(); 01259 01260 /* 01261 * Close pg_database, but keep lock till commit. 01262 */ 01263 heap_close(pgdbrel, NoLock); 01264 } 01265 PG_END_ENSURE_ERROR_CLEANUP(movedb_failure_callback, 01266 PointerGetDatum(&fparms)); 01267 01268 /* 01269 * Commit the transaction so that the pg_database update is committed. If 01270 * we crash while removing files, the database won't be corrupt, we'll 01271 * just leave some orphaned files in the old directory. 01272 * 01273 * (This is OK because we know we aren't inside a transaction block.) 01274 * 01275 * XXX would it be safe/better to do this inside the ensure block? Not 01276 * convinced it's a good idea; consider elog just after the transaction 01277 * really commits. 01278 */ 01279 PopActiveSnapshot(); 01280 CommitTransactionCommand(); 01281 01282 /* Start new transaction for the remaining work; don't need a snapshot */ 01283 StartTransactionCommand(); 01284 01285 /* 01286 * Remove files from the old tablespace 01287 */ 01288 if (!rmtree(src_dbpath, true)) 01289 ereport(WARNING, 01290 (errmsg("some useless files may be left behind in old database directory \"%s\"", 01291 src_dbpath))); 01292 01293 /* 01294 * Record the filesystem change in XLOG 01295 */ 01296 { 01297 xl_dbase_drop_rec xlrec; 01298 XLogRecData rdata[1]; 01299 01300 xlrec.db_id = db_id; 01301 xlrec.tablespace_id = src_tblspcoid; 01302 01303 rdata[0].data = (char *) &xlrec; 01304 rdata[0].len = sizeof(xl_dbase_drop_rec); 01305 rdata[0].buffer = InvalidBuffer; 01306 rdata[0].next = NULL; 01307 01308 (void) XLogInsert(RM_DBASE_ID, XLOG_DBASE_DROP, rdata); 01309 } 01310 01311 /* Now it's safe to release the database lock */ 01312 UnlockSharedObjectForSession(DatabaseRelationId, db_id, 0, 01313 AccessExclusiveLock); 01314 } 01315 01316 /* Error cleanup callback for movedb */ 01317 static void 01318 movedb_failure_callback(int code, Datum arg) 01319 { 01320 movedb_failure_params *fparms = (movedb_failure_params *) DatumGetPointer(arg); 01321 char *dstpath; 01322 01323 /* Get rid of anything we managed to copy to the target directory */ 01324 dstpath = GetDatabasePath(fparms->dest_dboid, fparms->dest_tsoid); 01325 01326 (void) rmtree(dstpath, true); 01327 } 01328 01329 01330 /* 01331 * ALTER DATABASE name ... 01332 */ 01333 Oid 01334 AlterDatabase(AlterDatabaseStmt *stmt, bool isTopLevel) 01335 { 01336 Relation rel; 01337 Oid dboid; 01338 HeapTuple tuple, 01339 newtuple; 01340 ScanKeyData scankey; 01341 SysScanDesc scan; 01342 ListCell *option; 01343 int connlimit = -1; 01344 DefElem *dconnlimit = NULL; 01345 DefElem *dtablespace = NULL; 01346 Datum new_record[Natts_pg_database]; 01347 bool new_record_nulls[Natts_pg_database]; 01348 bool new_record_repl[Natts_pg_database]; 01349 01350 /* Extract options from the statement node tree */ 01351 foreach(option, stmt->options) 01352 { 01353 DefElem *defel = (DefElem *) lfirst(option); 01354 01355 if (strcmp(defel->defname, "connectionlimit") == 0) 01356 { 01357 if (dconnlimit) 01358 ereport(ERROR, 01359 (errcode(ERRCODE_SYNTAX_ERROR), 01360 errmsg("conflicting or redundant options"))); 01361 dconnlimit = defel; 01362 } 01363 else if (strcmp(defel->defname, "tablespace") == 0) 01364 { 01365 if (dtablespace) 01366 ereport(ERROR, 01367 (errcode(ERRCODE_SYNTAX_ERROR), 01368 errmsg("conflicting or redundant options"))); 01369 dtablespace = defel; 01370 } 01371 else 01372 elog(ERROR, "option \"%s\" not recognized", 01373 defel->defname); 01374 } 01375 01376 if (dtablespace) 01377 { 01378 /* currently, can't be specified along with any other options */ 01379 Assert(!dconnlimit); 01380 /* this case isn't allowed