1 /*-------------------------------------------------------------------------
4 * Database management commands (create/drop database).
6 * Note: database creation/destruction commands use exclusive locks on
7 * the database objects (as expressed by LockSharedObject()) to avoid
8 * stepping on each others' toes. Formerly we used table-level locks
9 * on pg_database, but that's too coarse-grained.
11 * Portions Copyright (c) 1996-2013, PostgreSQL Global Development Group
12 * Portions Copyright (c) 1994, Regents of the University of California
16 * src/backend/commands/dbcommands.c
18 *-------------------------------------------------------------------------
27 #include "access/genam.h"
28 #include "access/heapam.h"
29 #include "access/htup_details.h"
30 #include "access/xact.h"
31 #include "access/xlogutils.h"
32 #include "catalog/catalog.h"
33 #include "catalog/dependency.h"
34 #include "catalog/indexing.h"
35 #include "catalog/objectaccess.h"
36 #include "catalog/pg_authid.h"
37 #include "catalog/pg_database.h"
38 #include "catalog/pg_db_role_setting.h"
39 #include "catalog/pg_tablespace.h"
40 #include "commands/comment.h"
41 #include "commands/dbcommands.h"
42 #include "commands/seclabel.h"
43 #include "commands/tablespace.h"
44 #include "mb/pg_wchar.h"
45 #include "miscadmin.h"
47 #include "postmaster/bgwriter.h"
48 #include "storage/copydir.h"
49 #include "storage/fd.h"
50 #include "storage/lmgr.h"
51 #include "storage/ipc.h"
52 #include "storage/procarray.h"
53 #include "storage/smgr.h"
54 #include "utils/acl.h"
55 #include "utils/builtins.h"
56 #include "utils/fmgroids.h"
57 #include "utils/pg_locale.h"
58 #include "utils/snapmgr.h"
59 #include "utils/syscache.h"
60 #include "utils/tqual.h"
65 Oid src_dboid; /* source (template) DB */
66 Oid dest_dboid; /* DB we are trying to create */
67 } createdb_failure_params;
71 Oid dest_dboid; /* DB we are trying to move */
72 Oid dest_tsoid; /* tablespace we are trying to move to */
73 } movedb_failure_params;
75 /* non-export function prototypes */
76 static void createdb_failure_callback(int code, Datum arg);
77 static void movedb(const char *dbname, const char *tblspcname);
78 static void movedb_failure_callback(int code, Datum arg);
79 static bool get_db_info(const char *name, LOCKMODE lockmode,
80 Oid *dbIdP, Oid *ownerIdP,
81 int *encodingP, bool *dbIsTemplateP, bool *dbAllowConnP,
82 Oid *dbLastSysOidP, TransactionId *dbFrozenXidP,
83 MultiXactId *dbMinMultiP,
84 Oid *dbTablespace, char **dbCollate, char **dbCtype);
85 static bool have_createdb_privilege(void);
86 static void remove_dbtablespaces(Oid db_id);
87 static bool check_db_file_conflict(Oid db_id);
88 static int errdetail_busy_db(int notherbackends, int npreparedxacts);
95 createdb(const CreatedbStmt *stmt)
107 TransactionId src_frozenxid;
108 MultiXactId src_minmxid;
109 Oid src_deftablespace;
110 volatile Oid dst_deftablespace;
111 Relation pg_database_rel;
113 Datum new_record[Natts_pg_database];
114 bool new_record_nulls[Natts_pg_database];
118 DefElem *dtablespacename = NULL;
119 DefElem *downer = NULL;
120 DefElem *dtemplate = NULL;
121 DefElem *dencoding = NULL;
122 DefElem *dcollate = NULL;
123 DefElem *dctype = NULL;
124 DefElem *dconnlimit = NULL;
125 char *dbname = stmt->dbname;
126 char *dbowner = NULL;
127 const char *dbtemplate = NULL;
128 char *dbcollate = NULL;
129 char *dbctype = NULL;
132 int dbconnlimit = -1;
135 createdb_failure_params fparms;
137 /* Extract options from the statement node tree */
138 foreach(option, stmt->options)
140 DefElem *defel = (DefElem *) lfirst(option);
142 if (strcmp(defel->defname, "tablespace") == 0)
146 (errcode(ERRCODE_SYNTAX_ERROR),
147 errmsg("conflicting or redundant options")));
148 dtablespacename = defel;
150 else if (strcmp(defel->defname, "owner") == 0)
154 (errcode(ERRCODE_SYNTAX_ERROR),
155 errmsg("conflicting or redundant options")));
158 else if (strcmp(defel->defname, "template") == 0)
162 (errcode(ERRCODE_SYNTAX_ERROR),
163 errmsg("conflicting or redundant options")));
166 else if (strcmp(defel->defname, "encoding") == 0)
170 (errcode(ERRCODE_SYNTAX_ERROR),
171 errmsg("conflicting or redundant options")));
174 else if (strcmp(defel->defname, "lc_collate") == 0)
178 (errcode(ERRCODE_SYNTAX_ERROR),
179 errmsg("conflicting or redundant options")));
182 else if (strcmp(defel->defname, "lc_ctype") == 0)
186 (errcode(ERRCODE_SYNTAX_ERROR),
187 errmsg("conflicting or redundant options")));
190 else if (strcmp(defel->defname, "connectionlimit") == 0)
194 (errcode(ERRCODE_SYNTAX_ERROR),
195 errmsg("conflicting or redundant options")));
