mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-08-20 01:43:23 +02:00
578b229718
Previously tables declared WITH OIDS, including a significant fraction of the catalog tables, stored the oid column not as a normal column, but as part of the tuple header. This special column was not shown by default, which was somewhat odd, as it's often (consider e.g. pg_class.oid) one of the more important parts of a row. Neither pg_dump nor COPY included the contents of the oid column by default. The fact that the oid column was not an ordinary column necessitated a significant amount of special case code to support oid columns. That already was painful for the existing, but upcoming work aiming to make table storage pluggable, would have required expanding and duplicating that "specialness" significantly. WITH OIDS has been deprecated since 2005 (commit ff02d0a05280e0). Remove it. Removing includes: - CREATE TABLE and ALTER TABLE syntax for declaring the table to be WITH OIDS has been removed (WITH (oids[ = true]) will error out) - pg_dump does not support dumping tables declared WITH OIDS and will issue a warning when dumping one (and ignore the oid column). - restoring an pg_dump archive with pg_restore will warn when restoring a table with oid contents (and ignore the oid column) - COPY will refuse to load binary dump that includes oids. - pg_upgrade will error out when encountering tables declared WITH OIDS, they have to be altered to remove the oid column first. - Functionality to access the oid of the last inserted row (like plpgsql's RESULT_OID, spi's SPI_lastoid, ...) has been removed. The syntax for declaring a table WITHOUT OIDS (or WITH (oids = false) for CREATE TABLE) is still supported. While that requires a bit of support code, it seems unnecessary to break applications / dumps that do not use oids, and are explicit about not using them. The biggest user of WITH OID columns was postgres' catalog. This commit changes all 'magic' oid columns to be columns that are normally declared and stored. To reduce unnecessary query breakage all the newly added columns are still named 'oid', even if a table's column naming scheme would indicate 'reloid' or such. This obviously requires adapting a lot code, mostly replacing oid access via HeapTupleGetOid() with access to the underlying Form_pg_*->oid column. The bootstrap process now assigns oids for all oid columns in genbki.pl that do not have an explicit value (starting at the largest oid previously used), only oids assigned later by oids will be above FirstBootstrapObjectId. As the oid column now is a normal column the special bootstrap syntax for oids has been removed. Oids are not automatically assigned during insertion anymore, all backend code explicitly assigns oids with GetNewOidWithIndex(). For the rare case that insertions into the catalog via SQL are called for the new pg_nextoid() function can be used (which only works on catalog tables). The fact that oid columns on system tables are now normal columns means that they will be included in the set of columns expanded by * (i.e. SELECT * FROM pg_class will now include the table's oid, previously it did not). It'd not technically be hard to hide oid column by default, but that'd mean confusing behavior would either have to be carried forward forever, or it'd cause breakage down the line. While it's not unlikely that further adjustments are needed, the scope/invasiveness of the patch makes it worthwhile to get merge this now. It's painful to maintain externally, too complicated to commit after the code code freeze, and a dependency of a number of other patches. Catversion bump, for obvious reasons. Author: Andres Freund, with contributions by John Naylor Discussion: https://postgr.es/m/20180930034810.ywp2c7awz7opzcfr@alap3.anarazel.de
576 lines
14 KiB
C
576 lines
14 KiB
C
/*-------------------------------------------------------------------------