within a transaction block */ 01381 PreventTransactionChain(isTopLevel, "ALTER DATABASE SET TABLESPACE"); 01382 movedb(stmt->dbname, strVal(dtablespace->arg)); 01383 return InvalidOid; 01384 } 01385 01386 if (dconnlimit) 01387 { 01388 connlimit = intVal(dconnlimit->arg); 01389 if (connlimit < -1) 01390 ereport(ERROR, 01391 (errcode(ERRCODE_INVALID_PARAMETER_VALUE), 01392 errmsg("invalid connection limit: %d", connlimit))); 01393 } 01394 01395 /* 01396 * Get the old tuple. We don't need a lock on the database per se, 01397 * because we're not going to do anything that would mess up incoming 01398 * connections. 01399 */ 01400 rel = heap_open(DatabaseRelationId, RowExclusiveLock); 01401 ScanKeyInit(&scankey, 01402 Anum_pg_database_datname, 01403 BTEqualStrategyNumber, F_NAMEEQ, 01404 NameGetDatum(stmt->dbname)); 01405 scan = systable_beginscan(rel, DatabaseNameIndexId, true, 01406 SnapshotNow, 1, &scankey); 01407 tuple = systable_getnext(scan); 01408 if (!HeapTupleIsValid(tuple)) 01409 ereport(ERROR, 01410 (errcode(ERRCODE_UNDEFINED_DATABASE), 01411 errmsg("database \"%s\" does not exist", stmt->dbname))); 01412 01413 dboid = HeapTupleGetOid(tuple); 01414 01415 if (!pg_database_ownercheck(HeapTupleGetOid(tuple), GetUserId())) 01416 aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE, 01417 stmt->dbname); 01418 01419 /* 01420 * Build an updated tuple, perusing the information just obtained 01421 */ 01422 MemSet(new_record, 0, sizeof(new_record)); 01423 MemSet(new_record_nulls, false, sizeof(new_record_nulls)); 01424 MemSet(new_record_repl, false, sizeof(new_record_repl)); 01425 01426 if (dconnlimit) 01427 { 01428 new_record[Anum_pg_database_datconnlimit - 1] = Int32GetDatum(connlimit); 01429 new_record_repl[Anum_pg_database_datconnlimit - 1] = true; 01430 } 01431 01432 newtuple = heap_modify_tuple(tuple, RelationGetDescr(rel), new_record, 01433 new_record_nulls, new_record_repl); 01434 simple_heap_update(rel, &tuple->t_self, newtuple); 01435 01436 /* Update indexes */ 01437 CatalogUpdateIndexes(rel, newtuple); 01438 01439 InvokeObjectPostAlterHook(DatabaseRelationId, 01440 HeapTupleGetOid(newtuple), 0); 01441 01442 systable_endscan(scan); 01443 01444 /* Close pg_database, but keep lock till commit */ 01445 heap_close(rel, NoLock); 01446 01447 return dboid; 01448 } 01449 01450 01451 /* 01452 * ALTER DATABASE name SET ... 01453 */ 01454 Oid 01455 AlterDatabaseSet(AlterDatabaseSetStmt *stmt) 01456 { 01457 Oid datid = get_database_oid(stmt->dbname, false); 01458 01459 /* 01460 * Obtain a lock on the database and make sure it didn't go away in the 01461 * meantime. 01462 */ 01463 shdepLockAndCheckObject(DatabaseRelationId, datid); 01464 01465 if (!pg_database_ownercheck(datid, GetUserId())) 01466 aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE, 01467 stmt->dbname); 01468 01469 AlterSetting(datid, InvalidOid, stmt->setstmt); 01470 01471 UnlockSharedObject(DatabaseRelationId, datid, 0, AccessShareLock); 01472 01473 return datid; 01474 } 01475 01476 01477 /* 01478 * ALTER DATABASE name OWNER TO newowner 01479 */ 01480 Oid 01481 AlterDatabaseOwner(const char *dbname, Oid newOwnerId) 01482 { 01483 Oid db_id; 01484 HeapTuple tuple; 01485 Relation rel; 01486 ScanKeyData scankey; 01487 SysScanDesc scan; 01488 Form_pg_database datForm; 01489 01490 /* 01491 * Get the old tuple. We don't need a lock on the database per se, 01492 * because we're not going to do anything that would mess up incoming 01493 * connections. 