1996-07-09 08:22:35 +02:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
*
|
1999-02-14 00:22:53 +01:00
|
|
|
* be-fsstubs.c
|
2004-07-28 16:23:31 +02:00
|
|
|
* Builtin functions for open/close/read/write operations on large objects
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
2014-01-07 22:05:30 +01:00
|
|
|
* Portions Copyright (c) 1996-2014, PostgreSQL Global Development Group
|
2000-01-26 06:58:53 +01:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
*
|
|
|
|
* IDENTIFICATION
|
2010-09-20 22:08:53 +02:00
|
|
|
* src/backend/libpq/be-fsstubs.c
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
* NOTES
|
1997-09-07 07:04:48 +02:00
|
|
|
* This should be moved to a more appropriate place. It is here
|
|
|
|
* for lack of a better place.
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
2006-04-26 02:34:57 +02:00
|
|
|
* These functions store LargeObjectDesc structs in a private MemoryContext,
|
|
|
|
* which means that large object descriptors hang around until we destroy
|
|
|
|
* the context at transaction end. It'd be possible to prolong the lifetime
|
1999-06-01 00:53:59 +02:00
|
|
|
* of the context so that LO FDs are good across transactions (for example,
|
|
|
|
* we could release the context only if we see that no FDs remain open).
|
|
|
|
* But we'd need additional state in order to do the right thing at the
|
|
|
|
* end of an aborted transaction. FDs opened during an aborted xact would
|
|
|
|
* still need to be closed, since they might not be pointing at valid
|
2000-06-28 05:33:33 +02:00
|
|
|
* relations at all. Locking semantics are also an interesting problem
|
|
|
|
* if LOs stay open across transactions. For now, we'll stick with the
|
|
|
|
* existing documented semantics of LO FDs: they're only good within a
|
|
|
|
* transaction.
|
1999-06-01 00:53:59 +02:00
|
|
|
*
|
2004-08-04 23:34:35 +02:00
|
|
|
* As of PostgreSQL 8.0, much of the angst expressed above is no longer
|
2004-07-28 16:23:31 +02:00
|
|
|
* relevant, and in fact it'd be pretty easy to allow LO FDs to stay
|
2006-04-26 02:34:57 +02:00
|
|
|
* open across transactions. (Snapshot relevancy would still be an issue.)
|
|
|
|
* However backwards compatibility suggests that we should stick to the
|
|
|
|
* status quo.
|
2004-07-28 16:23:31 +02:00
|
|
|
*
|
1996-07-09 08:22:35 +02:00
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
*/
|
|
|
|
|
2000-10-24 03:38:44 +02:00
|
|
|
#include "postgres.h"
|
|
|
|
|
1996-11-06 09:48:33 +01:00
|
|
|
#include <fcntl.h>
|
1996-11-15 19:38:20 +01:00
|
|
|
#include <sys/stat.h>
|
1996-11-06 09:48:33 +01:00
|
|
|
#include <unistd.h>
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1999-07-16 01:04:24 +02:00
|
|
|
#include "libpq/be-fsstubs.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "libpq/libpq-fs.h"
|
2001-06-13 23:44:41 +02:00
|
|
|
#include "miscadmin.h"
|
2004-02-10 02:55:27 +01:00
|
|
|
#include "storage/fd.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "storage/large_object.h"
|
2009-12-11 04:34:57 +01:00
|
|
|
#include "utils/acl.h"
|
2008-03-25 23:42:46 +01:00
|
|
|
#include "utils/builtins.h"
|
2000-07-17 05:05:41 +02:00
|
|
|
#include "utils/memutils.h"
|
|
|
|
|
2009-12-11 04:34:57 +01:00
|
|
|
/*
|
|
|
|
* compatibility flag for permission checks
|
|
|
|
*/
|
2010-02-26 03:01:40 +01:00
|
|
|
bool lo_compat_privileges;
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2012-10-09 00:24:06 +02:00
|
|
|
/* define this to enable debug logging */
|
|
|
|
/* #define FSDB 1 */
|
|
|
|
/* chunk size for lo_import/lo_export transfers */
|
2000-10-24 03:38:44 +02:00
|
|
|
#define BUFSIZE 8192
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2000-06-09 03:11:16 +02:00
|
|
|
/*
|
2000-10-24 05:14:08 +02:00
|
|
|
* LO "FD"s are indexes into the cookies array.
|
|
|
|
*
|
2000-06-09 03:11:16 +02:00
|
|
|
* A non-null entry is a pointer to a LargeObjectDesc allocated in the
|
2006-04-26 02:34:57 +02:00
|
|
|
* LO private memory context "fscxt". The cookies array itself is also
|
|
|
|
* dynamically allocated in that context. Its current allocated size is
|
|
|
|
* cookies_len entries, of which any unused entries will be NULL.
|
2000-06-09 03:11:16 +02:00
|
|
|
*/
|
2000-10-24 05:14:08 +02:00
|
|
|
static LargeObjectDesc **cookies = NULL;
|
2001-03-22 05:01:46 +01:00
|
|
|
static int cookies_size = 0;
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2000-06-28 05:33:33 +02:00
|
|
|
static MemoryContext fscxt = NULL;
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2004-09-11 17:56:46 +02:00
|
|
|
#define CreateFSContext() \
|
|
|
|
do { \
|
|
|
|
if (fscxt == NULL) \
|
|
|
|
fscxt = AllocSetContextCreate(TopMemoryContext, \
|
|
|
|
"Filesystem", \
|
|
|
|
ALLOCSET_DEFAULT_MINSIZE, \
|
|
|
|
ALLOCSET_DEFAULT_INITSIZE, \
|
|
|
|
ALLOCSET_DEFAULT_MAXSIZE); \
|
|
|
|
} while (0)
|
2005-10-15 04:49:52 +02:00
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1997-09-08 23:56:23 +02:00
|
|
|
static int newLOfd(LargeObjectDesc *lobjCookie);
|
1997-09-08 04:41:22 +02:00
|
|
|
static void deleteLOfd(int fd);
|
2009-06-11 16:49:15 +02:00
|
|
|
static Oid lo_import_internal(text *filename, Oid lobjOid);
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2004-07-28 16:23:31 +02:00
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
/*****************************************************************************
|
1997-09-07 07:04:48 +02:00
|
|
|
* File Interfaces for Large Objects
|
1996-07-09 08:22:35 +02:00
|
|
|
*****************************************************************************/
|
|
|
|
|
2000-06-09 03:11:16 +02:00
|
|
|
Datum
|
|
|
|
lo_open(PG_FUNCTION_ARGS)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2000-06-09 03:11:16 +02:00
|
|
|
Oid lobjId = PG_GETARG_OID(0);
|
|
|
|
int32 mode = PG_GETARG_INT32(1);
|
1997-09-07 07:04:48 +02:00
|
|
|
LargeObjectDesc *lobjDesc;
|
1997-09-08 04:41:22 +02:00
|
|
|
int fd;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
#if FSDB
|
2003-05-27 19:49:47 +02:00
|
|
|
elog(DEBUG4, "lo_open(%u,%d)", lobjId, mode);
|
1996-07-09 08:22:35 +02:00
|
|
|
#endif
|
|
|
|
|
2004-09-11 17:56:46 +02:00
|
|
|
CreateFSContext();
|
2000-06-28 05:33:33 +02:00
|
|
|
|
2006-04-26 02:34:57 +02:00
|
|
|
lobjDesc = inv_open(lobjId, mode, fscxt);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
if (lobjDesc == NULL)
|
|
|
|
{ /* lookup failed */
|
|
|
|
#if FSDB
|
2003-07-28 02:09:16 +02:00
|
|
|
elog(DEBUG4, "could not open large object %u", lobjId);
|
1996-07-09 08:22:35 +02:00
|
|
|
#endif
|
2000-06-09 03:11:16 +02:00
|
|
|
PG_RETURN_INT32(-1);
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
fd = newLOfd(lobjDesc);
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2000-06-09 03:11:16 +02:00
|
|
|
PG_RETURN_INT32(fd);
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
2000-06-09 03:11:16 +02:00
|
|
|
Datum
|
|
|
|
lo_close(PG_FUNCTION_ARGS)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2000-06-09 03:11:16 +02:00
|
|
|
int32 fd = PG_GETARG_INT32(0);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2000-10-24 05:14:08 +02:00
|
|
|
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
errmsg("invalid large-object descriptor: %d", fd)));
|
2007-03-03 20:52:47 +01:00
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
#if FSDB
|
2003-05-27 19:49:47 +02:00
|
|
|
elog(DEBUG4, "lo_close(%d)", fd);
|
1996-07-09 08:22:35 +02:00
|
|
|
#endif
|
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
inv_close(cookies[fd]);
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
deleteLOfd(fd);
|
2000-06-09 03:11:16 +02:00
|
|
|
|
|
|
|
PG_RETURN_INT32(0);
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
2000-06-09 03:11:16 +02:00
|
|
|
|
|
|
|
/*****************************************************************************
|
|
|
|
* Bare Read/Write operations --- these are not fmgr-callable!
