1 /*-------------------------------------------------------------------------
4 * Database management commands (create/drop database).
7 * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
8 * Portions Copyright (c) 1994, Regents of the University of California
12 * $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.94 2002/06/20 16:00:43 momjian Exp $
14 *-------------------------------------------------------------------------
22 #include <sys/types.h>
24 #include "access/heapam.h"
25 #include "catalog/catname.h"
26 #include "catalog/catalog.h"
27 #include "catalog/pg_database.h"
28 #include "catalog/pg_shadow.h"
29 #include "catalog/indexing.h"
30 #include "commands/comment.h"
31 #include "commands/dbcommands.h"
32 #include "miscadmin.h"
33 #include "storage/freespace.h"
34 #include "storage/sinval.h"
35 #include "utils/array.h"
36 #include "utils/builtins.h"
37 #include "utils/fmgroids.h"
38 #include "utils/guc.h"
39 #include "utils/lsyscache.h"
40 #include "utils/syscache.h"
43 #include "mb/pg_wchar.h" /* encoding check */
47 /* non-export function prototypes */
48 static bool get_db_info(const char *name, Oid *dbIdP, int4 *ownerIdP,
49 int *encodingP, bool *dbIsTemplateP, Oid *dbLastSysOidP,
50 TransactionId *dbVacuumXidP, TransactionId *dbFrozenXidP,
52 static bool have_createdb_privilege(void);
53 static char *resolve_alt_dbpath(const char *dbpath, Oid dboid);
54 static bool remove_dbdirs(const char *real_loc, const char *altloc);
61 createdb(const CreatedbStmt *stmt)
66 char src_loc[MAXPGPATH];
67 char buf[2 * MAXPGPATH + 100];
73 TransactionId src_vacuumxid;
74 TransactionId src_frozenxid;
75 char src_dbpath[MAXPGPATH];
76 Relation pg_database_rel;
78 TupleDesc pg_database_dsc;
79 Datum new_record[Natts_pg_database];
80 char new_record_nulls[Natts_pg_database];
84 DefElem *downer = NULL;
85 DefElem *dpath = NULL;
86 DefElem *dtemplate = NULL;
87 DefElem *dencoding = NULL;
88 char *dbname = stmt->dbname;
91 char *dbtemplate = NULL;
94 /* Extract options from the statement node tree */
95 foreach(option, stmt->options)
97 DefElem *defel = (DefElem *) lfirst(option);
99 if (strcmp(defel->defname, "owner") == 0)
102 elog(ERROR, "CREATE DATABASE: conflicting options");
105 else if (strcmp(defel->defname, "location") == 0)
108 elog(ERROR, "CREATE DATABASE: conflicting options");
111 else if (strcmp(defel->defname, "template") == 0)
114 elog(ERROR, "CREATE DATABASE: conflicting options");
117 else if (strcmp(defel->defname, "encoding") == 0)
120 elog(ERROR, "CREATE DATABASE: conflicting options");
124 elog(ERROR, "CREATE DATABASE: option \"%s\" not recognized",
129 dbowner = strVal(downer->arg);
131 dbpath = strVal(dpath->arg);
133 dbtemplate = strVal(dtemplate->arg);
135 encoding = intVal(dencoding->arg);
137 /* obtain sysid of proposed owner */
139 datdba = get_usesysid(dbowner); /* will elog if no such user */
141 datdba = GetUserId();
143 if (datdba == (int32) GetUserId())
145 /* creating database for self: can be superuser or createdb */
146 if (!superuser() && !have_createdb_privilege())
147 elog(ERROR, "CREATE DATABASE: permission denied");
151 /* creating database for someone else: must be superuser */
152 /* note that the someone else need not have any permissions */
154 elog(ERROR, "CREATE DATABASE: permission denied");
157 /* don't call this in a transaction block */
158 if (IsTransactionBlock())
159 elog(ERROR, "CREATE DATABASE: may not be called in a transaction block");
162 * Check for db name conflict. There is a race condition here, since
163 * another backend could create the same DB name before we commit.
164 * However, holding an exclusive lock on pg_database for the whole
165 * time we are copying the source database doesn't seem like a good
166 * idea, so accept possibility of race to create. We will check again
167 * after we grab the exclusive lock.