01494 */ 01495 rel = heap_open(DatabaseRelationId, RowExclusiveLock); 01496 ScanKeyInit(&scankey, 01497 Anum_pg_database_datname, 01498 BTEqualStrategyNumber, F_NAMEEQ, 01499 NameGetDatum(dbname)); 01500 scan = systable_beginscan(rel, DatabaseNameIndexId, true, 01501 SnapshotNow, 1, &scankey); 01502 tuple = systable_getnext(scan); 01503 if (!HeapTupleIsValid(tuple)) 01504 ereport(ERROR, 01505 (errcode(ERRCODE_UNDEFINED_DATABASE), 01506 errmsg("database \"%s\" does not exist", dbname))); 01507 01508 db_id = HeapTupleGetOid(tuple); 01509 datForm = (Form_pg_database) GETSTRUCT(tuple); 01510 01511 /* 01512 * If the new owner is the same as the existing owner, consider the 01513 * command to have succeeded. This is to be consistent with other 01514 * objects. 01515 */ 01516 if (datForm->datdba != newOwnerId) 01517 { 01518 Datum repl_val[Natts_pg_database]; 01519 bool repl_null[Natts_pg_database]; 01520 bool repl_repl[Natts_pg_database]; 01521 Acl *newAcl; 01522 Datum aclDatum; 01523 bool isNull; 01524 HeapTuple newtuple; 01525 01526 /* Otherwise, must be owner of the existing object */ 01527 if (!pg_database_ownercheck(HeapTupleGetOid(tuple), GetUserId())) 01528 aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE, 01529 dbname); 01530 01531 /* Must be able to become new owner */ 01532 check_is_member_of_role(GetUserId(), newOwnerId); 01533 01534 /* 01535 * must have createdb rights 01536 * 01537 * NOTE: This is different from other alter-owner checks in that the 01538 * current user is checked for createdb privileges instead of the 01539 * destination owner. This is consistent with the CREATE case for 01540 * databases. Because superusers will always have this right, we need 01541 * no special case for them. 01542 */ 01543 if (!have_createdb_privilege()) 01544 ereport(ERROR, 01545 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), 01546 errmsg("permission denied to change owner of database"))); 01547 01548 memset(repl_null, false, sizeof(repl_null)); 01549 memset(repl_repl, false, sizeof(repl_repl)); 01550 01551 repl_repl[Anum_pg_database_datdba - 1] = true; 01552 repl_val[Anum_pg_database_datdba - 1] = ObjectIdGetDatum(newOwnerId); 01553 01554 /* 01555 * Determine the modified ACL for the new owner. This is only 01556 * necessary when the ACL is non-null. 01557 */ 01558 aclDatum = heap_getattr(tuple, 01559 Anum_pg_database_datacl, 01560 RelationGetDescr(rel), 01561 &isNull); 01562 if (!isNull) 01563 { 01564 newAcl = aclnewowner(DatumGetAclP(aclDatum), 01565 datForm->datdba, newOwnerId); 01566 repl_repl[Anum_pg_database_datacl - 1] = true; 01567 repl_val[Anum_pg_database_datacl - 1] = PointerGetDatum(newAcl); 01568 } 01569 01570 newtuple = heap_modify_tuple(tuple, RelationGetDescr(rel), repl_val, repl_null, repl_repl); 01571 simple_heap_update(rel, &newtuple->t_self, newtuple); 01572 CatalogUpdateIndexes(rel, newtuple); 01573 01574 heap_freetuple(newtuple); 01575 01576 /* Update owner dependency reference */ 01577 changeDependencyOnOwner(DatabaseRelationId, HeapTupleGetOid(tuple), 01578 newOwnerId); 01579 } 01580 01581 InvokeObjectPostAlterHook(DatabaseRelationId, HeapTupleGetOid(tuple), 0); 01582 01583 systable_endscan(scan); 01584 01585 /* Close pg_database, but keep lock till commit */ 01586 heap_close(rel, NoLock); 01587 01588 return db_id; 01589 } 01590 01591 01592 /* 01593 * Helper functions 01594 */ 01595 01596 /* 01597 * Look up info about the database named "name". If the database exists, 01598 * obtain the specified lock type on it, fill in any of the remaining 01599 * parameters that aren't NULL, and return TRUE. If no such database, 01600 * return FALSE. 