|
|
|
|
*
|
1997-09-07 07:04:48 +02:00
|
|
|
* We assume the large object supports byte oriented reads and seeks so
|
|
|
|
* that our work is easier.
|
2000-06-09 03:11:16 +02:00
|
|
|
*
|
|
|
|
*****************************************************************************/
|
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
int
|
|
|
|
lo_read(int fd, char *buf, int len)
|
|
|
|
{
|
1999-05-25 18:15:34 +02:00
|
|
|
int status;
|
2012-10-09 22:38:00 +02:00
|
|
|
LargeObjectDesc *lobj;
|
1999-05-09 17:00:18 +02:00
|
|
|
|
2000-10-24 05:14:08 +02:00
|
|
|
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
errmsg("invalid large-object descriptor: %d", fd)));
|
2012-10-09 22:38:00 +02:00
|
|
|
lobj = cookies[fd];
|
1999-06-01 00:53:59 +02:00
|
|
|
|
2012-10-09 22:38:00 +02:00
|
|
|
/* We don't bother to check IFS_RDLOCK, since it's always set */
|
|
|
|
|
|
|
|
/* Permission checks --- first time through only */
|
|
|
|
if ((lobj->flags & IFS_RD_PERM_OK) == 0)
|
|
|
|
{
|
|
|
|
if (!lo_compat_privileges &&
|
|
|
|
pg_largeobject_aclcheck_snapshot(lobj->id,
|
|
|
|
GetUserId(),
|
|
|
|
ACL_SELECT,
|
|
|
|
lobj->snapshot) != ACLCHECK_OK)
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
errmsg("permission denied for large object %u",
|
|
|
|
lobj->id)));
|
|
|
|
lobj->flags |= IFS_RD_PERM_OK;
|
|
|
|
}
|
2009-12-11 04:34:57 +01:00
|
|
|
|
2012-10-09 22:38:00 +02:00
|
|
|
status = inv_read(lobj, buf, len);
|
1999-05-09 02:54:30 +02:00
|
|
|
|
2000-06-09 03:11:16 +02:00
|
|
|
return status;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2006-09-07 17:37:25 +02:00
|
|
|
lo_write(int fd, const char *buf, int len)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1999-05-25 18:15:34 +02:00
|
|
|
int status;
|
2012-10-09 22:38:00 +02:00
|
|
|
LargeObjectDesc *lobj;
|
1999-05-09 17:00:18 +02:00
|
|
|
|
2000-10-24 05:14:08 +02:00
|
|
|
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
errmsg("invalid large-object descriptor: %d", fd)));
|
2012-10-09 22:38:00 +02:00
|
|
|
lobj = cookies[fd];
|
1999-06-01 00:53:59 +02:00
|
|
|
|
2012-10-09 22:38:00 +02:00
|
|
|
if ((lobj->flags & IFS_WRLOCK) == 0)
|
2005-06-13 04:26:53 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
|
2005-10-15 04:49:52 +02:00
|
|
|
errmsg("large object descriptor %d was not opened for writing",
|
|
|
|
fd)));
|
2005-06-13 04:26:53 +02:00
|
|
|
|
2012-10-09 22:38:00 +02:00
|
|
|
/* Permission checks --- first time through only */
|
|
|
|
if ((lobj->flags & IFS_WR_PERM_OK) == 0)
|
|
|
|
{
|
|
|
|
if (!lo_compat_privileges &&
|
|
|
|
pg_largeobject_aclcheck_snapshot(lobj->id,
|
|
|
|
GetUserId(),
|
|
|
|
ACL_UPDATE,
|
|
|
|
lobj->snapshot) != ACLCHECK_OK)
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
errmsg("permission denied for large object %u",
|
|
|
|
lobj->id)));
|
|
|
|
lobj->flags |= IFS_WR_PERM_OK;
|
|
|
|
}
|
2009-12-11 04:34:57 +01:00
|
|
|
|
2012-10-09 22:38:00 +02:00
|
|
|
status = inv_write(lobj, buf, len);
|
1999-05-09 02:54:30 +02:00
|
|
|
|
2000-06-09 03:11:16 +02:00
|
|
|
return status;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
2000-06-09 03:11:16 +02:00
|
|
|
Datum
|
|
|
|
lo_lseek(PG_FUNCTION_ARGS)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2000-06-09 03:11:16 +02:00
|
|
|
int32 fd = PG_GETARG_INT32(0);
|
|
|
|
int32 offset = PG_GETARG_INT32(1);
|
|
|
|
int32 whence = PG_GETARG_INT32(2);
|
2012-10-07 01:36:48 +02:00
|
|
|
int64 status;
|
1997-03-18 22:30:41 +01:00
|
|
|
|
2000-10-24 05:14:08 +02:00
|
|
|
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
errmsg("invalid large-object descriptor: %d", fd)));
|
1997-03-18 22:30:41 +01:00
|
|
|
|
1999-06-01 00:53:59 +02:00
|
|
|
status = inv_seek(cookies[fd], offset, whence);
|
1997-03-18 22:30:41 +01:00
|
|
|
|
2012-10-09 00:24:06 +02:00
|
|
|
/* guard against result overflow */
|
|
|
|
if (status != (int32) status)
|
2012-10-07 01:36:48 +02:00
|
|
|
ereport(ERROR,
|
2012-10-09 00:24:06 +02:00
|
|
|
(errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE),
|
2012-10-09 22:38:00 +02:00
|
|
|
errmsg("lo_lseek result out of range for large-object descriptor %d",
|
|
|
|
fd)));
|
2012-10-07 01:36:48 +02:00
|
|
|
|
2012-10-09 00:24:06 +02:00
|
|
|
PG_RETURN_INT32((int32) status);
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
2012-10-07 01:36:48 +02:00
|
|
|
Datum
|
|
|
|
lo_lseek64(PG_FUNCTION_ARGS)
|
|
|
|
{
|
|
|
|
int32 fd = PG_GETARG_INT32(0);
|
|
|
|
int64 offset = PG_GETARG_INT64(1);
|
|
|
|
int32 whence = PG_GETARG_INT32(2);
|
2012-10-09 00:24:06 +02:00
|
|
|
int64 status;
|
2012-10-07 01:36:48 +02:00
|
|
|
|
|
|
|
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
errmsg("invalid large-object descriptor: %d", fd)));
|
|
|
|
|
|
|
|
status = inv_seek(cookies[fd], offset, whence);
|
|
|
|
|
|
|
|
PG_RETURN_INT64(status);
|
|
|
|
}
|
|
|
|
|
2000-06-09 03:11:16 +02:00
|
|
|
Datum
|
|
|
|
lo_creat(PG_FUNCTION_ARGS)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1997-09-08 04:41:22 +02:00
|
|
|
Oid lobjId;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2006-04-26 02:34:57 +02:00
|
|
|
/*
|
|
|
|
* We don't actually need to store into fscxt, but create it anyway to
|
|
|
|
* ensure that AtEOXact_LargeObject knows there is state to clean up
|
|
|
|
*/
|
2004-09-11 17:56:46 +02:00
|
|
|
CreateFSContext();
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2005-06-13 04:26:53 +02:00
|
|
|
lobjId = inv_create(InvalidOid);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2005-06-13 04:26:53 +02:00
|
|
|
PG_RETURN_OID(lobjId);
|
|
|
|
}
|
|
|
|
|
|
|
|
Datum
|
|
|
|