169 if (get_db_info(dbname, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL))
170 elog(ERROR, "CREATE DATABASE: database \"%s\" already exists", dbname);
173 * Lookup database (template) to be cloned.
176 dbtemplate = "template1"; /* Default template database name */
178 if (!get_db_info(dbtemplate, &src_dboid, &src_owner, &src_encoding,
179 &src_istemplate, &src_lastsysoid,
180 &src_vacuumxid, &src_frozenxid,
182 elog(ERROR, "CREATE DATABASE: template \"%s\" does not exist",
186 * Permission check: to copy a DB that's not marked datistemplate, you
187 * must be superuser or the owner thereof.
191 if (!superuser() && GetUserId() != src_owner )
192 elog(ERROR, "CREATE DATABASE: permission to copy \"%s\" denied",
197 * Determine physical path of source database
199 alt_loc = resolve_alt_dbpath(src_dbpath, src_dboid);
201 alt_loc = GetDatabasePath(src_dboid);
202 strcpy(src_loc, alt_loc);
205 * The source DB can't have any active backends, except this one
206 * (exception is to allow CREATE DB while connected to template1).
207 * Otherwise we might copy inconsistent data. This check is not
208 * bulletproof, since someone might connect while we are copying...
210 if (DatabaseHasActiveBackends(src_dboid, true))
211 elog(ERROR, "CREATE DATABASE: source database \"%s\" is being accessed by other users", dbtemplate);
213 /* If encoding is defaulted, use source's encoding */
215 encoding = src_encoding;
218 /* Some encodings are client only */
219 if (!PG_VALID_BE_ENCODING(encoding))
220 elog(ERROR, "CREATE DATABASE: invalid backend encoding");
222 Assert(encoding == 0); /* zero is PG_SQL_ASCII */
226 * Preassign OID for pg_database tuple, so that we can compute db
232 * Compute nominal location (where we will try to access the
233 * database), and resolve alternate physical location if one is
236 * If an alternate location is specified but is the same as the
237 * normal path, just drop the alternate-location spec (this seems
238 * friendlier than erroring out). We must test this case to avoid
239 * creating a circular symlink below.
241 nominal_loc = GetDatabasePath(dboid);
242 alt_loc = resolve_alt_dbpath(dbpath, dboid);
244 if (alt_loc && strcmp(alt_loc, nominal_loc) == 0)
250 if (strchr(nominal_loc, '\''))
251 elog(ERROR, "database path may not contain single quotes");
252 if (alt_loc && strchr(alt_loc, '\''))
253 elog(ERROR, "database path may not contain single quotes");
254 if (strchr(src_loc, '\''))
255 elog(ERROR, "database path may not contain single quotes");
256 /* ... otherwise we'd be open to shell exploits below */
259 * Force dirty buffers out to disk, to ensure source database is
260 * up-to-date for the copy. (We really only need to flush buffers for
261 * the source database...)
266 * Close virtual file descriptors so the kernel has more available for
267 * the mkdir() and system() calls below.
272 * Check we can create the target directory --- but then remove it
273 * because we rely on cp(1) to create it for real.
275 target_dir = alt_loc ? alt_loc : nominal_loc;
277 if (mkdir(target_dir, S_IRWXU) != 0)
278 elog(ERROR, "CREATE DATABASE: unable to create database directory '%s': %m",
280 if (rmdir(target_dir) != 0)
281 elog(ERROR, "CREATE DATABASE: unable to remove temp directory '%s': %m",
284 /* Make the symlink, if needed */
287 if (symlink(alt_loc, nominal_loc) != 0)
288 elog(ERROR, "CREATE DATABASE: could not link '%s' to '%s': %m",
289 nominal_loc, alt_loc);
292 /* Copy the template database to the new location */
293 snprintf(buf, sizeof(buf), "cp -r '%s' '%s'", src_loc, target_dir);
295 if (system(buf) != 0)
297 if (remove_dbdirs(nominal_loc, alt_loc))
298 elog(ERROR, "CREATE DATABASE: could not initialize database directory");
300 elog(ERROR, "CREATE DATABASE: could not initialize database directory; delete failed as well");
304 * Now OK to grab exclusive lock on pg_database.