01601 */ 01602 static bool 01603 get_db_info(const char *name, LOCKMODE lockmode, 01604 Oid *dbIdP, Oid *ownerIdP, 01605 int *encodingP, bool *dbIsTemplateP, bool *dbAllowConnP, 01606 Oid *dbLastSysOidP, TransactionId *dbFrozenXidP, 01607 MultiXactId *dbMinMultiP, 01608 Oid *dbTablespace, char **dbCollate, char **dbCtype) 01609 { 01610 bool result = false; 01611 Relation relation; 01612 01613 AssertArg(name); 01614 01615 /* Caller may wish to grab a better lock on pg_database beforehand... */ 01616 relation = heap_open(DatabaseRelationId, AccessShareLock); 01617 01618 /* 01619 * Loop covers the rare case where the database is renamed before we can 01620 * lock it. We try again just in case we can find a new one of the same 01621 * name. 01622 */ 01623 for (;;) 01624 { 01625 ScanKeyData scanKey; 01626 SysScanDesc scan; 01627 HeapTuple tuple; 01628 Oid dbOid; 01629 01630 /* 01631 * there's no syscache for database-indexed-by-name, so must do it the 01632 * hard way 01633 */ 01634 ScanKeyInit(&scanKey, 01635 Anum_pg_database_datname, 01636 BTEqualStrategyNumber, F_NAMEEQ, 01637 NameGetDatum(name)); 01638 01639 scan = systable_beginscan(relation, DatabaseNameIndexId, true, 01640 SnapshotNow, 1, &scanKey); 01641 01642 tuple = systable_getnext(scan); 01643 01644 if (!HeapTupleIsValid(tuple)) 01645 { 01646 /* definitely no database of that name */ 01647 systable_endscan(scan); 01648 break; 01649 } 01650 01651 dbOid = HeapTupleGetOid(tuple); 01652 01653 systable_endscan(scan); 01654 01655 /* 01656 * Now that we have a database OID, we can try to lock the DB. 01657 */ 01658 if (lockmode != NoLock) 01659 LockSharedObject(DatabaseRelationId, dbOid, 0, lockmode); 01660 01661 /* 01662 * And now, re-fetch the tuple by OID. If it's still there and still 01663 * the same name, we win; else, drop the lock and loop back to try 01664 * again. 01665 */ 01666 tuple = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(dbOid)); 01667 if (HeapTupleIsValid(tuple)) 01668 { 01669 Form_pg_database dbform = (Form_pg_database) GETSTRUCT(tuple); 01670 01671 if (strcmp(name, NameStr(dbform->datname)) == 0) 01672 { 01673 /* oid of the database */ 01674 if (dbIdP) 01675 *dbIdP = dbOid; 01676 /* oid of the owner */ 01677 if (ownerIdP) 01678 *ownerIdP = dbform->datdba; 01679 /* character encoding */ 01680 if (encodingP) 01681 *encodingP = dbform->encoding; 01682 /* allowed as template? */ 01683 if (dbIsTemplateP) 01684 *dbIsTemplateP = dbform->datistemplate; 01685 /* allowing connections? */ 01686 if (dbAllowConnP) 01687 *dbAllowConnP = dbform->datallowconn; 01688 /* last system OID used in database */ 01689 if (dbLastSysOidP) 01690 *dbLastSysOidP = dbform->datlastsysoid; 01691 /* limit of frozen XIDs */ 01692 if (dbFrozenXidP) 01693 *dbFrozenXidP = dbform->datfrozenxid; 01694 /* limit of frozen Multixacts */ 01695 if (dbMinMultiP) 01696 *dbMinMultiP = dbform->datminmxid; 01697 /* default tablespace for this database */ 01698 if (dbTablespace) 01699 *dbTablespace = dbform->dattablespace; 01700 /* default locale settings for this database */ 01701 if (dbCollate) 01702 *dbCollate = pstrdup(NameStr(dbform->datcollate)); 01703 if (dbCtype) 01704 *dbCtype = pstrdup(NameStr(dbform->datctype)); 01705 ReleaseSysCache(tuple); 01706 result = true; 01707 break; 01708 } 01709 /* can only get here if it was just renamed */ 01710 ReleaseSysCache(tuple); 01711 } 01712 01713 if (lockmode != NoLock) 01714 UnlockSharedObject(DatabaseRelationId, dbOid, 0, lockmode); 01715 } 01716 01717 heap_close(relation, AccessShareLock); 01718 01719 return result; 01720 } 01721 01722 /* Check if current user has createdb privileges */ 01723 static bool 01724 have_createdb_privilege(void) 01725 { 01726 bool result = false; 01727 HeapTuple