lo_create(PG_FUNCTION_ARGS)
|
|
|
|
{
|
|
|
|
Oid lobjId = PG_GETARG_OID(0);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2006-04-26 02:34:57 +02:00
|
|
|
/*
|
|
|
|
* We don't actually need to store into fscxt, but create it anyway to
|
|
|
|
* ensure that AtEOXact_LargeObject knows there is state to clean up
|
|
|
|
*/
|
2005-06-13 04:26:53 +02:00
|
|
|
CreateFSContext();
|
|
|
|
|
|
|
|
lobjId = inv_create(lobjId);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2000-06-09 03:11:16 +02:00
|
|
|
PG_RETURN_OID(lobjId);
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
2000-06-09 03:11:16 +02:00
|
|
|
Datum
|
|
|
|
lo_tell(PG_FUNCTION_ARGS)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2000-06-09 03:11:16 +02:00
|
|
|
int32 fd = PG_GETARG_INT32(0);
|
2012-10-09 00:24:06 +02:00
|
|
|
int64 offset;
|
2000-06-09 03:11:16 +02:00
|
|
|
|
2000-10-24 05:14:08 +02:00
|
|
|
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
errmsg("invalid large-object descriptor: %d", fd)));
|
1999-06-01 00:53:59 +02:00
|
|
|
|
2012-10-07 01:36:48 +02:00
|
|
|
offset = inv_tell(cookies[fd]);
|
|
|
|
|
2012-10-09 00:24:06 +02:00
|
|
|
/* guard against result overflow */
|
|
|
|
if (offset != (int32) offset)
|
2012-10-07 01:36:48 +02:00
|
|
|
ereport(ERROR,
|
2012-10-09 00:24:06 +02:00
|
|
|
(errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE),
|
2012-10-09 22:38:00 +02:00
|
|
|
errmsg("lo_tell result out of range for large-object descriptor %d",
|
|
|
|
fd)));
|
2012-10-07 01:36:48 +02:00
|
|
|
|
2012-10-09 00:24:06 +02:00
|
|
|
PG_RETURN_INT32((int32) offset);
|
2012-10-07 01:36:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
Datum
|
|
|
|
lo_tell64(PG_FUNCTION_ARGS)
|
|
|
|
{
|
|
|
|
int32 fd = PG_GETARG_INT32(0);
|
2012-10-09 00:24:06 +02:00
|
|
|
int64 offset;
|
2012-10-07 01:36:48 +02:00
|
|
|
|
|
|
|
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
errmsg("invalid large-object descriptor: %d", fd)));
|
|
|
|
|
2012-10-09 00:24:06 +02:00
|
|
|
offset = inv_tell(cookies[fd]);
|
|
|
|
|
|
|
|
PG_RETURN_INT64(offset);
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
2000-06-09 03:11:16 +02:00
|
|
|
Datum
|
|
|
|
lo_unlink(PG_FUNCTION_ARGS)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2000-06-09 03:11:16 +02:00
|
|
|
Oid lobjId = PG_GETARG_OID(0);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2009-12-11 04:34:57 +01:00
|
|
|
/* Must be owner of the largeobject */
|
|
|
|
if (!lo_compat_privileges &&
|
|
|
|
!pg_largeobject_ownercheck(lobjId, GetUserId()))
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
errmsg("must be owner of large object %u", lobjId)));
|
|
|
|
|
2000-10-24 05:14:08 +02:00
|
|
|
/*
|
|
|
|
* If there are any open LO FDs referencing that ID, close 'em.
|
|
|
|
*/
|
|
|
|
if (fscxt != NULL)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < cookies_size; i++)
|
|
|
|
{
|
|
|
|
if (cookies[i] != NULL && cookies[i]->id == lobjId)
|
|
|
|
{
|
|
|
|
inv_close(cookies[i]);
|
|
|
|
deleteLOfd(i);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
1999-06-01 00:53:59 +02:00
|
|
|
/*
|
2006-04-26 02:34:57 +02:00
|
|
|
* inv_drop does not create a need for end-of-transaction cleanup and
|
|
|
|
* hence we don't need to have created fscxt.
|
1999-06-01 00:53:59 +02:00
|
|
|
*/
|
2000-06-09 03:11:16 +02:00
|
|
|
PG_RETURN_INT32(inv_drop(lobjId));
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*****************************************************************************
|
2000-06-09 03:11:16 +02:00
|
|
|
* Read/Write using bytea
|
1996-07-09 08:22:35 +02:00
|
|
|
*****************************************************************************/
|
|
|
|
|
2000-06-09 03:11:16 +02:00
|
|
|
Datum
|
|
|
|
loread(PG_FUNCTION_ARGS)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2000-06-09 03:11:16 +02:00
|
|
|
int32 fd = PG_GETARG_INT32(0);
|
|
|
|
int32 len = PG_GETARG_INT32(1);
|
2002-08-25 19:20:01 +02:00
|
|
|
bytea *retval;
|
2000-06-09 03:11:16 +02:00
|
|
|
int totalread;
|
|
|
|
|
|
|
|
if (len < 0)
|
|
|
|
len = 0;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2002-08-25 19:20:01 +02:00
|
|
|
retval = (bytea *) palloc(VARHDRSZ + len);
|
1997-09-07 07:04:48 +02:00
|
|
|
totalread = lo_read(fd, VARDATA(retval), len);
|
2007-02-28 00:48:10 +01:00
|
|
|
SET_VARSIZE(retval, totalread + VARHDRSZ);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2002-08-25 19:20:01 +02:00
|
|
|
PG_RETURN_BYTEA_P(retval);
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
2000-06-09 03:11:16 +02:00
|
|
|
Datum
|
|
|
|
lowrite(PG_FUNCTION_ARGS)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2001-03-22 05:01:46 +01:00
|
|
|
int32 fd = PG_GETARG_INT32(0);
|
2002-08-25 19:20:01 +02:00
|
|
|
bytea *wbuf = PG_GETARG_BYTEA_P(1);
|
2001-03-22 05:01:46 +01:00
|
|
|
int bytestowrite;
|
|
|
|
int totalwritten;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1997-12-08 05:42:48 +01:00
|
|
|
bytestowrite = VARSIZE(wbuf) - VARHDRSZ;
|
1997-09-07 07:04:48 +02:00
|
|
|
totalwritten = lo_write(fd, VARDATA(wbuf), bytestowrite);
|
2000-06-09 03:11:16 +02:00
|
|
|
PG_RETURN_INT32(totalwritten);
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*****************************************************************************
|
1997-09-07 07:04:48 +02:00
|
|
|
* Import/Export of Large Object
|
1996-07-09 08:22:35 +02:00
|
|
|
*****************************************************************************/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* lo_import -
|
1997-09-07 07:04:48 +02:00
|
|
|
* imports a file as an (inversion) large object.