|
|
*
|
|
* adminpack.c
|
|
*
|
|
*
|
|
* Copyright (c) 2002-2018, PostgreSQL Global Development Group
|
|
*
|
|
* Author: Andreas Pflug <pgadmin@pse-consulting.de>
|
|
*
|
|
* IDENTIFICATION
|
|
* contrib/adminpack/adminpack.c
|
|
*
|
|
*-------------------------------------------------------------------------
|
|
*/
|
|
#include "postgres.h"
|
|
|
|
#include <sys/file.h>
|
|
#include <sys/stat.h>
|
|
#include <unistd.h>
|
|
|
|
#include "catalog/pg_authid.h"
|
|
#include "catalog/pg_type.h"
|
|
#include "funcapi.h"
|
|
#include "miscadmin.h"
|
|
#include "postmaster/syslogger.h"
|
|
#include "storage/fd.h"
|
|
#include "utils/builtins.h"
|
|
#include "utils/datetime.h"
|
|
|
|
|
|
#ifdef WIN32
|
|
|
|
#ifdef rename
|
|
#undef rename
|
|
#endif
|
|
|
|
#ifdef unlink
|
|
#undef unlink
|
|
#endif
|
|
#endif
|
|
|
|
PG_MODULE_MAGIC;
|
|
|
|
PG_FUNCTION_INFO_V1(pg_file_write);
|
|
PG_FUNCTION_INFO_V1(pg_file_write_v1_1);
|
|
PG_FUNCTION_INFO_V1(pg_file_rename);
|
|
PG_FUNCTION_INFO_V1(pg_file_rename_v1_1);
|
|
PG_FUNCTION_INFO_V1(pg_file_unlink);
|
|
PG_FUNCTION_INFO_V1(pg_file_unlink_v1_1);
|
|
PG_FUNCTION_INFO_V1(pg_logdir_ls);
|
|
PG_FUNCTION_INFO_V1(pg_logdir_ls_v1_1);
|
|
|
|
static int64 pg_file_write_internal(text *file, text *data, bool replace);
|
|
static bool pg_file_rename_internal(text *file1, text *file2, text *file3);
|
|
static Datum pg_logdir_ls_internal(FunctionCallInfo fcinfo);
|
|
|
|
typedef struct
|
|
{
|
|
char *location;
|
|
DIR *dirdesc;
|
|
} directory_fctx;
|
|
|
|
/*-----------------------
|
|
* some helper functions
|
|
*/
|
|
|
|
/*
|
|
* Convert a "text" filename argument to C string, and check it's allowable.
|
|
*
|
|
* Filename may be absolute or relative to the DataDir, but we only allow
|
|
* absolute paths that match DataDir or Log_directory.
|
|
*/
|
|
static char *
|
|
convert_and_check_filename(text *arg, bool logAllowed)
|
|
{
|
|
char *filename = text_to_cstring(arg);
|
|
|
|
canonicalize_path(filename); /* filename can change length here */
|
|
|
|
/*
|
|
* Members of the 'pg_write_server_files' role are allowed to access any
|
|
* files on the server as the PG user, so no need to do any further checks
|
|
* here.
|
|
*/
|
|
if (is_member_of_role(GetUserId(), DEFAULT_ROLE_WRITE_SERVER_FILES))
|
|
return filename;
|
|
|
|
/* User isn't a member of the default role, so check if it's allowable */
|
|
if (is_absolute_path(filename))
|
|
{
|
|
/* Disallow '/a/b/data/..' */
|
|
if (path_contains_parent_reference(filename))
|
|
ereport(ERROR,
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
(errmsg("reference to parent directory (\"..\") not allowed"))));
|
|
|
|
/*
|
|
* Allow absolute paths if within DataDir or Log_directory, even
|
|
* though Log_directory might be outside DataDir.
|
|
*/
|
|
if (!path_is_prefix_of_path(DataDir, filename) &&
|
|
(!logAllowed || !is_absolute_path(Log_directory) ||
|
|
!path_is_prefix_of_path(Log_directory, filename)))
|
|
ereport(ERROR,
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
(errmsg("absolute path not allowed"))));
|
|
}
|
|
else if (!path_is_relative_and_below_cwd(filename))
|
|
ereport(ERROR,
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
(errmsg("path must be in or below the current directory"))));
|
|
|
|
return filename;
|
|
}
|
|
|
|
|
|
/*
|
|
* check for superuser, bark if not.
|
|
*/
|
|
static void
|
|
requireSuperuser(void)
|
|
{
|
|
if (!superuser())
|
|
ereport(ERROR,
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
(errmsg("only superuser may access generic file functions"))));
|
|
}
|
|
|
|
|
|
|
|
/* ------------------------------------
|
|
* pg_file_write - old version
|
|
*
|
|
* The superuser() check here must be kept as the library might be upgraded
|
|
* without the extension being upgraded, meaning that in pre-1.1 installations
|
|
* these functions could be called by any user.