utup; 01728 01729 /* Superusers can always do everything */ 01730 if (superuser()) 01731 return true; 01732 01733 utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetUserId())); 01734 if (HeapTupleIsValid(utup)) 01735 { 01736 result = ((Form_pg_authid) GETSTRUCT(utup))->rolcreatedb; 01737 ReleaseSysCache(utup); 01738 } 01739 return result; 01740 } 01741 01742 /* 01743 * Remove tablespace directories 01744 * 01745 * We don't know what tablespaces db_id is using, so iterate through all 01746 * tablespaces removing <tablespace>/db_id 01747 */ 01748 static void 01749 remove_dbtablespaces(Oid db_id) 01750 { 01751 Relation rel; 01752 HeapScanDesc scan; 01753 HeapTuple tuple; 01754 Snapshot snapshot; 01755 01756 /* 01757 * As in createdb(), we'd better use an MVCC snapshot here, since this 01758 * scan can run for a long time. Duplicate visits to tablespaces would be 01759 * harmless, but missing a tablespace could result in permanently leaked 01760 * files. 01761 * 01762 * XXX change this when a generic fix for SnapshotNow races is implemented 01763 */ 01764 snapshot = RegisterSnapshot(GetLatestSnapshot()); 01765 01766 rel = heap_open(TableSpaceRelationId, AccessShareLock); 01767 scan = heap_beginscan(rel, snapshot, 0, NULL); 01768 while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL) 01769 { 01770 Oid dsttablespace = HeapTupleGetOid(tuple); 01771 char *dstpath; 01772 struct stat st; 01773 01774 /* Don't mess with the global tablespace */ 01775 if (dsttablespace == GLOBALTABLESPACE_OID) 01776 continue; 01777 01778 dstpath = GetDatabasePath(db_id, dsttablespace); 01779 01780 if (lstat(dstpath, &st) < 0 || !S_ISDIR(st.st_mode)) 01781 { 01782 /* Assume we can ignore it */ 01783 pfree(dstpath); 01784 continue; 01785 } 01786 01787 if (!rmtree(dstpath, true)) 01788 ereport(WARNING, 01789 (errmsg("some useless files may be left behind in old database directory \"%s\"", 01790 dstpath))); 01791 01792 /* Record the filesystem change in XLOG */ 01793 { 01794 xl_dbase_drop_rec xlrec; 01795 XLogRecData rdata[1]; 01796 01797 xlrec.db_id = db_id; 01798 xlrec.tablespace_id = dsttablespace; 01799 01800 rdata[0].data = (char *) &xlrec; 01801 rdata[0].len = sizeof(xl_dbase_drop_rec); 01802 rdata[0].buffer = InvalidBuffer; 01803 rdata[0].next = NULL; 01804 01805 (void) XLogInsert(RM_DBASE_ID, XLOG_DBASE_DROP, rdata); 01806 } 01807 01808 pfree(dstpath); 01809 } 01810 01811 heap_endscan(scan); 01812 heap_close(rel, AccessShareLock); 01813 UnregisterSnapshot(snapshot); 01814 } 01815 01816 /* 01817 * Check for existing files that conflict with a proposed new DB OID; 01818 * return TRUE if there are any 01819 * 01820 * If there were a subdirectory in any tablespace matching the proposed new 01821 * OID, we'd get a create failure due to the duplicate name ... and then we'd 01822 * try to remove that already-existing subdirectory during the cleanup in 01823 * remove_dbtablespaces. Nuking existing files seems like a bad idea, so 01824 * instead we make this extra check before settling on the OID of the new 01825 * database. This exactly parallels what GetNewRelFileNode() does for table 01826 * relfilenode values. 01827 */ 01828 static bool 01829 check_db_file_conflict(Oid db_id) 01830 { 01831 bool result = false; 01832 Relation rel; 01833 HeapScanDesc scan; 01834 HeapTuple tuple; 01835 Snapshot snapshot; 01836 01837 /* 01838 * As in createdb(), we'd better use an MVCC snapshot here; missing a 01839 * tablespace could result in falsely reporting the OID is unique, with 01840 * disastrous future consequences per the comment above. 