|
1996-07-09 08:22:35 +02:00
|
|
|
*/
|
2000-06-09 03:11:16 +02:00
|
|
|
Datum
|
|
|
|
lo_import(PG_FUNCTION_ARGS)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2008-03-25 23:42:46 +01:00
|
|
|
text *filename = PG_GETARG_TEXT_PP(0);
|
2008-03-22 02:55:14 +01:00
|
|
|
|
|
|
|
PG_RETURN_OID(lo_import_internal(filename, InvalidOid));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* lo_import_with_oid -
|
|
|
|
* imports a file as an (inversion) large object specifying oid.
|
|
|
|
*/
|
|
|
|
Datum
|
|
|
|
lo_import_with_oid(PG_FUNCTION_ARGS)
|
|
|
|
{
|
2008-03-25 23:42:46 +01:00
|
|
|
text *filename = PG_GETARG_TEXT_PP(0);
|
2009-06-11 16:49:15 +02:00
|
|
|
Oid oid = PG_GETARG_OID(1);
|
2008-03-22 02:55:14 +01:00
|
|
|
|
|
|
|
PG_RETURN_OID(lo_import_internal(filename, oid));
|
|
|
|
}
|
|
|
|
|
|
|
|
static Oid
|
|
|
|
lo_import_internal(text *filename, Oid lobjOid)
|
|
|
|
{
|
Add OpenTransientFile, with automatic cleanup at end-of-xact.
Files opened with BasicOpenFile or PathNameOpenFile are not automatically
cleaned up on error. That puts unnecessary burden on callers that only want
to keep the file open for a short time. There is AllocateFile, but that
returns a buffered FILE * stream, which in many cases is not the nicest API
to work with. So add function called OpenTransientFile, which returns a
unbuffered fd that's cleaned up like the FILE* returned by AllocateFile().
This plugs a few rare fd leaks in error cases:
1. copy_file() - fixed by by using OpenTransientFile instead of BasicOpenFile
2. XLogFileInit() - fixed by adding close() calls to the error cases. Can't
use OpenTransientFile here because the fd is supposed to persist over
transaction boundaries.
3. lo_import/lo_export - fixed by using OpenTransientFile instead of
PathNameOpenFile.
In addition to plugging those leaks, this replaces many BasicOpenFile() calls
with OpenTransientFile() that were not leaking, because the code meticulously
closed the file on error. That wasn't strictly necessary, but IMHO it's good
for robustness.
The same leaks exist in older versions, but given the rarity of the issues,
I'm not backpatching this. Not yet, anyway - it might be good to backpatch
later, after this mechanism has had some more testing in master branch.
2012-11-27 09:25:50 +01:00
|
|
|
int fd;
|
1997-09-08 04:41:22 +02:00
|
|
|
int nbytes,
|
2012-03-21 22:30:14 +01:00
|
|
|
tmp PG_USED_FOR_ASSERTS_ONLY;
|
1997-09-08 04:41:22 +02:00
|
|
|
char buf[BUFSIZE];
|
2000-10-24 03:38:44 +02:00
|
|
|
char fnamebuf[MAXPGPATH];
|
1997-09-07 07:04:48 +02:00
|
|
|
LargeObjectDesc *lobj;
|
2009-06-11 16:49:15 +02:00
|
|
|
Oid oid;
|
|
|
|
|
1999-06-04 23:13:38 +02:00
|
|
|
#ifndef ALLOW_DANGEROUS_LO_FUNCTIONS
|
1999-06-01 00:53:59 +02:00
|
|
|
if (!superuser())
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2005-10-15 04:49:52 +02:00
|
|
|
errmsg("must be superuser to use server-side lo_import()"),
|
2003-07-22 21:00:12 +02:00
|
|
|
errhint("Anyone can use the client-side lo_import() provided by libpq.")));
|
1999-06-04 23:13:38 +02:00
|
|
|
#endif
|
1999-06-01 00:53:59 +02:00
|
|
|
|
2004-09-11 17:56:46 +02:00
|
|
|
CreateFSContext();
|
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
/*
|
|
|
|
* open the file to be read in
|
|
|
|
*/
|
2008-03-25 23:42:46 +01:00
|
|
|
text_to_cstring_buffer(filename, fnamebuf, sizeof(fnamebuf));
|
Add OpenTransientFile, with automatic cleanup at end-of-xact.
Files opened with BasicOpenFile or PathNameOpenFile are not automatically
cleaned up on error. That puts unnecessary burden on callers that only want
to keep the file open for a short time. There is AllocateFile, but that
returns a buffered FILE * stream, which in many cases is not the nicest API
to work with. So add function called OpenTransientFile, which returns a
unbuffered fd that's cleaned up like the FILE* returned by AllocateFile().
This plugs a few rare fd leaks in error cases:
1. copy_file() - fixed by by using OpenTransientFile instead of BasicOpenFile
2. XLogFileInit() - fixed by adding close() calls to the error cases. Can't
use OpenTransientFile here because the fd is supposed to persist over
transaction boundaries.
3. lo_import/lo_export - fixed by using OpenTransientFile instead of
PathNameOpenFile.
In addition to plugging those leaks, this replaces many BasicOpenFile() calls
with OpenTransientFile() that were not leaking, because the code meticulously
closed the file on error. That wasn't strictly necessary, but IMHO it's good
for robustness.
The same leaks exist in older versions, but given the rarity of the issues,
I'm not backpatching this. Not yet, anyway - it might be good to backpatch
later, after this mechanism has had some more testing in master branch.
2012-11-27 09:25:50 +01:00
|
|
|
fd = OpenTransientFile(fnamebuf, O_RDONLY | PG_BINARY, S_IRWXU);
|
1997-09-07 07:04:48 +02:00
|
|
|
if (fd < 0)
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
(errcode_for_file_access(),
|
|
|
|
errmsg("could not open server file \"%s\": %m",
|
|
|
|
fnamebuf)));
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
/*
|
2003-07-22 21:00:12 +02:00
|
|
|
* create an inversion object
|
1997-09-07 07:04:48 +02:00
|
|
|
*/
|
2008-03-22 02:55:14 +01:00
|
|
|
oid = inv_create(lobjOid);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
/*
|
2005-06-13 04:26:53 +02:00
|
|
|
* read in from the filesystem and write to the inversion object
|
1997-09-07 07:04:48 +02:00
|
|
|
*/
|
2008-03-22 02:55:14 +01:00
|
|
|
lobj = inv_open(oid, INV_WRITE, fscxt);
|
2005-06-13 04:26:53 +02:00
|
|
|
|
Add OpenTransientFile, with automatic cleanup at end-of-xact.