|
|
*/
|
|
Datum
|
|
pg_file_write(PG_FUNCTION_ARGS)
|
|
{
|
|
text *file = PG_GETARG_TEXT_PP(0);
|
|
text *data = PG_GETARG_TEXT_PP(1);
|
|
bool replace = PG_GETARG_BOOL(2);
|
|
int64 count = 0;
|
|
|
|
requireSuperuser();
|
|
|
|
count = pg_file_write_internal(file, data, replace);
|
|
|
|
PG_RETURN_INT64(count);
|
|
}
|
|
|
|
/* ------------------------------------
|
|
* pg_file_write_v1_1 - Version 1.1
|
|
*
|
|
* As of adminpack version 1.1, we no longer need to check if the user
|
|
* is a superuser because we REVOKE EXECUTE on the function from PUBLIC.
|
|
* Users can then grant access to it based on their policies.
|
|
*
|
|
* Otherwise identical to pg_file_write (above).
|
|
*/
|
|
Datum
|
|
pg_file_write_v1_1(PG_FUNCTION_ARGS)
|
|
{
|
|
text *file = PG_GETARG_TEXT_PP(0);
|
|
text *data = PG_GETARG_TEXT_PP(1);
|
|
bool replace = PG_GETARG_BOOL(2);
|
|
int64 count = 0;
|
|
|
|
count = pg_file_write_internal(file, data, replace);
|
|
|
|
PG_RETURN_INT64(count);
|
|
}
|
|
|
|
/* ------------------------------------
|
|
* pg_file_write_internal - Workhorse for pg_file_write functions.
|
|
*
|
|
* This handles the actual work for pg_file_write.
|
|
*/
|
|
static int64
|
|
pg_file_write_internal(text *file, text *data, bool replace)
|
|
{
|
|
FILE *f;
|
|
char *filename;
|
|
int64 count = 0;
|
|
|
|
filename = convert_and_check_filename(file, false);
|
|
|
|
if (!replace)
|
|
{
|
|
struct stat fst;
|
|
|
|
if (stat(filename, &fst) >= 0)
|
|
ereport(ERROR,
|
|
(ERRCODE_DUPLICATE_FILE,
|
|
errmsg("file \"%s\" exists", filename)));
|
|
|
|
f = AllocateFile(filename, "wb");
|
|
}
|
|
else
|
|
f = AllocateFile(filename, "ab");
|
|
|
|
if (!f)
|
|
ereport(ERROR,
|
|
(errcode_for_file_access(),
|
|
errmsg("could not open file \"%s\" for writing: %m",
|
|
filename)));
|
|
|
|
count = fwrite(VARDATA_ANY(data), 1, VARSIZE_ANY_EXHDR(data), f);
|
|
if (count != VARSIZE_ANY_EXHDR(data) || FreeFile(f))
|
|
ereport(ERROR,
|
|
(errcode_for_file_access(),
|
|
errmsg("could not write file \"%s\": %m", filename)));
|
|
|
|
return (count);
|
|
}
|
|
|
|
/* ------------------------------------
|
|
* pg_file_rename - old version
|
|
*
|
|
* The superuser() check here must be kept as the library might be upgraded
|
|
* without the extension being upgraded, meaning that in pre-1.1 installations
|
|
* these functions could be called by any user.
|
|
*/
|
|
Datum
|
|
pg_file_rename(PG_FUNCTION_ARGS)
|
|
{
|
|
text *file1;
|
|
text *file2;
|
|
text *file3;
|
|
bool result;
|
|
|
|
requireSuperuser();
|
|
|
|
if (PG_ARGISNULL(0) || PG_ARGISNULL(1))
|
|
PG_RETURN_NULL();
|
|
|
|
file1 = PG_GETARG_TEXT_PP(0);
|
|
file2 = PG_GETARG_TEXT_PP(1);
|
|
|
|
if (PG_ARGISNULL(2))
|
|
file3 = NULL;
|
|
else
|
|
file3 = PG_GETARG_TEXT_PP(2);
|
|
|
|
result = pg_file_rename_internal(file1, file2, file3);
|
|
|
|
PG_RETURN_BOOL(result);
|
|
}
|
|
|
|
/* ------------------------------------
|
|
* pg_file_rename_v1_1 - Version 1.1
|
|
*
|
|
* As of adminpack version 1.1, we no longer need to check if the user
|
|
* is a superuser because we REVOKE EXECUTE on the function from PUBLIC.