198 else if (strcmp(defel->defname, "location") == 0)
201 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
202 errmsg("LOCATION is not supported anymore"),
203 errhint("Consider using tablespaces instead.")));
206 elog(ERROR, "option \"%s\" not recognized",
210 if (downer && downer->arg)
211 dbowner = strVal(downer->arg);
212 if (dtemplate && dtemplate->arg)
213 dbtemplate = strVal(dtemplate->arg);
214 if (dencoding && dencoding->arg)
216 const char *encoding_name;
218 if (IsA(dencoding->arg, Integer))
220 encoding = intVal(dencoding->arg);
221 encoding_name = pg_encoding_to_char(encoding);
222 if (strcmp(encoding_name, "") == 0 ||
223 pg_valid_server_encoding(encoding_name) < 0)
225 (errcode(ERRCODE_UNDEFINED_OBJECT),
226 errmsg("%d is not a valid encoding code",
229 else if (IsA(dencoding->arg, String))
231 encoding_name = strVal(dencoding->arg);
232 encoding = pg_valid_server_encoding(encoding_name);
235 (errcode(ERRCODE_UNDEFINED_OBJECT),
236 errmsg("%s is not a valid encoding name",
240 elog(ERROR, "unrecognized node type: %d",
241 nodeTag(dencoding->arg));
243 if (dcollate && dcollate->arg)
244 dbcollate = strVal(dcollate->arg);
245 if (dctype && dctype->arg)
246 dbctype = strVal(dctype->arg);
248 if (dconnlimit && dconnlimit->arg)
250 dbconnlimit = intVal(dconnlimit->arg);
251 if (dbconnlimit < -1)
253 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
254 errmsg("invalid connection limit: %d", dbconnlimit)));
257 /* obtain OID of proposed owner */
259 datdba = get_role_oid(dbowner, false);
261 datdba = GetUserId();
264 * To create a database, must have createdb privilege and must be able to
265 * become the target role (this does not imply that the target role itself
266 * must have createdb privilege). The latter provision guards against
267 * "giveaway" attacks. Note that a superuser will always have both of
268 * these privileges a fortiori.
270 if (!have_createdb_privilege())
272 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
273 errmsg("permission denied to create database")));
275 check_is_member_of_role(GetUserId(), datdba);
278 * Lookup database (template) to be cloned, and obtain share lock on it.
279 * ShareLock allows two CREATE DATABASEs to work from the same template
280 * concurrently, while ensuring no one is busy dropping it in parallel
281 * (which would be Very Bad since we'd likely get an incomplete copy
282 * without knowing it). This also prevents any new connections from being
283 * made to the source until we finish copying it, so we can be sure it
284 * won't change underneath us.
287 dbtemplate = "template1"; /* Default template database name */
289 if (!get_db_info(dbtemplate, ShareLock,
290 &src_dboid, &src_owner, &src_encoding,
291 &src_istemplate, &src_allowconn, &src_lastsysoid,
292 &src_frozenxid, &src_minmxid, &src_deftablespace,
293 &src_collate, &src_ctype))
295 (errcode(ERRCODE_UNDEFINED_DATABASE),
296 errmsg("template database \"%s\" does not exist",
300 * Permission check: to copy a DB that's not marked datistemplate, you
301 * must be superuser or the owner thereof.
305 if (!pg_database_ownercheck(src_dboid, GetUserId()))
307 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
308 errmsg("permission denied to copy database \"%s\"",
312 /* If encoding or locales are defaulted, use source's setting */
314 encoding = src_encoding;
315 if (dbcollate == NULL)
316 dbcollate = src_collate;
320 /* Some encodings are client only */
321 if (!PG_VALID_BE_ENCODING(encoding))
323 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
324 errmsg("invalid server encoding %d", encoding)));
326 /* Check that the chosen locales are valid, and get canonical spellings */
327 if (!check_locale(LC_COLLATE, dbcollate, &canonname))
329 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
330 errmsg("invalid locale name: \"%s\"", dbcollate)));
331 dbcollate = canonname;
332 if (!check_locale(LC_CTYPE, dbctype, &canonname))
334 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
335 errmsg("invalid locale name: \"%s\"", dbctype)));
338 check_encoding_locale_matches(encoding, dbcollate, dbctype);
341 * Check that the new encoding and locale settings match the source
342 * database. We insist on this because we simply copy the source data ---
343 * any non-ASCII data would be wrongly encoded, and any indexes sorted
344 * according to the source locale would be wrong.
346 * However, we assume that template0 doesn't contain any non-ASCII data
347 * nor any indexes that depend on collation or ctype, so template0 can be
348 * used as template for creating a database with any encoding or locale.