Files opened with BasicOpenFile or PathNameOpenFile are not automatically
cleaned up on error. That puts unnecessary burden on callers that only want
to keep the file open for a short time. There is AllocateFile, but that
returns a buffered FILE * stream, which in many cases is not the nicest API
to work with. So add function called OpenTransientFile, which returns a
unbuffered fd that's cleaned up like the FILE* returned by AllocateFile().
This plugs a few rare fd leaks in error cases:
1. copy_file() - fixed by by using OpenTransientFile instead of BasicOpenFile
2. XLogFileInit() - fixed by adding close() calls to the error cases. Can't
use OpenTransientFile here because the fd is supposed to persist over
transaction boundaries.
3. lo_import/lo_export - fixed by using OpenTransientFile instead of
PathNameOpenFile.
In addition to plugging those leaks, this replaces many BasicOpenFile() calls
with OpenTransientFile() that were not leaking, because the code meticulously
closed the file on error. That wasn't strictly necessary, but IMHO it's good
for robustness.
The same leaks exist in older versions, but given the rarity of the issues,
I'm not backpatching this. Not yet, anyway - it might be good to backpatch
later, after this mechanism has had some more testing in master branch.
2012-11-27 09:25:50 +01:00
|
|
|
while ((nbytes = read(fd, buf, BUFSIZE)) > 0)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
|
|
|
tmp = inv_write(lobj, buf, nbytes);
|
2003-07-22 21:00:12 +02:00
|
|
|
Assert(tmp == nbytes);
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
|
|
|
|
2003-07-22 21:00:12 +02:00
|
|
|
if (nbytes < 0)
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode_for_file_access(),
|
|
|
|
errmsg("could not read server file \"%s\": %m",
|
|
|
|
fnamebuf)));
|
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
inv_close(lobj);
|
Add OpenTransientFile, with automatic cleanup at end-of-xact.
Files opened with BasicOpenFile or PathNameOpenFile are not automatically
cleaned up on error. That puts unnecessary burden on callers that only want
to keep the file open for a short time. There is AllocateFile, but that
returns a buffered FILE * stream, which in many cases is not the nicest API
to work with. So add function called OpenTransientFile, which returns a
unbuffered fd that's cleaned up like the FILE* returned by AllocateFile().
This plugs a few rare fd leaks in error cases:
1. copy_file() - fixed by by using OpenTransientFile instead of BasicOpenFile
2. XLogFileInit() - fixed by adding close() calls to the error cases. Can't
use OpenTransientFile here because the fd is supposed to persist over
transaction boundaries.
3. lo_import/lo_export - fixed by using OpenTransientFile instead of
PathNameOpenFile.
In addition to plugging those leaks, this replaces many BasicOpenFile() calls
with OpenTransientFile() that were not leaking, because the code meticulously
closed the file on error. That wasn't strictly necessary, but IMHO it's good
for robustness.
The same leaks exist in older versions, but given the rarity of the issues,
I'm not backpatching this. Not yet, anyway - it might be good to backpatch
later, after this mechanism has had some more testing in master branch.
2012-11-27 09:25:50 +01:00
|
|
|
CloseTransientFile(fd);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2008-03-22 02:55:14 +01:00
|
|
|
return oid;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* lo_export -
|
1997-09-07 07:04:48 +02:00
|
|
|
* exports an (inversion) large object.
|
1996-07-09 08:22:35 +02:00
|
|
|
*/
|
2000-06-09 03:11:16 +02:00
|
|
|
Datum
|
|
|
|
lo_export(PG_FUNCTION_ARGS)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2000-06-09 03:11:16 +02:00
|
|
|
Oid lobjId = PG_GETARG_OID(0);
|
2008-03-25 23:42:46 +01:00
|
|
|
text *filename = PG_GETARG_TEXT_PP(1);
|
Add OpenTransientFile, with automatic cleanup at end-of-xact.
Files opened with BasicOpenFile or PathNameOpenFile are not automatically
cleaned up on error. That puts unnecessary burden on callers that only want
to keep the file open for a short time. There is AllocateFile, but that
returns a buffered FILE * stream, which in many cases is not the nicest API
to work with. So add function called OpenTransientFile, which returns a
unbuffered fd that's cleaned up like the FILE* returned by AllocateFile().
This plugs a few rare fd leaks in error cases:
1. copy_file() - fixed by by using OpenTransientFile instead of BasicOpenFile
2. XLogFileInit() - fixed by adding close() calls to the error cases. Can't
use OpenTransientFile here because the fd is supposed to persist over
transaction boundaries.
3. lo_import/lo_export - fixed by using OpenTransientFile instead of
PathNameOpenFile.
In addition to plugging those leaks, this replaces many BasicOpenFile() calls
with OpenTransientFile() that were not leaking, because the code meticulously
closed the file on error. That wasn't strictly necessary, but IMHO it's good
for robustness.
The same leaks exist in older versions, but given the rarity of the issues,
I'm not backpatching this. Not yet, anyway - it might be good to backpatch
later, after this mechanism has had some more testing in master branch.
2012-11-27 09:25:50 +01:00
|
|
|
int fd;
|
1997-09-08 04:41:22 +02:00
|
|
|
int nbytes,
|
|
|
|
tmp;
|
|
|
|
char buf[BUFSIZE];
|
2000-10-24 03:38:44 +02:00
|
|
|
char fnamebuf[MAXPGPATH];
|
1997-09-07 07:04:48 +02:00
|
|
|
LargeObjectDesc *lobj;
|
1997-09-08 04:41:22 +02:00
|
|
|
mode_t oumask;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1999-06-04 23:13:38 +02:00
|
|
|
#ifndef ALLOW_DANGEROUS_LO_FUNCTIONS
|
1999-06-01 00:53:59 +02:00
|
|
|
if (!superuser())
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2005-10-15 04:49:52 +02:00
|
|
|
errmsg("must be superuser to use server-side lo_export()"),
|
2003-07-22 21:00:12 +02:00
|
|
|
errhint("Anyone can use the client-side lo_export() provided by libpq.")));
|
1999-06-04 23:13:38 +02:00
|
|
|
#endif
|
1999-06-01 00:53:59 +02:00
|
|
|
|
2004-09-11 17:56:46 +02:00
|
|
|
CreateFSContext();
|
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
/*
|
2003-07-22 21:00:12 +02:00
|
|
|
* open the inversion object (no need to test for failure)
|
1997-09-07 07:04:48 +02:00
|
|
|
*/
|
2006-04-26 02:34:57 +02:00
|
|
|
lobj = inv_open(lobjId, INV_READ, fscxt);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* open the file to be written to
|
1999-06-01 00:53:59 +02:00
|
|
|
*
|
2005-11-22 19:17:34 +01:00
|
|
|
* Note: we reduce backend's normal 077 umask to the slightly friendlier
|
|
|
|
* 022. This code used to drop it all the way to 0, but creating
|
|
|
|
* world-writable export files doesn't seem wise.
|
1997-09-07 07:04:48 +02:00
|
|
|
*/
|
2008-03-25 23:42:46 +01:00
|
|
|
text_to_cstring_buffer(filename, fnamebuf, sizeof(fnamebuf));
|
2010-12-10 23:35:33 +01:00
|
|
|
oumask = umask(S_IWGRP | S_IWOTH);
|
Add OpenTransientFile, with automatic cleanup at end-of-xact.