01841 * 01842 * XXX change this when a generic fix for SnapshotNow races is implemented 01843 */ 01844 snapshot = RegisterSnapshot(GetLatestSnapshot()); 01845 01846 rel = heap_open(TableSpaceRelationId, AccessShareLock); 01847 scan = heap_beginscan(rel, snapshot, 0, NULL); 01848 while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL) 01849 { 01850 Oid dsttablespace = HeapTupleGetOid(tuple); 01851 char *dstpath; 01852 struct stat st; 01853 01854 /* Don't mess with the global tablespace */ 01855 if (dsttablespace == GLOBALTABLESPACE_OID) 01856 continue; 01857 01858 dstpath = GetDatabasePath(db_id, dsttablespace); 01859 01860 if (lstat(dstpath, &st) == 0) 01861 { 01862 /* Found a conflicting file (or directory, whatever) */ 01863 pfree(dstpath); 01864 result = true; 01865 break; 01866 } 01867 01868 pfree(dstpath); 01869 } 01870 01871 heap_endscan(scan); 01872 heap_close(rel, AccessShareLock); 01873 UnregisterSnapshot(snapshot); 01874 01875 return result; 01876 } 01877 01878 /* 01879 * Issue a suitable errdetail message for a busy database 01880 */ 01881 static int 01882 errdetail_busy_db(int notherbackends, int npreparedxacts) 01883 { 01884 if (notherbackends > 0 && npreparedxacts > 0) 01885 /* We don't deal with singular versus plural here, since gettext 01886 * doesn't support multiple plurals in one string. */ 01887 errdetail("There are %d other session(s) and %d prepared transaction(s) using the database.", 01888 notherbackends, npreparedxacts); 01889 else if (notherbackends > 0) 01890 errdetail_plural("There is %d other session using the database.", 01891 "There are %d other sessions using the database.", 01892 notherbackends, 01893 notherbackends); 01894 else 01895 errdetail_plural("There is %d prepared transaction using the database.", 01896 "There are %d prepared transactions using the database.", 01897 npreparedxacts, 01898 npreparedxacts); 01899 return 0; /* just to keep ereport macro happy */ 01900 } 01901 01902 /* 01903 * get_database_oid - given a database name, look up the OID 01904 * 01905 * If missing_ok is false, throw an error if database name not found. If 01906 * true, just return InvalidOid. 01907 */ 01908 Oid 01909 get_database_oid(const char *dbname, bool missing_ok) 01910 { 01911 Relation pg_database; 01912 ScanKeyData entry[1]; 01913 SysScanDesc scan; 01914 HeapTuple dbtuple; 01915 Oid oid; 01916 01917 /* 01918 * There's no syscache for pg_database indexed by name, so we must look 01919 * the hard way. 01920 */ 01921 pg_database = heap_open(DatabaseRelationId, AccessShareLock); 01922 ScanKeyInit(&entry[0], 01923 Anum_pg_database_datname, 01924 BTEqualStrategyNumber, F_NAMEEQ, 01925 CStringGetDatum(dbname)); 01926 scan = systable_beginscan(pg_database, DatabaseNameIndexId, true, 01927 SnapshotNow, 1, entry); 01928 01929 dbtuple = systable_getnext(scan); 01930 01931 /* We assume that there can be at most one matching tuple */ 01932 if (HeapTupleIsValid(dbtuple)) 01933 oid = HeapTupleGetOid(dbtuple); 01934 else 01935 oid = InvalidOid; 01936 01937 systable_endscan(scan); 01938 heap_close(pg_database, AccessShareLock); 01939 01940 if (!OidIsValid(oid) && !missing_ok) 01941 ereport(ERROR, 01942 (errcode(ERRCODE_UNDEFINED_DATABASE), 01943 errmsg("database \"%s\" does not exist", 01944 dbname))); 01945 01946 return oid; 01947 } 01948 01949 01950 /* 01951 * get_database_name - given a database OID, look up the name 01952 * 01953 * Returns a palloc'd string, or NULL if no such database. 