350 if (strcmp(dbtemplate, "template0") != 0)
352 if (encoding != src_encoding)
354 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
355 errmsg("new encoding (%s) is incompatible with the encoding of the template database (%s)",
356 pg_encoding_to_char(encoding),
357 pg_encoding_to_char(src_encoding)),
358 errhint("Use the same encoding as in the template database, or use template0 as template.")));
360 if (strcmp(dbcollate, src_collate) != 0)
362 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
363 errmsg("new collation (%s) is incompatible with the collation of the template database (%s)",
364 dbcollate, src_collate),
365 errhint("Use the same collation as in the template database, or use template0 as template.")));
367 if (strcmp(dbctype, src_ctype) != 0)
369 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
370 errmsg("new LC_CTYPE (%s) is incompatible with the LC_CTYPE of the template database (%s)",
372 errhint("Use the same LC_CTYPE as in the template database, or use template0 as template.")));
375 /* Resolve default tablespace for new database */
376 if (dtablespacename && dtablespacename->arg)
378 char *tablespacename;
381 tablespacename = strVal(dtablespacename->arg);
382 dst_deftablespace = get_tablespace_oid(tablespacename, false);
383 /* check permissions */
384 aclresult = pg_tablespace_aclcheck(dst_deftablespace, GetUserId(),
386 if (aclresult != ACLCHECK_OK)
387 aclcheck_error(aclresult, ACL_KIND_TABLESPACE,
390 /* pg_global must never be the default tablespace */
391 if (dst_deftablespace == GLOBALTABLESPACE_OID)
393 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
394 errmsg("pg_global cannot be used as default tablespace")));
397 * If we are trying to change the default tablespace of the template,
398 * we require that the template not have any files in the new default
399 * tablespace. This is necessary because otherwise the copied
400 * database would contain pg_class rows that refer to its default
401 * tablespace both explicitly (by OID) and implicitly (as zero), which
402 * would cause problems. For example another CREATE DATABASE using
403 * the copied database as template, and trying to change its default
404 * tablespace again, would yield outright incorrect results (it would
405 * improperly move tables to the new default tablespace that should
406 * stay in the same tablespace).
408 if (dst_deftablespace != src_deftablespace)
413 srcpath = GetDatabasePath(src_dboid, dst_deftablespace);
415 if (stat(srcpath, &st) == 0 &&
416 S_ISDIR(st.st_mode) &&
417 !directory_is_empty(srcpath))
419 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
420 errmsg("cannot assign new default tablespace \"%s\"",
422 errdetail("There is a conflict because database \"%s\" already has some tables in this tablespace.",
429 /* Use template database's default tablespace */
430 dst_deftablespace = src_deftablespace;
431 /* Note there is no additional permission check in this path */
435 * Check for db name conflict. This is just to give a more friendly error
436 * message than "unique index violation". There's a race condition but
437 * we're willing to accept the less friendly message in that case.
439 if (OidIsValid(get_database_oid(dbname, true)))
441 (errcode(ERRCODE_DUPLICATE_DATABASE),
442 errmsg("database \"%s\" already exists", dbname)));
445 * The source DB can't have any active backends, except this one
446 * (exception is to allow CREATE DB while connected to template1).
447 * Otherwise we might copy inconsistent data.
449 * This should be last among the basic error checks, because it involves
450 * potential waiting; we may as well throw an error first if we're gonna
453 if (CountOtherDBBackends(src_dboid, ¬herbackends, &npreparedxacts))
455 (errcode(ERRCODE_OBJECT_IN_USE),
456 errmsg("source database \"%s\" is being accessed by other users",
458 errdetail_busy_db(notherbackends, npreparedxacts)));
461 * Select an OID for the new database, checking that it doesn't have a
462 * filename conflict with anything already existing in the tablespace
465 pg_database_rel = heap_open(DatabaseRelationId, RowExclusiveLock);
469 dboid = GetNewOid(pg_database_rel);
470 } while (check_db_file_conflict(dboid));
473 * Insert a new tuple into pg_database. This establishes our ownership of
474 * the new database name (anyone else trying to insert the same name will
475 * block on the unique index, and fail after we commit).
479 MemSet(new_record, 0, sizeof(new_record));
480 MemSet(new_record_nulls, false, sizeof(new_record_nulls));
482 new_record[Anum_pg_database_datname - 1] =
483 DirectFunctionCall1(namein, CStringGetDatum(dbname));
484 new_record[Anum_pg_database_datdba - 1] = ObjectIdGetDatum(datdba);
485 new_record[Anum_pg_database_encoding - 1] = Int32GetDatum(encoding);
486 new_record[Anum_pg_database_datcollate - 1] =
487 DirectFunctionCall1(namein, CStringGetDatum(dbcollate));
488 new_record[Anum_pg_database_datctype - 1] =
489 DirectFunctionCall1(namein, CStringGetDatum(dbctype));
490 new_record[Anum_pg_database_datistemplate - 1] = BoolGetDatum(false);
491 new_record[Anum_pg_database_datallowconn - 1] = BoolGetDatum(true);
492 new_record[Anum_pg_database_datconnlimit - 1] = Int32GetDatum(dbconnlimit);
493 new_record[Anum_pg_database_datlastsysoid - 1] = ObjectIdGetDatum(src_lastsysoid);
494 new_record[Anum_pg_database_datfrozenxid - 1] = TransactionIdGetDatum(src_frozenxid);
495 new_record[Anum_pg_database_datminmxid - 1] = TransactionIdGetDatum(src_minmxid);
496 new_record[Anum_pg_database_dattablespace - 1] = ObjectIdGetDatum(dst_deftablespace);
499 * We deliberately set datacl to default (NULL), rather than copying it
500 * from the template database. Copying it would be a bad idea when the
501 * owner is not the same as the template's owner.