306 pg_database_rel = heap_openr(DatabaseRelationName, AccessExclusiveLock);
308 /* Check to see if someone else created same DB name meanwhile. */
309 if (get_db_info(dbname, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL))
311 /* Don't hold lock while doing recursive remove */
312 heap_close(pg_database_rel, AccessExclusiveLock);
313 remove_dbdirs(nominal_loc, alt_loc);
314 elog(ERROR, "CREATE DATABASE: database \"%s\" already exists", dbname);
318 * Insert a new tuple into pg_database
320 pg_database_dsc = RelationGetDescr(pg_database_rel);
323 MemSet(new_record, 0, sizeof(new_record));
324 MemSet(new_record_nulls, ' ', sizeof(new_record_nulls));
326 new_record[Anum_pg_database_datname - 1] =
327 DirectFunctionCall1(namein, CStringGetDatum(dbname));
328 new_record[Anum_pg_database_datdba - 1] = Int32GetDatum(datdba);
329 new_record[Anum_pg_database_encoding - 1] = Int32GetDatum(encoding);
330 new_record[Anum_pg_database_datistemplate - 1] = BoolGetDatum(false);
331 new_record[Anum_pg_database_datallowconn - 1] = BoolGetDatum(true);
332 new_record[Anum_pg_database_datlastsysoid - 1] = ObjectIdGetDatum(src_lastsysoid);
333 new_record[Anum_pg_database_datvacuumxid - 1] = TransactionIdGetDatum(src_vacuumxid);
334 new_record[Anum_pg_database_datfrozenxid - 1] = TransactionIdGetDatum(src_frozenxid);
335 /* do not set datpath to null, GetRawDatabaseInfo won't cope */
336 new_record[Anum_pg_database_datpath - 1] =
337 DirectFunctionCall1(textin, CStringGetDatum(dbpath ? dbpath : ""));
339 new_record_nulls[Anum_pg_database_datconfig - 1] = 'n';
340 new_record_nulls[Anum_pg_database_datacl - 1] = 'n';
342 tuple = heap_formtuple(pg_database_dsc, new_record, new_record_nulls);
344 tuple->t_data->t_oid = dboid; /* override heap_insert's OID
347 simple_heap_insert(pg_database_rel, tuple);
352 if (RelationGetForm(pg_database_rel)->relhasindex)
354 Relation idescs[Num_pg_database_indices];
356 CatalogOpenIndices(Num_pg_database_indices,
357 Name_pg_database_indices, idescs);
358 CatalogIndexInsert(idescs, Num_pg_database_indices, pg_database_rel,
360 CatalogCloseIndices(Num_pg_database_indices, idescs);
363 /* Close pg_database, but keep lock till commit */
364 heap_close(pg_database_rel, NoLock);
367 * Force dirty buffers out to disk, so that newly-connecting backends
368 * will see the new database in pg_database right away. (They'll see
369 * an uncommitted tuple, but they don't care; see GetRawDatabaseInfo.)
379 dropdb(const char *dbname)
386 char dbpath[MAXPGPATH];
388 HeapScanDesc pgdbscan;
394 if (strcmp(dbname, DatabaseName) == 0)
395 elog(ERROR, "DROP DATABASE: cannot be executed on the currently open database");
397 if (IsTransactionBlock())
398 elog(ERROR, "DROP DATABASE: may not be called in a transaction block");
401 * Obtain exclusive lock on pg_database. We need this to ensure that
402 * no new backend starts up in the target database while we are
403 * deleting it. (Actually, a new backend might still manage to start
404 * up, because it will read pg_database without any locking to
405 * discover the database's OID. But it will detect its error in
406 * ReverifyMyDatabase and shut down before any serious damage is done.
409 pgdbrel = heap_openr(DatabaseRelationName, AccessExclusiveLock);
411 if (!get_db_info(dbname, &db_id, &db_owner, NULL,
412 &db_istemplate, NULL, NULL, NULL, dbpath))
413 elog(ERROR, "DROP DATABASE: database \"%s\" does not exist", dbname);
415 if (GetUserId() != db_owner && !superuser())
416 elog(ERROR, "DROP DATABASE: permission denied");
419 * Disallow dropping a DB that is marked istemplate. This is just to
420 * prevent people from accidentally dropping template0 or template1;
421 * they can do so if they're really determined ...