Files opened with BasicOpenFile or PathNameOpenFile are not automatically
cleaned up on error. That puts unnecessary burden on callers that only want
to keep the file open for a short time. There is AllocateFile, but that
returns a buffered FILE * stream, which in many cases is not the nicest API
to work with. So add function called OpenTransientFile, which returns a
unbuffered fd that's cleaned up like the FILE* returned by AllocateFile().
This plugs a few rare fd leaks in error cases:
1. copy_file() - fixed by by using OpenTransientFile instead of BasicOpenFile
2. XLogFileInit() - fixed by adding close() calls to the error cases. Can't
use OpenTransientFile here because the fd is supposed to persist over
transaction boundaries.
3. lo_import/lo_export - fixed by using OpenTransientFile instead of
PathNameOpenFile.
In addition to plugging those leaks, this replaces many BasicOpenFile() calls
with OpenTransientFile() that were not leaking, because the code meticulously
closed the file on error. That wasn't strictly necessary, but IMHO it's good
for robustness.
The same leaks exist in older versions, but given the rarity of the issues,
I'm not backpatching this. Not yet, anyway - it might be good to backpatch
later, after this mechanism has had some more testing in master branch.
2012-11-27 09:25:50 +01:00
|
|
|
fd = OpenTransientFile(fnamebuf, O_CREAT | O_WRONLY | O_TRUNC | PG_BINARY,
|
|
|
|
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
|
1997-09-07 07:04:48 +02:00
|
|
|
umask(oumask);
|
|
|
|
if (fd < 0)
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
(errcode_for_file_access(),
|
|
|
|
errmsg("could not create server file \"%s\": %m",
|
|
|
|
fnamebuf)));
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
/*
|
2004-07-28 16:23:31 +02:00
|
|
|
* read in from the inversion file and write to the filesystem
|
1997-09-07 07:04:48 +02:00
|
|
|
*/
|
|
|
|
while ((nbytes = inv_read(lobj, buf, BUFSIZE)) > 0)
|
|
|
|
{
|
Add OpenTransientFile, with automatic cleanup at end-of-xact.
Files opened with BasicOpenFile or PathNameOpenFile are not automatically
cleaned up on error. That puts unnecessary burden on callers that only want
to keep the file open for a short time. There is AllocateFile, but that
returns a buffered FILE * stream, which in many cases is not the nicest API
to work with. So add function called OpenTransientFile, which returns a
unbuffered fd that's cleaned up like the FILE* returned by AllocateFile().
This plugs a few rare fd leaks in error cases:
1. copy_file() - fixed by by using OpenTransientFile instead of BasicOpenFile
2. XLogFileInit() - fixed by adding close() calls to the error cases. Can't
use OpenTransientFile here because the fd is supposed to persist over
transaction boundaries.
3. lo_import/lo_export - fixed by using OpenTransientFile instead of
PathNameOpenFile.
In addition to plugging those leaks, this replaces many BasicOpenFile() calls
with OpenTransientFile() that were not leaking, because the code meticulously
closed the file on error. That wasn't strictly necessary, but IMHO it's good
for robustness.
The same leaks exist in older versions, but given the rarity of the issues,
I'm not backpatching this. Not yet, anyway - it might be good to backpatch
later, after this mechanism has had some more testing in master branch.
2012-11-27 09:25:50 +01:00
|
|
|
tmp = write(fd, buf, nbytes);
|
2000-10-24 03:38:44 +02:00
|
|
|
if (tmp != nbytes)
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
(errcode_for_file_access(),
|
|
|
|
errmsg("could not write server file \"%s\": %m",
|
|
|
|
fnamebuf)));
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
|
|
|
|
Add OpenTransientFile, with automatic cleanup at end-of-xact.
Files opened with BasicOpenFile or PathNameOpenFile are not automatically
cleaned up on error. That puts unnecessary burden on callers that only want
to keep the file open for a short time. There is AllocateFile, but that
returns a buffered FILE * stream, which in many cases is not the nicest API
to work with. So add function called OpenTransientFile, which returns a
unbuffered fd that's cleaned up like the FILE* returned by AllocateFile().
This plugs a few rare fd leaks in error cases:
1. copy_file() - fixed by by using OpenTransientFile instead of BasicOpenFile
2. XLogFileInit() - fixed by adding close() calls to the error cases. Can't
use OpenTransientFile here because the fd is supposed to persist over
transaction boundaries.
3. lo_import/lo_export - fixed by using OpenTransientFile instead of
PathNameOpenFile.
In addition to plugging those leaks, this replaces many BasicOpenFile() calls
with OpenTransientFile() that were not leaking, because the code meticulously
closed the file on error. That wasn't strictly necessary, but IMHO it's good
for robustness.
The same leaks exist in older versions, but given the rarity of the issues,
I'm not backpatching this. Not yet, anyway - it might be good to backpatch
later, after this mechanism has had some more testing in master branch.
2012-11-27 09:25:50 +01:00
|
|
|
CloseTransientFile(fd);
|
2003-07-22 21:00:12 +02:00
|
|
|
inv_close(lobj);
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2000-06-09 03:11:16 +02:00
|
|
|
PG_RETURN_INT32(1);
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
2007-03-03 20:52:47 +01:00
|
|
|
/*
|
|
|
|
* lo_truncate -
|
|
|
|
* truncate a large object to a specified length
|
|
|
|
*/
|
2012-10-09 22:38:00 +02:00
|
|
|
static void
|
|
|
|
lo_truncate_internal(int32 fd, int64 len)
|
2007-03-03 20:52:47 +01:00
|
|
|
{
|
2012-10-09 22:38:00 +02:00
|
|
|
LargeObjectDesc *lobj;
|
2007-03-03 20:52:47 +01:00
|
|
|
|
|
|
|
if (fd < 0 || fd >= cookies_size || cookies[fd] == NULL)
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
errmsg("invalid large-object descriptor: %d", fd)));
|
2012-10-09 22:38:00 +02:00
|
|
|
lobj = cookies[fd];
|
2007-03-03 20:52:47 +01:00
|
|
|
|
2012-10-09 22:38:00 +02:00
|
|
|
if ((lobj->flags & IFS_WRLOCK) == 0)
|
2012-10-07 01:36:48 +02:00
|
|
|
ereport(ERROR,
|
2012-10-09 22:38:00 +02:00
|
|
|
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
|
|
|
|
errmsg("large object descriptor %d was not opened for writing",
|
|
|
|
fd)));
|
|
|
|
|
|
|
|
/* Permission checks --- first time through only */
|
|
|
|
if ((lobj->flags & IFS_WR_PERM_OK) == 0)
|
|
|
|
{
|
|
|
|
if (!lo_compat_privileges &&
|
|
|
|
pg_largeobject_aclcheck_snapshot(lobj->id,
|
|
|
|
GetUserId(),
|
|
|
|
ACL_UPDATE,
|
|
|
|
lobj->snapshot) != ACLCHECK_OK)
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
errmsg("permission denied for large object %u",
|
|
|
|
lobj->id)));
|
|
|
|
lobj->flags |= IFS_WR_PERM_OK;
|
|
|
|
}
|
2012-10-07 01:36:48 +02:00
|
|
|
|
2012-10-09 22:38:00 +02:00
|
|
|
inv_truncate(lobj, len);
|
|
|
|
}
|
2012-10-07 01:36:48 +02:00
|
|
|
|
2012-10-09 22:38:00 +02:00
|
|
|
Datum
|
|
|
|
lo_truncate(PG_FUNCTION_ARGS)
|
|
|
|
{
|
|
|
|
int32 fd = PG_GETARG_INT32(0);
|
|
|
|
int32 len = PG_GETARG_INT32(1);
|
|
|
|
|
|
|
|
lo_truncate_internal(fd, len);
|
2012-10-07 01:36:48 +02:00
|
|
|
PG_RETURN_INT32(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
Datum
|
|
|
|
lo_truncate64(PG_FUNCTION_ARGS)
|
|
|
|
{
|
|
|
|
int32 fd = PG_GETARG_INT32(0);
|
|
|
|
int64 len = PG_GETARG_INT64(1);
|
|
|
|
|
2012-10-09 22:38:00 +02:00
|
|
|
lo_truncate_internal(fd, len);
|
2007-03-03 20:52:47 +01:00
|
|
|
PG_RETURN_INT32(0);
|
|
|
|
}
|
|
|
|
|
1998-07-21 06:17:30 +02:00
|
|
|
/*
|
2004-07-28 16:23:31 +02:00
|
|
|
* AtEOXact_LargeObject -
|
|
|
|
* prepares large objects for transaction commit
|
1998-07-21 06:17:30 +02:00
|
|
|
*/
|
1998-09-01 06:40:42 +02:00
|
|
|
void
|
2004-07-28 16:23:31 +02:00
|
|
|
AtEOXact_LargeObject(bool isCommit)
|
1998-07-21 06:17:30 +02:00
|
|
|
{
|
1998-09-01 06:40:42 +02:00
|
|
|
int i;
|
1998-07-21 06:17:30 +02:00
|
|
|
|
1998-07-22 07:48:59 +02:00
|
|
|
if (fscxt == NULL)
|
1999-06-01 00:53:59 +02:00
|
|
|
return; /* no LO operations in this xact */
|
1998-09-01 06:40:42 +02:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Close LO fds and clear cookies array so that LO fds are no longer good.