503 new_record_nulls[Anum_pg_database_datacl - 1] = true;
505 tuple = heap_form_tuple(RelationGetDescr(pg_database_rel),
506 new_record, new_record_nulls);
508 HeapTupleSetOid(tuple, dboid);
510 simple_heap_insert(pg_database_rel, tuple);
513 CatalogUpdateIndexes(pg_database_rel, tuple);
516 * Now generate additional catalog entries associated with the new DB
519 /* Register owner dependency */
520 recordDependencyOnOwner(DatabaseRelationId, dboid, datdba);
522 /* Create pg_shdepend entries for objects within database */
523 copyTemplateDependencies(src_dboid, dboid);
525 /* Post creation hook for new database */
526 InvokeObjectPostCreateHook(DatabaseRelationId, dboid, 0);
529 * Force a checkpoint before starting the copy. This will force dirty
530 * buffers out to disk, to ensure source database is up-to-date on disk
531 * for the copy. FlushDatabaseBuffers() would suffice for that, but we
532 * also want to process any pending unlink requests. Otherwise, if a
533 * checkpoint happened while we're copying files, a file might be deleted
534 * just when we're about to copy it, causing the lstat() call in copydir()
535 * to fail with ENOENT.
537 RequestCheckpoint(CHECKPOINT_IMMEDIATE | CHECKPOINT_FORCE | CHECKPOINT_WAIT);
540 * Once we start copying subdirectories, we need to be able to clean 'em
541 * up if we fail. Use an ENSURE block to make sure this happens. (This
542 * is not a 100% solution, because of the possibility of failure during
543 * transaction commit after we leave this routine, but it should handle
546 fparms.src_dboid = src_dboid;
547 fparms.dest_dboid = dboid;
548 PG_ENSURE_ERROR_CLEANUP(createdb_failure_callback,
549 PointerGetDatum(&fparms));
552 * Iterate through all tablespaces of the template database, and copy
553 * each one to the new database.
555 rel = heap_open(TableSpaceRelationId, AccessShareLock);
556 scan = heap_beginscan_catalog(rel, 0, NULL);
557 while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
559 Oid srctablespace = HeapTupleGetOid(tuple);
565 /* No need to copy global tablespace */
566 if (srctablespace == GLOBALTABLESPACE_OID)
569 srcpath = GetDatabasePath(src_dboid, srctablespace);
571 if (stat(srcpath, &st) < 0 || !S_ISDIR(st.st_mode) ||
572 directory_is_empty(srcpath))
574 /* Assume we can ignore it */
579 if (srctablespace == src_deftablespace)
580 dsttablespace = dst_deftablespace;
582 dsttablespace = srctablespace;
584 dstpath = GetDatabasePath(dboid, dsttablespace);
587 * Copy this subdirectory to the new location
589 * We don't need to copy subdirectories
591 copydir(srcpath, dstpath, false);
593 /* Record the filesystem change in XLOG */
595 xl_dbase_create_rec xlrec;
596 XLogRecData rdata[1];
599 xlrec.tablespace_id = dsttablespace;
600 xlrec.src_db_id = src_dboid;
601 xlrec.src_tablespace_id = srctablespace;
603 rdata[0].data = (char *) &xlrec;
604 rdata[0].len = sizeof(xl_dbase_create_rec);
605 rdata[0].buffer = InvalidBuffer;
606 rdata[0].next = NULL;
608 (void) XLogInsert(RM_DBASE_ID, XLOG_DBASE_CREATE, rdata);
612 heap_close(rel, AccessShareLock);
615 * We force a checkpoint before committing. This effectively means
616 * that committed XLOG_DBASE_CREATE operations will never need to be
617 * replayed (at least not in ordinary crash recovery; we still have to
618 * make the XLOG entry for the benefit of PITR operations). This
619 * avoids two nasty scenarios:
621 * #1: When PITR is off, we don't XLOG the contents of newly created
622 * indexes; therefore the drop-and-recreate-whole-directory behavior
623 * of DBASE_CREATE replay would lose such indexes.
625 * #2: Since we have to recopy the source database during DBASE_CREATE
626 * replay, we run the risk of copying changes in it that were
627 * committed after the original CREATE DATABASE command but before the
628 * system crash that led to the replay. This is at least unexpected
629 * and at worst could lead to inconsistencies, eg duplicate table
632 * (Both of these were real bugs in releases 8.0 through 8.0.3.)
634 * In PITR replay, the first of these isn't an issue, and the second
635 * is only a risk if the CREATE DATABASE and subsequent template
636 * database change both occur while a base backup is being taken.
637 * There doesn't seem to be much we can do about that except document
638 * it as a limitation.
640 * Perhaps if we ever implement CREATE DATABASE in a less cheesy way,
643 RequestCheckpoint(CHECKPOINT_IMMEDIATE | CHECKPOINT_FORCE | CHECKPOINT_WAIT);
646 * Close pg_database, but keep lock till commit.