424 elog(ERROR, "DROP DATABASE: database is marked as a template");
426 nominal_loc = GetDatabasePath(db_id);
427 alt_loc = resolve_alt_dbpath(dbpath, db_id);
430 * Check for active backends in the target database.
432 if (DatabaseHasActiveBackends(db_id, false))
433 elog(ERROR, "DROP DATABASE: database \"%s\" is being accessed by other users", dbname);
436 * Find the database's tuple by OID (should be unique).
438 ScanKeyEntryInitialize(&key, 0, ObjectIdAttributeNumber,
439 F_OIDEQ, ObjectIdGetDatum(db_id));
441 pgdbscan = heap_beginscan(pgdbrel, SnapshotNow, 1, &key);
443 tup = heap_getnext(pgdbscan, ForwardScanDirection);
444 if (!HeapTupleIsValid(tup))
447 * This error should never come up since the existence of the
448 * database is checked earlier
450 elog(ERROR, "DROP DATABASE: Database \"%s\" doesn't exist despite earlier reports to the contrary",
454 /* Remove the database's tuple from pg_database */
455 simple_heap_delete(pgdbrel, &tup->t_self);
457 heap_endscan(pgdbscan);
459 /* Delete any comments associated with the database */
460 DeleteComments(db_id, RelationGetRelid(pgdbrel));
463 * Close pg_database, but keep exclusive lock till commit to ensure
464 * that any new backend scanning pg_database will see the tuple dead.
466 heap_close(pgdbrel, NoLock);
469 * Drop pages for this database that are in the shared buffer cache.
470 * This is important to ensure that no remaining backend tries to
471 * write out a dirty buffer to the dead database later...
476 * Also, clean out any entries in the shared free space map.
478 FreeSpaceMapForgetDatabase(db_id);
481 * Remove the database's subdirectory and everything in it.
483 remove_dbdirs(nominal_loc, alt_loc);
486 * Force dirty buffers out to disk, so that newly-connecting backends
487 * will see the database tuple marked dead in pg_database right away.
488 * (They'll see an uncommitted deletion, but they don't care; see
489 * GetRawDatabaseInfo.)
497 * ALTER DATABASE name SET ...
500 AlterDatabaseSet(AlterDatabaseSetStmt *stmt)
508 Datum repl_val[Natts_pg_database];
509 char repl_null[Natts_pg_database];
510 char repl_repl[Natts_pg_database];
512 valuestr = flatten_set_variable_args(stmt->variable, stmt->value);
514 rel = heap_openr(DatabaseRelationName, RowExclusiveLock);
515 ScanKeyEntryInitialize(&scankey, 0, Anum_pg_database_datname,
516 F_NAMEEQ, NameGetDatum(stmt->dbname));
517 scan = heap_beginscan(rel, SnapshotNow, 1, &scankey);
518 tuple = heap_getnext(scan, ForwardScanDirection);
519 if (!HeapTupleIsValid(tuple))
520 elog(ERROR, "database \"%s\" does not exist", stmt->dbname);
523 || ((Form_pg_database) GETSTRUCT(tuple))->datdba == GetUserId()))
524 elog(ERROR, "permission denied");
526 MemSet(repl_repl, ' ', sizeof(repl_repl));
527 repl_repl[Anum_pg_database_datconfig-1] = 'r';
529 if (strcmp(stmt->variable, "all")==0 && valuestr == NULL)
532 repl_null[Anum_pg_database_datconfig-1] = 'n';
533 repl_val[Anum_pg_database_datconfig-1] = (Datum) 0;
541 repl_null[Anum_pg_database_datconfig-1] = ' ';
543 datum = heap_getattr(tuple, Anum_pg_database_datconfig,
544 RelationGetDescr(rel), &isnull);
546 a = isnull ? ((ArrayType *) NULL) : DatumGetArrayTypeP(datum);
549 a = GUCArrayAdd(a, stmt->variable, valuestr);
551 a = GUCArrayDelete(a, stmt->variable);
553 repl_val[Anum_pg_database_datconfig-1] = PointerGetDatum(a);
556 newtuple = heap_modifytuple(tuple, rel, repl_val, repl_null, repl_repl);