|
|
* Users can then grant access to it based on their policies.
|
|
*
|
|
* Otherwise identical to pg_file_write (above).
|
|
*/
|
|
Datum
|
|
pg_file_rename_v1_1(PG_FUNCTION_ARGS)
|
|
{
|
|
text *file1;
|
|
text *file2;
|
|
text *file3;
|
|
bool result;
|
|
|
|
if (PG_ARGISNULL(0) || PG_ARGISNULL(1))
|
|
PG_RETURN_NULL();
|
|
|
|
file1 = PG_GETARG_TEXT_PP(0);
|
|
file2 = PG_GETARG_TEXT_PP(1);
|
|
|
|
if (PG_ARGISNULL(2))
|
|
file3 = NULL;
|
|
else
|
|
file3 = PG_GETARG_TEXT_PP(2);
|
|
|
|
result = pg_file_rename_internal(file1, file2, file3);
|
|
|
|
PG_RETURN_BOOL(result);
|
|
}
|
|
|
|
/* ------------------------------------
|
|
* pg_file_rename_internal - Workhorse for pg_file_rename functions.
|
|
*
|
|
* This handles the actual work for pg_file_rename.
|
|
*/
|
|
static bool
|
|
pg_file_rename_internal(text *file1, text *file2, text *file3)
|
|
{
|
|
char *fn1,
|
|
*fn2,
|
|
*fn3;
|
|
int rc;
|
|
|
|
fn1 = convert_and_check_filename(file1, false);
|
|
fn2 = convert_and_check_filename(file2, false);
|
|
|
|
if (file3 == NULL)
|
|
fn3 = NULL;
|
|
else
|
|
fn3 = convert_and_check_filename(file3, false);
|
|
|
|
if (access(fn1, W_OK) < 0)
|
|
{
|
|
ereport(WARNING,
|
|
(errcode_for_file_access(),
|
|
errmsg("file \"%s\" is not accessible: %m", fn1)));
|
|
|
|
return false;
|
|
}
|
|
|
|
if (fn3 && access(fn2, W_OK) < 0)
|
|
{
|
|
ereport(WARNING,
|
|
(errcode_for_file_access(),
|
|
errmsg("file \"%s\" is not accessible: %m", fn2)));
|
|
|
|
return false;
|
|
}
|
|
|
|
rc = access(fn3 ? fn3 : fn2, W_OK);
|
|
if (rc >= 0 || errno != ENOENT)
|
|
{
|
|
ereport(ERROR,
|
|
(ERRCODE_DUPLICATE_FILE,
|
|
errmsg("cannot rename to target file \"%s\"",
|
|
fn3 ? fn3 : fn2)));
|
|
}
|
|
|
|
if (fn3)
|
|
{
|
|
if (rename(fn2, fn3) != 0)
|
|
{
|
|
ereport(ERROR,
|
|
(errcode_for_file_access(),
|
|
errmsg("could not rename \"%s\" to \"%s\": %m",
|
|
fn2, fn3)));
|
|
}
|
|
if (rename(fn1, fn2) != 0)
|
|
{
|
|
ereport(WARNING,
|
|
(errcode_for_file_access(),
|
|
errmsg("could not rename \"%s\" to \"%s\": %m",
|
|
fn1, fn2)));
|
|
|
|
if (rename(fn3, fn2) != 0)
|
|
{
|
|
ereport(ERROR,
|
|
(errcode_for_file_access(),
|
|
errmsg("could not rename \"%s\" back to \"%s\": %m",
|
|
fn3, fn2)));
|
|
}
|
|
else
|
|
{
|
|
ereport(ERROR,
|
|
(ERRCODE_UNDEFINED_FILE,
|
|
errmsg("renaming \"%s\" to \"%s\" was reverted",
|
|
fn2, fn3)));
|
|
}
|
|
}
|
|
}
|
|
else if (rename(fn1, fn2) != 0)
|
|
{
|
|
ereport(ERROR,
|
|
(errcode_for_file_access(),
|
|
errmsg("could not rename \"%s\" to \"%s\": %m", fn1, fn2)));
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
|
|
/* ------------------------------------
|
|
* pg_file_unlink - old version
|
|
*
|
|
* The superuser() check here must be kept as the library might be upgraded
|
|
* without the extension being upgraded, meaning that in pre-1.1 installations
|
|
* these functions could be called by any user.