01954 */ 01955 char * 01956 get_database_name(Oid dbid) 01957 { 01958 HeapTuple dbtuple; 01959 char *result; 01960 01961 dbtuple = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(dbid)); 01962 if (HeapTupleIsValid(dbtuple)) 01963 { 01964 result = pstrdup(NameStr(((Form_pg_database) GETSTRUCT(dbtuple))->datname)); 01965 ReleaseSysCache(dbtuple); 01966 } 01967 else 01968 result = NULL; 01969 01970 return result; 01971 } 01972 01973 /* 01974 * DATABASE resource manager's routines 01975 */ 01976 void 01977 dbase_redo(XLogRecPtr lsn, XLogRecord *record) 01978 { 01979 uint8 info = record->xl_info & ~XLR_INFO_MASK; 01980 01981 /* Backup blocks are not used in dbase records */ 01982 Assert(!(record->xl_info & XLR_BKP_BLOCK_MASK)); 01983 01984 if (info == XLOG_DBASE_CREATE) 01985 { 01986 xl_dbase_create_rec *xlrec = (xl_dbase_create_rec *) XLogRecGetData(record); 01987 char *src_path; 01988 char *dst_path; 01989 struct stat st; 01990 01991 src_path = GetDatabasePath(xlrec->src_db_id, xlrec->src_tablespace_id); 01992 dst_path = GetDatabasePath(xlrec->db_id, xlrec->tablespace_id); 01993 01994 /* 01995 * Our theory for replaying a CREATE is to forcibly drop the target 01996 * subdirectory if present, then re-copy the source data. This may be 01997 * more work than needed, but it is simple to implement. 01998 */ 01999 if (stat(dst_path, &st) == 0 && S_ISDIR(st.st_mode)) 02000 { 02001 if (!rmtree(dst_path, true)) 02002 /* If this failed, copydir() below is going to error. */ 02003 ereport(WARNING, 02004 (errmsg("some useless files may be left behind in old database directory \"%s\"", 02005 dst_path))); 02006 } 02007 02008 /* 02009 * Force dirty buffers out to disk, to ensure source database is 02010 * up-to-date for the copy. 02011 */ 02012 FlushDatabaseBuffers(xlrec->src_db_id); 02013 02014 /* 02015 * Copy this subdirectory to the new location 02016 * 02017 * We don't need to copy subdirectories 02018 */ 02019 copydir(src_path, dst_path, false); 02020 } 02021 else if (info == XLOG_DBASE_DROP) 02022 { 02023 xl_dbase_drop_rec *xlrec = (xl_dbase_drop_rec *) XLogRecGetData(record); 02024 char *dst_path; 02025 02026 dst_path = GetDatabasePath(xlrec->db_id, xlrec->tablespace_id); 02027 02028 if (InHotStandby) 02029 { 02030 /* 02031 * Lock database while we resolve conflicts to ensure that 02032 * InitPostgres() cannot fully re-execute concurrently. This 02033 * avoids backends re-connecting automatically to same database, 02034 * which can happen in some cases. 02035 */ 02036 LockSharedObjectForSession(DatabaseRelationId, xlrec->db_id, 0, AccessExclusiveLock); 02037 ResolveRecoveryConflictWithDatabase(xlrec->db_id); 02038 } 02039 02040 /* Drop pages for this database that are in the shared buffer cache */ 02041 DropDatabaseBuffers(xlrec->db_id); 02042 02043 /* Also, clean out any fsync requests that might be pending in md.c */ 02044 ForgetDatabaseFsyncRequests(xlrec->db_id); 02045 02046 /* Clean out the xlog relcache too */ 02047 XLogDropDatabase(xlrec->db_id); 02048 02049 /* And remove the physical files */ 02050 if (!rmtree(dst_path, true)) 02051 ereport(WARNING, 02052 (errmsg("some useless files may be left behind in old database directory \"%s\"", 02053 dst_path))); 02054 02055 if (InHotStandby) 02056 { 02057 /* 02058 * Release locks prior to commit. XXX There is a race condition 02059 * here that may allow backends to reconnect, but the window for 02060 * this is small because the gap between here and commit is mostly 02061 * fairly small and it is unlikely that people will be dropping 02062 * databases that we are trying to connect to anyway. 02063 */ 02064 UnlockSharedObjectForSession(DatabaseRelationId, xlrec->db_id, 0, AccessExclusiveLock); 02065 } 02066 } 02067 else 02068 elog(PANIC, "dbase_redo: unknown op code %u", info); 02069 }
1.7.1