|
|
|
|
* On abort we skip the close step.
|
1999-06-01 00:53:59 +02:00
|
|
|
*/
|
2000-10-24 05:14:08 +02:00
|
|
|
for (i = 0; i < cookies_size; i++)
|
1998-07-22 07:48:59 +02:00
|
|
|
{
|
1998-09-01 06:40:42 +02:00
|
|
|
if (cookies[i] != NULL)
|
1999-06-01 00:53:59 +02:00
|
|
|
{
|
|
|
|
if (isCommit)
|
2000-10-24 03:38:44 +02:00
|
|
|
inv_close(cookies[i]);
|
2004-07-28 16:23:31 +02:00
|
|
|
deleteLOfd(i);
|
1999-06-01 00:53:59 +02:00
|
|
|
}
|
1998-07-22 07:48:59 +02:00
|
|
|
}
|
1998-07-21 06:17:30 +02:00
|
|
|
|
2000-10-24 05:14:08 +02:00
|
|
|
/* Needn't actually pfree since we're about to zap context */
|
|
|
|
cookies = NULL;
|
|
|
|
cookies_size = 0;
|
|
|
|
|
1999-06-01 00:53:59 +02:00
|
|
|
/* Release the LO memory context to prevent permanent memory leaks. */
|
2000-06-28 05:33:33 +02:00
|
|
|
MemoryContextDelete(fscxt);
|
1999-06-01 00:53:59 +02:00
|
|
|
fscxt = NULL;
|
2004-07-28 16:23:31 +02:00
|
|
|
|
|
|
|
/* Give inv_api.c a chance to clean up, too */
|
|
|
|
close_lo_relation(isCommit);
|
1998-07-21 06:17:30 +02:00
|
|
|
}
|
|
|
|
|
2004-07-28 16:23:31 +02:00
|
|
|
/*
|
|
|
|
* AtEOSubXact_LargeObject
|
2004-08-29 07:07:03 +02:00
|
|
|
* Take care of large objects at subtransaction commit/abort
|
2004-07-28 16:23:31 +02:00
|
|
|
*
|
|
|
|
* Reassign LOs created/opened during a committing subtransaction
|
2004-09-16 18:58:44 +02:00
|
|
|
* to the parent subtransaction. On abort, just close them.
|
2004-07-28 16:23:31 +02:00
|
|
|
*/
|
|
|
|
void
|
2004-09-16 18:58:44 +02:00
|
|
|
AtEOSubXact_LargeObject(bool isCommit, SubTransactionId mySubid,
|
|
|
|
SubTransactionId parentSubid)
|
2004-07-28 16:23:31 +02:00
|
|
|
{
|
2004-08-29 07:07:03 +02:00
|
|
|
int i;
|
2004-07-28 16:23:31 +02:00
|
|
|
|
|
|
|
if (fscxt == NULL) /* no LO operations in this xact */
|
|
|
|
return;
|
|
|
|
|
|
|
|
for (i = 0; i < cookies_size; i++)
|
|
|
|
{
|
|
|
|
LargeObjectDesc *lo = cookies[i];
|
|
|
|
|
2004-09-16 18:58:44 +02:00
|
|
|
if (lo != NULL && lo->subid == mySubid)
|
2004-07-28 16:23:31 +02:00
|
|
|
{
|
|
|
|
if (isCommit)
|
2004-09-16 18:58:44 +02:00
|
|
|
lo->subid = parentSubid;
|
2004-07-28 16:23:31 +02:00
|
|
|
else
|
|
|
|
{
|
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Make sure we do not call inv_close twice if it errors out
|
|
|
|
* for some reason. Better a leak than a crash.
|
2004-07-28 16:23:31 +02:00
|
|
|
*/
|
|
|
|
deleteLOfd(i);
|
|
|
|
inv_close(lo);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
1996-07-09 08:22:35 +02:00
|
|
|
|
|
|
|
/*****************************************************************************
|
1997-09-07 07:04:48 +02:00
|
|
|
* Support routines for this file
|
1996-07-09 08:22:35 +02:00
|
|
|
*****************************************************************************/
|
|
|
|
|
|
|
|
static int
|
1997-09-08 23:56:23 +02:00
|
|
|
newLOfd(LargeObjectDesc *lobjCookie)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2000-10-24 05:14:08 +02:00
|
|
|
int i,
|
|
|
|
newsize;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2000-10-24 05:14:08 +02:00
|
|
|
/* Try to find a free slot */
|
|
|
|
for (i = 0; i < cookies_size; i++)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
|
|
|
if (cookies[i] == NULL)
|
|
|
|
{
|
|
|
|
cookies[i] = lobjCookie;
|
|
|
|
return i;
|
|
|
|
}
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
2000-10-24 05:14:08 +02:00
|
|
|
|
|
|
|
/* No free slot, so make the array bigger */
|
|
|
|
if (cookies_size <= 0)
|
|
|
|
{
|
|
|
|
/* First time through, arbitrarily make 64-element array */
|
|
|
|
i = 0;
|
|
|
|
newsize = 64;
|
|
|
|
cookies = (LargeObjectDesc **)
|
2006-04-26 02:34:57 +02:00
|
|
|
MemoryContextAllocZero(fscxt, newsize * sizeof(LargeObjectDesc *));
|
2000-10-24 05:14:08 +02:00
|
|
|
cookies_size = newsize;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Double size of array */
|
|
|
|
i = cookies_size;
|
|
|
|
newsize = cookies_size * 2;
|
|
|
|
cookies = (LargeObjectDesc **)
|
|
|
|
repalloc(cookies, newsize * sizeof(LargeObjectDesc *));
|
|
|
|
MemSet(cookies + cookies_size, 0,
|
|
|
|
(newsize - cookies_size) * sizeof(LargeObjectDesc *));
|
|
|
|
cookies_size = newsize;
|
|
|
|
}
|
|
|
|
|
|
|
|
Assert(cookies[i] == NULL);
|
|
|
|
cookies[i] = lobjCookie;
|
|
|
|
return i;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
static void
|
1996-07-09 08:22:35 +02:00
|
|
|
deleteLOfd(int fd)
|
|
|
|
{
|
1997-09-07 07:04:48 +02:00
|
|
|
cookies[fd] = NULL;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
2013-10-28 03:42:46 +01:00
|
|
|
|
|
|
|
/*****************************************************************************
|
|
|
|
* Wrappers oriented toward SQL callers
|
|
|
|
*****************************************************************************/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Read [offset, offset+nbytes) within LO; when nbytes is -1, read to end.