648 heap_close(pg_database_rel, NoLock);
651 * Force synchronous commit, thus minimizing the window between
652 * creation of the database files and commital of the transaction. If
653 * we crash before committing, we'll have a DB that's taking up disk
654 * space but is not in pg_database, which is not good.
658 PG_END_ENSURE_ERROR_CLEANUP(createdb_failure_callback,
659 PointerGetDatum(&fparms));
665 * Check whether chosen encoding matches chosen locale settings. This
666 * restriction is necessary because libc's locale-specific code usually
667 * fails when presented with data in an encoding it's not expecting. We
668 * allow mismatch in four cases:
670 * 1. locale encoding = SQL_ASCII, which means that the locale is C/POSIX
671 * which works with any encoding.
673 * 2. locale encoding = -1, which means that we couldn't determine the
674 * locale's encoding and have to trust the user to get it right.
676 * 3. selected encoding is UTF8 and platform is win32. This is because
677 * UTF8 is a pseudo codepage that is supported in all locales since it's
678 * converted to UTF16 before being used.
680 * 4. selected encoding is SQL_ASCII, but only if you're a superuser. This
681 * is risky but we have historically allowed it --- notably, the
682 * regression tests require it.
684 * Note: if you change this policy, fix initdb to match.
687 check_encoding_locale_matches(int encoding, const char *collate, const char *ctype)
689 int ctype_encoding = pg_get_encoding_from_locale(ctype, true);
690 int collate_encoding = pg_get_encoding_from_locale(collate, true);
692 if (!(ctype_encoding == encoding ||
693 ctype_encoding == PG_SQL_ASCII ||
694 ctype_encoding == -1 ||
696 encoding == PG_UTF8 ||
698 (encoding == PG_SQL_ASCII && superuser())))
700 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
701 errmsg("encoding \"%s\" does not match locale \"%s\"",
702 pg_encoding_to_char(encoding),
704 errdetail("The chosen LC_CTYPE setting requires encoding \"%s\".",
705 pg_encoding_to_char(ctype_encoding))));
707 if (!(collate_encoding == encoding ||
708 collate_encoding == PG_SQL_ASCII ||
709 collate_encoding == -1 ||
711 encoding == PG_UTF8 ||
713 (encoding == PG_SQL_ASCII && superuser())))
715 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
716 errmsg("encoding \"%s\" does not match locale \"%s\"",
717 pg_encoding_to_char(encoding),
719 errdetail("The chosen LC_COLLATE setting requires encoding \"%s\".",
720 pg_encoding_to_char(collate_encoding))));
723 /* Error cleanup callback for createdb */
725 createdb_failure_callback(int code, Datum arg)
727 createdb_failure_params *fparms = (createdb_failure_params *) DatumGetPointer(arg);
730 * Release lock on source database before doing recursive remove. This is
731 * not essential but it seems desirable to release the lock as soon as
734 UnlockSharedObject(DatabaseRelationId, fparms->src_dboid, 0, ShareLock);
736 /* Throw away any successfully copied subdirectories */
737 remove_dbtablespaces(fparms->dest_dboid);
745 dropdb(const char *dbname, bool missing_ok)
755 * Look up the target database's OID, and get exclusive lock on it. We
756 * need this to ensure that no new backend starts up in the target
757 * database while we are deleting it (see postinit.c), and that no one is
758 * using it as a CREATE DATABASE template or trying to delete it for
761 pgdbrel = heap_open(DatabaseRelationId, RowExclusiveLock);
763 if (!get_db_info(dbname, AccessExclusiveLock, &db_id, NULL, NULL,
764 &db_istemplate, NULL, NULL, NULL, NULL, NULL, NULL, NULL))
769 (errcode(ERRCODE_UNDEFINED_DATABASE),
770 errmsg("database \"%s\" does not exist", dbname)));
774 /* Close pg_database, release the lock, since we changed nothing */
775 heap_close(pgdbrel, RowExclusiveLock);
777 (errmsg("database \"%s\" does not exist, skipping",
786 if (!pg_database_ownercheck(db_id, GetUserId()))
787 aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
790 /* DROP hook for the database being removed */
791 InvokeObjectDropHook(DatabaseRelationId, db_id, 0);
794 * Disallow dropping a DB that is marked istemplate. This is just to
795 * prevent people from accidentally dropping template0 or template1; they
796 * can do so if they're really determined ...
800 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
801 errmsg("cannot drop a template database")));
803 /* Obviously can't drop my own database */
804 if (db_id == MyDatabaseId)
806 (errcode(ERRCODE_OBJECT_IN_USE),
807 errmsg("cannot drop the currently open database")));
810 * Check for other backends in the target database. (Because we hold the
811 * database lock, no new ones can start after this.)
813 * As in CREATE DATABASE, check this after other error conditions.
815 if (CountOtherDBBackends(db_id, ¬herbackends, &npreparedxacts))
817 (errcode(ERRCODE_OBJECT_IN_USE),
818 errmsg("database \"%s\" is being accessed by other users",
820 errdetail_busy_db(notherbackends, npreparedxacts)));
823 * Remove the database's tuple from pg_database.
825 tup = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(db_id));
826 if (!HeapTupleIsValid(tup))
827 elog(ERROR, "cache lookup failed for database %u", db_id);
829 simple_heap_delete(pgdbrel, &tup->t_self);
831 ReleaseSysCache(tup);
834 * Delete any comments or security labels associated with the database.