557 simple_heap_update(rel, &tuple->t_self, newtuple);
562 if (RelationGetForm(rel)->relhasindex)
564 Relation idescs[Num_pg_database_indices];
566 CatalogOpenIndices(Num_pg_database_indices,
567 Name_pg_database_indices, idescs);
568 CatalogIndexInsert(idescs, Num_pg_database_indices, rel,
570 CatalogCloseIndices(Num_pg_database_indices, idescs);
574 heap_close(rel, RowExclusiveLock);
584 get_db_info(const char *name, Oid *dbIdP, int4 *ownerIdP,
585 int *encodingP, bool *dbIsTemplateP, Oid *dbLastSysOidP,
586 TransactionId *dbVacuumXidP, TransactionId *dbFrozenXidP,
597 /* Caller may wish to grab a better lock on pg_database beforehand... */
598 relation = heap_openr(DatabaseRelationName, AccessShareLock);
600 ScanKeyEntryInitialize(&scanKey, 0, Anum_pg_database_datname,
601 F_NAMEEQ, NameGetDatum(name));
603 scan = heap_beginscan(relation, SnapshotNow, 1, &scanKey);
605 tuple = heap_getnext(scan, ForwardScanDirection);
607 gottuple = HeapTupleIsValid(tuple);
610 Form_pg_database dbform = (Form_pg_database) GETSTRUCT(tuple);
612 /* oid of the database */
614 *dbIdP = tuple->t_data->t_oid;
615 /* sysid of the owner */
617 *ownerIdP = dbform->datdba;
618 /* multibyte encoding */
620 *encodingP = dbform->encoding;
621 /* allowed as template? */
623 *dbIsTemplateP = dbform->datistemplate;
624 /* last system OID used in database */
626 *dbLastSysOidP = dbform->datlastsysoid;
627 /* limit of vacuumed XIDs */
629 *dbVacuumXidP = dbform->datvacuumxid;
630 /* limit of frozen XIDs */
632 *dbFrozenXidP = dbform->datfrozenxid;
633 /* database path (as registered in pg_database) */
639 datum = heap_getattr(tuple,
640 Anum_pg_database_datpath,
641 RelationGetDescr(relation),
645 text *pathtext = DatumGetTextP(datum);
646 int pathlen = VARSIZE(pathtext) - VARHDRSZ;
648 Assert(pathlen >= 0 && pathlen < MAXPGPATH);
649 strncpy(dbpath, VARDATA(pathtext), pathlen);
650 *(dbpath + pathlen) = '\0';
658 heap_close(relation, AccessShareLock);
664 have_createdb_privilege(void)
669 utup = SearchSysCache(SHADOWSYSID,
670 ObjectIdGetDatum(GetUserId()),
673 if (!HeapTupleIsValid(utup))
676 retval = ((Form_pg_shadow) GETSTRUCT(utup))->usecreatedb;
678 ReleaseSysCache(utup);
685 resolve_alt_dbpath(const char *dbpath, Oid dboid)
691 if (dbpath == NULL || dbpath[0] == '\0')
694 if (strchr(dbpath, '/'))
696 if (dbpath[0] != '/')
697 elog(ERROR, "Relative paths are not allowed as database locations");
698 #ifndef ALLOW_ABSOLUTE_DBPATHS
699 elog(ERROR, "Absolute paths are not allowed as database locations");
705 /* must be environment variable */
706 char *var = getenv(dbpath);
709 elog(ERROR, "Postmaster environment variable '%s' not set", dbpath);
711 elog(ERROR, "Postmaster environment variable '%s' must be absolute path", dbpath);
715 len = strlen(prefix) + 6 + sizeof(Oid) * 8 + 1;
716 if (len >= MAXPGPATH - 100)
717 elog(ERROR, "Alternate path is too long");
720 snprintf(ret, len, "%s/base/%u", prefix, dboid);
727 remove_dbdirs(const char *nominal_loc, const char *alt_loc)
729 const char *target_dir;
730 char buf[MAXPGPATH + 100];
733 target_dir = alt_loc ? alt_loc : nominal_loc;
736 * Close virtual file descriptors so the kernel has more available for
737 * the system() call below.
744 if (unlink(nominal_loc) != 0)
746 elog(WARNING, "could not remove '%s': %m", nominal_loc);
751 snprintf(buf, sizeof(buf), "rm -rf '%s'", target_dir);
753 if (system(buf) != 0)
755 elog(WARNING, "database directory '%s' could not be removed",