|
|
*/
|
|
Datum
|
|
pg_file_unlink(PG_FUNCTION_ARGS)
|
|
{
|
|
char *filename;
|
|
|
|
requireSuperuser();
|
|
|
|
filename = convert_and_check_filename(PG_GETARG_TEXT_PP(0), false);
|
|
|
|
if (access(filename, W_OK) < 0)
|
|
{
|
|
if (errno == ENOENT)
|
|
PG_RETURN_BOOL(false);
|
|
else
|
|
ereport(ERROR,
|
|
(errcode_for_file_access(),
|
|
errmsg("file \"%s\" is not accessible: %m", filename)));
|
|
}
|
|
|
|
if (unlink(filename) < 0)
|
|
{
|
|
ereport(WARNING,
|
|
(errcode_for_file_access(),
|
|
errmsg("could not unlink file \"%s\": %m", filename)));
|
|
|
|
PG_RETURN_BOOL(false);
|
|
}
|
|
PG_RETURN_BOOL(true);
|
|
}
|
|
|
|
|
|
/* ------------------------------------
|
|
* pg_file_unlink_v1_1 - Version 1.1
|
|
*
|
|
* As of adminpack version 1.1, we no longer need to check if the user
|
|
* is a superuser because we REVOKE EXECUTE on the function from PUBLIC.
|
|
* Users can then grant access to it based on their policies.
|
|
*
|
|
* Otherwise identical to pg_file_unlink (above).
|
|
*/
|
|
Datum
|
|
pg_file_unlink_v1_1(PG_FUNCTION_ARGS)
|
|
{
|
|
char *filename;
|
|
|
|
filename = convert_and_check_filename(PG_GETARG_TEXT_PP(0), false);
|
|
|
|
if (access(filename, W_OK) < 0)
|
|
{
|
|
if (errno == ENOENT)
|
|
PG_RETURN_BOOL(false);
|
|
else
|
|
ereport(ERROR,
|
|
(errcode_for_file_access(),
|
|
errmsg("file \"%s\" is not accessible: %m", filename)));
|
|
}
|
|
|
|
if (unlink(filename) < 0)
|
|
{
|
|
ereport(WARNING,
|
|
(errcode_for_file_access(),
|
|
errmsg("could not unlink file \"%s\": %m", filename)));
|
|
|
|
PG_RETURN_BOOL(false);
|
|
}
|
|
PG_RETURN_BOOL(true);
|
|
}
|
|
|
|
/* ------------------------------------
|
|
* pg_logdir_ls - Old version
|
|
*
|
|
* The superuser() check here must be kept as the library might be upgraded
|
|
* without the extension being upgraded, meaning that in pre-1.1 installations
|
|
* these functions could be called by any user.
|
|
*/
|
|
Datum
|
|
pg_logdir_ls(PG_FUNCTION_ARGS)
|
|
{
|
|
if (!superuser())
|
|
ereport(ERROR,
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
(errmsg("only superuser can list the log directory"))));
|
|
|
|
return (pg_logdir_ls_internal(fcinfo));
|
|
}
|
|
|
|
/* ------------------------------------
|
|
* pg_logdir_ls_v1_1 - Version 1.1
|
|
*
|
|
* As of adminpack version 1.1, we no longer need to check if the user
|
|
* is a superuser because we REVOKE EXECUTE on the function from PUBLIC.
|
|
* Users can then grant access to it based on their policies.
|
|
*
|
|
* Otherwise identical to pg_logdir_ls (above).