836 DeleteSharedComments(db_id, DatabaseRelationId);
837 DeleteSharedSecurityLabel(db_id, DatabaseRelationId);
840 * Remove settings associated with this database
842 DropSetting(db_id, InvalidOid);
845 * Remove shared dependency references for the database.
847 dropDatabaseDependencies(db_id);
850 * Drop pages for this database that are in the shared buffer cache. This
851 * is important to ensure that no remaining backend tries to write out a
852 * dirty buffer to the dead database later...
854 DropDatabaseBuffers(db_id);
857 * Tell the stats collector to forget it immediately, too.
859 pgstat_drop_database(db_id);
862 * Tell checkpointer to forget any pending fsync and unlink requests for
863 * files in the database; else the fsyncs will fail at next checkpoint, or
864 * worse, it will delete files that belong to a newly created database
867 ForgetDatabaseFsyncRequests(db_id);
870 * Force a checkpoint to make sure the checkpointer has received the
871 * message sent by ForgetDatabaseFsyncRequests. On Windows, this also
872 * ensures that background procs don't hold any open files, which would
873 * cause rmdir() to fail.
875 RequestCheckpoint(CHECKPOINT_IMMEDIATE | CHECKPOINT_FORCE | CHECKPOINT_WAIT);
878 * Remove all tablespace subdirs belonging to the database.
880 remove_dbtablespaces(db_id);
883 * Close pg_database, but keep lock till commit.
885 heap_close(pgdbrel, NoLock);
888 * Force synchronous commit, thus minimizing the window between removal of
889 * the database files and commital of the transaction. If we crash before
890 * committing, we'll have a DB that's gone on disk but still there
891 * according to pg_database, which is not good.
901 RenameDatabase(const char *oldname, const char *newname)
910 * Look up the target database's OID, and get exclusive lock on it. We
911 * need this for the same reasons as DROP DATABASE.
913 rel = heap_open(DatabaseRelationId, RowExclusiveLock);
915 if (!get_db_info(oldname, AccessExclusiveLock, &db_id, NULL, NULL,
916 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL))
918 (errcode(ERRCODE_UNDEFINED_DATABASE),
919 errmsg("database \"%s\" does not exist", oldname)));
922 if (!pg_database_ownercheck(db_id, GetUserId()))
923 aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
926 /* must have createdb rights */
927 if (!have_createdb_privilege())
929 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
930 errmsg("permission denied to rename database")));
933 * Make sure the new name doesn't exist. See notes for same error in
936 if (OidIsValid(get_database_oid(newname, true)))
938 (errcode(ERRCODE_DUPLICATE_DATABASE),
939 errmsg("database \"%s\" already exists", newname)));
942 * XXX Client applications probably store the current database somewhere,
943 * so renaming it could cause confusion. On the other hand, there may not
944 * be an actual problem besides a little confusion, so think about this
947 if (db_id == MyDatabaseId)
949 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
950 errmsg("current database cannot be renamed")));
953 * Make sure the database does not have active sessions. This is the same
954 * concern as above, but applied to other sessions.
956 * As in CREATE DATABASE, check this after other error conditions.
958 if (CountOtherDBBackends(db_id, ¬herbackends, &npreparedxacts))
960 (errcode(ERRCODE_OBJECT_IN_USE),
961 errmsg("database \"%s\" is being accessed by other users",
963 errdetail_busy_db(notherbackends, npreparedxacts)));
966 newtup = SearchSysCacheCopy1(DATABASEOID, ObjectIdGetDatum(db_id));
967 if (!HeapTupleIsValid(newtup))
968 elog(ERROR, "cache lookup failed for database %u", db_id);
969 namestrcpy(&(((Form_pg_database) GETSTRUCT(newtup))->datname), newname);
970 simple_heap_update(rel, &newtup->t_self, newtup);
971 CatalogUpdateIndexes(rel, newtup);
973 InvokeObjectPostAlterHook(DatabaseRelationId, db_id, 0);
976 * Close pg_database, but keep lock till commit.
978 heap_close(rel, NoLock);
985 * ALTER DATABASE SET TABLESPACE
988 movedb(const char *dbname, const char *tblspcname)
998 Datum new_record[Natts_pg_database];
999 bool new_record_nulls[Natts_pg_database];
1000 bool new_record_repl[Natts_pg_database];
1001 ScanKeyData scankey;
1002 SysScanDesc sysscan;
1003 AclResult aclresult;
1007 struct dirent *xlde;
1008 movedb_failure_params fparms;
1011 * Look up the target database's OID, and get exclusive lock on it. We
1012 * need this to ensure that no new backend starts up in the database while
1013 * we are moving it, and that no one is using it as a CREATE DATABASE
1014 * template or trying to delete it.
1016 pgdbrel = heap_open(DatabaseRelationId, RowExclusiveLock);
1018 if (!get_db_info(dbname, AccessExclusiveLock, &db_id, NULL, NULL,
1019 NULL, NULL, NULL, NULL, NULL, &src_tblspcoid, NULL, NULL))
1021 (errcode(ERRCODE_UNDEFINED_DATABASE),
1022 errmsg("database \"%s\" does not exist", dbname)));
1025 * We actually need a session lock, so that the lock will persist across
1026 * the commit/restart below. (We could almost get away with letting the
1027 * lock be released at commit, except that someone could try to move
1028 * relations of the DB back into the old directory while we rmtree() it.)