|
|
|
|
*/
|
|
|
|
static bytea *
|
|
|
|
lo_get_fragment_internal(Oid loOid, int64 offset, int32 nbytes)
|
|
|
|
{
|
|
|
|
LargeObjectDesc *loDesc;
|
|
|
|
int64 loSize;
|
|
|
|
int64 result_length;
|
|
|
|
int total_read PG_USED_FOR_ASSERTS_ONLY;
|
|
|
|
bytea *result = NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We don't actually need to store into fscxt, but create it anyway to
|
|
|
|
* ensure that AtEOXact_LargeObject knows there is state to clean up
|
|
|
|
*/
|
|
|
|
CreateFSContext();
|
|
|
|
|
|
|
|
loDesc = inv_open(loOid, INV_READ, fscxt);
|
|
|
|
|
|
|
|
/* Permission check */
|
|
|
|
if (!lo_compat_privileges &&
|
|
|
|
pg_largeobject_aclcheck_snapshot(loDesc->id,
|
|
|
|
GetUserId(),
|
|
|
|
ACL_SELECT,
|
|
|
|
loDesc->snapshot) != ACLCHECK_OK)
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
errmsg("permission denied for large object %u",
|
|
|
|
loDesc->id)));
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Compute number of bytes we'll actually read, accommodating nbytes == -1
|
|
|
|
* and reads beyond the end of the LO.
|
|
|
|
*/
|
|
|
|
loSize = inv_seek(loDesc, 0, SEEK_END);
|
|
|
|
if (loSize > offset)
|
|
|
|
{
|
|
|
|
if (nbytes >= 0 && nbytes <= loSize - offset)
|
|
|
|
result_length = nbytes; /* request is wholly inside LO */
|
|
|
|
else
|
|
|
|
result_length = loSize - offset; /* adjust to end of LO */
|
|
|
|
}
|
|
|
|
else
|
|
|
|
result_length = 0; /* request is wholly outside LO */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* A result_length calculated from loSize may not fit in a size_t. Check
|
|
|
|
* that the size will satisfy this and subsequently-enforced size limits.
|
|
|
|
*/
|
|
|
|
if (result_length > MaxAllocSize - VARHDRSZ)
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
|
|
|
|
errmsg("large object read request is too large")));
|
|
|
|
|
|
|
|
result = (bytea *) palloc(VARHDRSZ + result_length);
|
|
|
|
|
|
|
|
inv_seek(loDesc, offset, SEEK_SET);
|
|
|
|
total_read = inv_read(loDesc, VARDATA(result), result_length);
|
|
|
|
Assert(total_read == result_length);
|
|
|
|
SET_VARSIZE(result, result_length + VARHDRSZ);
|
|
|
|
|
|
|
|
inv_close(loDesc);
|
|
|
|
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Read entire LO
|
|
|
|
*/
|
|
|
|
Datum
|
|
|
|
lo_get(PG_FUNCTION_ARGS)
|
|
|
|
{
|
|
|
|
Oid loOid = PG_GETARG_OID(0);
|
|
|
|
bytea *result;
|
|
|
|
|
|
|
|
result = lo_get_fragment_internal(loOid, 0, -1);
|
|
|
|
|
|
|
|
PG_RETURN_BYTEA_P(result);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Read range within LO
|
|
|
|
*/
|
|
|
|
Datum
|
|
|
|
lo_get_fragment(PG_FUNCTION_ARGS)
|
|
|
|
{
|
|
|
|
Oid loOid = PG_GETARG_OID(0);
|
|
|
|
int64 offset = PG_GETARG_INT64(1);
|
|
|
|
int32 nbytes = PG_GETARG_INT32(2);
|
|
|
|
bytea *result;
|
|
|
|
|
|
|
|
if (nbytes < 0)
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
|
|
|
|
errmsg("requested length cannot be negative")));
|
|
|
|
|
|
|
|
result = lo_get_fragment_internal(loOid, offset, nbytes);
|
|
|
|
|
|
|
|
PG_RETURN_BYTEA_P(result);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Create LO with initial contents
|
|
|
|
*/
|
|
|
|
Datum
|
|
|
|
lo_create_bytea(PG_FUNCTION_ARGS)
|
|
|
|
{
|
|
|
|
Oid loOid = PG_GETARG_OID(0);
|
|
|
|
bytea *str = PG_GETARG_BYTEA_PP(1);
|
|
|
|
LargeObjectDesc *loDesc;
|
|
|
|
int written PG_USED_FOR_ASSERTS_ONLY;
|
|
|
|
|
|
|
|
CreateFSContext();
|
|
|
|
|
|
|
|
loOid = inv_create(loOid);
|
|
|
|
loDesc = inv_open(loOid, INV_WRITE, fscxt);
|
|
|
|
written = inv_write(loDesc, VARDATA_ANY(str), VARSIZE_ANY_EXHDR(str));
|
|
|
|
Assert(written == VARSIZE_ANY_EXHDR(str));
|
|
|
|
inv_close(loDesc);
|
|
|
|
|
|
|
|
PG_RETURN_OID(loOid);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Update range within LO
|
|
|
|
*/
|
|
|
|
Datum
|
|
|
|
lo_put(PG_FUNCTION_ARGS)
|
|
|
|
{
|
|
|
|
Oid loOid = PG_GETARG_OID(0);
|
|
|
|
int64 offset = PG_GETARG_INT64(1);
|
|
|
|
bytea *str = PG_GETARG_BYTEA_PP(2);
|
|
|
|
LargeObjectDesc *loDesc;
|
|
|
|
int written PG_USED_FOR_ASSERTS_ONLY;
|
|
|
|
|
|
|
|
CreateFSContext();
|
|
|
|
|
|
|
|
loDesc = inv_open(loOid, INV_WRITE, fscxt);
|
|
|
|
inv_seek(loDesc, offset, SEEK_SET);
|
|
|
|
written = inv_write(loDesc, VARDATA_ANY(str), VARSIZE_ANY_EXHDR(str));
|
|
|
|
Assert(written == VARSIZE_ANY_EXHDR(str));
|
|
|
|
inv_close(loDesc);
|
|
|
|
|
|
|
|
PG_RETURN_VOID();
|
|
|
|
}
|