|
|
*/
|
|
Datum
|
|
pg_logdir_ls_v1_1(PG_FUNCTION_ARGS)
|
|
{
|
|
return (pg_logdir_ls_internal(fcinfo));
|
|
}
|
|
|
|
static Datum
|
|
pg_logdir_ls_internal(FunctionCallInfo fcinfo)
|
|
{
|
|
FuncCallContext *funcctx;
|
|
struct dirent *de;
|
|
directory_fctx *fctx;
|
|
|
|
if (strcmp(Log_filename, "postgresql-%Y-%m-%d_%H%M%S.log") != 0)
|
|
ereport(ERROR,
|
|
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
|
|
(errmsg("the log_filename parameter must equal 'postgresql-%%Y-%%m-%%d_%%H%%M%%S.log'"))));
|
|
|
|
if (SRF_IS_FIRSTCALL())
|
|
{
|
|
MemoryContext oldcontext;
|
|
TupleDesc tupdesc;
|
|
|
|
funcctx = SRF_FIRSTCALL_INIT();
|
|
oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
|
|
|
|
fctx = palloc(sizeof(directory_fctx));
|
|
|
|
tupdesc = CreateTemplateTupleDesc(2);
|
|
TupleDescInitEntry(tupdesc, (AttrNumber) 1, "starttime",
|
|
TIMESTAMPOID, -1, 0);
|
|
TupleDescInitEntry(tupdesc, (AttrNumber) 2, "filename",
|
|
TEXTOID, -1, 0);
|
|
|
|
funcctx->attinmeta = TupleDescGetAttInMetadata(tupdesc);
|
|
|
|
fctx->location = pstrdup(Log_directory);
|
|
fctx->dirdesc = AllocateDir(fctx->location);
|
|
|
|
if (!fctx->dirdesc)
|
|
ereport(ERROR,
|
|
(errcode_for_file_access(),
|
|
errmsg("could not open directory \"%s\": %m",
|
|
fctx->location)));
|
|
|
|
funcctx->user_fctx = fctx;
|
|
MemoryContextSwitchTo(oldcontext);
|
|
}
|
|
|
|
funcctx = SRF_PERCALL_SETUP();
|
|
fctx = (directory_fctx *) funcctx->user_fctx;
|
|
|
|
while ((de = ReadDir(fctx->dirdesc, fctx->location)) != NULL)
|
|
{
|
|
char *values[2];
|
|
HeapTuple tuple;
|
|
char timestampbuf[32];
|
|
char *field[MAXDATEFIELDS];
|
|
char lowstr[MAXDATELEN + 1];
|
|
int dtype;
|
|
int nf,
|
|
ftype[MAXDATEFIELDS];
|
|
fsec_t fsec;
|
|
int tz = 0;
|
|
struct pg_tm date;
|
|
|
|
/*
|
|
* Default format: postgresql-YYYY-MM-DD_HHMMSS.log
|
|
*/
|
|
if (strlen(de->d_name) != 32
|
|
|| strncmp(de->d_name, "postgresql-", 11) != 0
|
|
|| de->d_name[21] != '_'
|
|
|| strcmp(de->d_name + 28, ".log") != 0)
|
|
continue;
|
|
|
|
/* extract timestamp portion of filename */
|
|
strcpy(timestampbuf, de->d_name + 11);
|
|
timestampbuf[17] = '\0';
|
|
|
|
/* parse and decode expected timestamp to verify it's OK format */
|
|
if (ParseDateTime(timestampbuf, lowstr, MAXDATELEN, field, ftype, MAXDATEFIELDS, &nf))
|
|
continue;
|
|
|
|
if (DecodeDateTime(field, ftype, nf, &dtype, &date, &fsec, &tz))
|
|
continue;
|
|
|
|
/* Seems the timestamp is OK; prepare and return tuple */
|
|
|
|
values[0] = timestampbuf;
|
|
values[1] = psprintf("%s/%s", fctx->location, de->d_name);
|
|
|
|
tuple = BuildTupleFromCStrings(funcctx->attinmeta, values);
|
|
|
|
SRF_RETURN_NEXT(funcctx, HeapTupleGetDatum(tuple));
|
|
}
|
|
|
|
FreeDir(fctx->dirdesc);
|
|
SRF_RETURN_DONE(funcctx);
|
|
}
|