1030 LockSharedObjectForSession(DatabaseRelationId, db_id, 0,
1031 AccessExclusiveLock);
1036 if (!pg_database_ownercheck(db_id, GetUserId()))
1037 aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
1041 * Obviously can't move the tables of my own database
1043 if (db_id == MyDatabaseId)
1045 (errcode(ERRCODE_OBJECT_IN_USE),
1046 errmsg("cannot change the tablespace of the currently open database")));
1049 * Get tablespace's oid
1051 dst_tblspcoid = get_tablespace_oid(tblspcname, false);
1056 aclresult = pg_tablespace_aclcheck(dst_tblspcoid, GetUserId(),
1058 if (aclresult != ACLCHECK_OK)
1059 aclcheck_error(aclresult, ACL_KIND_TABLESPACE,
1063 * pg_global must never be the default tablespace
1065 if (dst_tblspcoid == GLOBALTABLESPACE_OID)
1067 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1068 errmsg("pg_global cannot be used as default tablespace")));
1071 * No-op if same tablespace
1073 if (src_tblspcoid == dst_tblspcoid)
1075 heap_close(pgdbrel, NoLock);
1076 UnlockSharedObjectForSession(DatabaseRelationId, db_id, 0,
1077 AccessExclusiveLock);
1082 * Check for other backends in the target database. (Because we hold the
1083 * database lock, no new ones can start after this.)
1085 * As in CREATE DATABASE, check this after other error conditions.
1087 if (CountOtherDBBackends(db_id, ¬herbackends, &npreparedxacts))
1089 (errcode(ERRCODE_OBJECT_IN_USE),
1090 errmsg("database \"%s\" is being accessed by other users",
1092 errdetail_busy_db(notherbackends, npreparedxacts)));
1095 * Get old and new database paths
1097 src_dbpath = GetDatabasePath(db_id, src_tblspcoid);
1098 dst_dbpath = GetDatabasePath(db_id, dst_tblspcoid);
1101 * Force a checkpoint before proceeding. This will force dirty buffers out
1102 * to disk, to ensure source database is up-to-date on disk for the copy.
1103 * FlushDatabaseBuffers() would suffice for that, but we also want to
1104 * process any pending unlink requests. Otherwise, the check for existing
1105 * files in the target directory might fail unnecessarily, not to mention
1106 * that the copy might fail due to source files getting deleted under it.
1107 * On Windows, this also ensures that background procs don't hold any open
1108 * files, which would cause rmdir() to fail.
1110 RequestCheckpoint(CHECKPOINT_IMMEDIATE | CHECKPOINT_FORCE | CHECKPOINT_WAIT);
1113 * Check for existence of files in the target directory, i.e., objects of
1114 * this database that are already in the target tablespace. We can't
1115 * allow the move in such a case, because we would need to change those
1116 * relations' pg_class.reltablespace entries to zero, and we don't have
1117 * access to the DB's pg_class to do so.
1119 dstdir = AllocateDir(dst_dbpath);
1122 while ((xlde = ReadDir(dstdir, dst_dbpath)) != NULL)
1124 if (strcmp(xlde->d_name, ".") == 0 ||
1125 strcmp(xlde->d_name, "..") == 0)
1129 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
1130 errmsg("some relations of database \"%s\" are already in tablespace \"%s\"",
1131 dbname, tblspcname),
1132 errhint("You must move them back to the database's default tablespace before using this command.")));
1138 * The directory exists but is empty. We must remove it before using
1139 * the copydir function.
1141 if (rmdir(dst_dbpath) != 0)
1142 elog(ERROR, "could not remove directory \"%s\": %m",
1147 * Use an ENSURE block to make sure we remove the debris if the copy fails
1148 * (eg, due to out-of-disk-space). This is not a 100% solution, because
1149 * of the possibility of failure during transaction commit, but it should
1150 * handle most scenarios.
1152 fparms.dest_dboid = db_id;
1153 fparms.dest_tsoid = dst_tblspcoid;
1154 PG_ENSURE_ERROR_CLEANUP(movedb_failure_callback,
1155 PointerGetDatum(&fparms));
1158 * Copy files from the old tablespace to the new one
1160 copydir(src_dbpath, dst_dbpath, false);
1163 * Record the filesystem change in XLOG
1166 xl_dbase_create_rec xlrec;
1167 XLogRecData rdata[1];
1169 xlrec.db_id = db_id;
1170 xlrec.tablespace_id = dst_tblspcoid;
1171 xlrec.src_db_id = db_id;
1172 xlrec.src_tablespace_id = src_tblspcoid;
1174 rdata[0].data = (char *) &xlrec;
1175 rdata[0].len = sizeof(xl_dbase_create_rec);
1176 rdata[0].buffer = InvalidBuffer;
1177 rdata[0].next = NULL;
1179 (void) XLogInsert(RM_DBASE_ID, XLOG_DBASE_CREATE, rdata);
1183 * Update the database's pg_database tuple
1185 ScanKeyInit(&scankey,
1186 Anum_pg_database_datname,
1187 BTEqualStrategyNumber, F_NAMEEQ,
1188 NameGetDatum(dbname));
1189 sysscan = systable_beginscan(pgdbrel, DatabaseNameIndexId, true,
1191 oldtuple = systable_getnext(sysscan);
1192 if (!HeapTupleIsValid(oldtuple)) /* shouldn't happen... */
1194 (errcode(ERRCODE_UNDEFINED_DATABASE),
1195 errmsg("database \"%s\" does not exist", dbname)));
1197 MemSet(new_record, 0, sizeof(new_record));
1198 MemSet(new_record_nulls, false, sizeof(new_record_nulls));
1199 MemSet(new_record_repl, false, sizeof(new_record_repl));
1201 new_record[Anum_pg_database_dattablespace - 1] = ObjectIdGetDatum(dst_tblspcoid);
1202 new_record_repl[Anum_pg_database_dattablespace - 1] = true;
1204 newtuple = heap_modify_tuple(oldtuple, RelationGetDescr(pgdbrel),
1206 new_record_nulls, new_record_repl);
1207 simple_heap_update(pgdbrel, &oldtuple->t_self, newtuple);
1209 /* Update indexes */
1210 CatalogUpdateIndexes(pgdbrel, newtuple);
1212 InvokeObjectPostAlterHook(DatabaseRelationId,
1213 HeapTupleGetOid(newtuple), 0);
1215 systable_endscan(sysscan);
1218 * Force another checkpoint here. As in CREATE DATABASE, this is to
1219 * ensure that we don't have to replay a committed XLOG_DBASE_CREATE
1220 * operation, which would cause us to lose any unlogged operations
1221 * done in the new DB tablespace before the next checkpoint.
1223 RequestCheckpoint(CHECKPOINT_IMMEDIATE | CHECKPOINT_FORCE | CHECKPOINT_WAIT);
1226 * Force synchronous commit, thus minimizing the window between
1227 * copying the database files and commital of the transaction. If we
1228 * crash before committing, we'll leave an orphaned set of files on
1229 * disk, which is not fatal but not good either.
1234 * Close pg_database, but keep lock till commit.
1236 heap_close(pgdbrel, NoLock);
1238 PG_END_ENSURE_ERROR_CLEANUP(movedb_failure_callback,
1239 PointerGetDatum(&fparms));
1242 * Commit the transaction so that the pg_database update is committed. If
1243 * we crash while removing files, the database won't be corrupt, we'll
1244 * just leave some orphaned files in the old directory.
1246 * (This is OK because we know we aren't inside a transaction block.)
1248 * XXX would it be safe/better to do this inside the ensure block? Not
1249 * convinced it's a good idea; consider elog just after the transaction
1252 PopActiveSnapshot();
1253 CommitTransactionCommand();
1255 /* Start new transaction for the remaining work; don't need a snapshot */
1256 StartTransactionCommand();
1259 * Remove files from the old tablespace
1261 if (!rmtree(src_dbpath, true))
1263 (errmsg("some useless files may be left behind in old database directory \"%s\"",
1267 * Record the filesystem change in XLOG
1270 xl_dbase_drop_rec xlrec;
1271 XLogRecData rdata[1];
1273 xlrec.db_id = db_id;
1274 xlrec.tablespace_id = src_tblspcoid;
1276 rdata[0].data = (char *) &xlrec;
1277 rdata[0].len = sizeof(xl_dbase_drop_rec);
1278 rdata[0].buffer = InvalidBuffer;
1279 rdata[0].next = NULL;
1281 (void) XLogInsert(RM_DBASE_ID, XLOG_DBASE_DROP, rdata);
1284 /* Now it's safe to release the database lock */
1285 UnlockSharedObjectForSession(DatabaseRelationId, db_id, 0,
1286 AccessExclusiveLock);
1289 /* Error cleanup callback for movedb */
1291 movedb_failure_callback(int code, Datum arg)
1293 movedb_failure_params *fparms = (movedb_failure_params *) DatumGetPointer(arg);
1296 /* Get rid of anything we managed to copy to the target directory */
1297 dstpath = GetDatabasePath(fparms->dest_dboid, fparms->dest_tsoid);
1299 (void) rmtree(dstpath, true);
1304 * ALTER DATABASE name ...
1307 AlterDatabase(AlterDatabaseStmt *stmt, bool isTopLevel)
1313 ScanKeyData scankey;
1317 DefElem *dconnlimit = NULL;
1318 DefElem *dtablespace = NULL;
1319 Datum new_record[Natts_pg_database];
1320 bool new_record_nulls[Natts_pg_database];
1321 bool new_record_repl[Natts_pg_database];
1323 /* Extract options from the statement node tree */
1324 foreach(option, stmt->options)
1326 DefElem *defel = (DefElem *) lfirst(option);
1328 if (strcmp(defel->defname, "connectionlimit") == 0)
1332 (errcode(ERRCODE_SYNTAX_ERROR),
1333 errmsg("conflicting or redundant options")));
1336 else if (strcmp(defel->defname, "tablespace") == 0)
1340 (errcode(ERRCODE_SYNTAX_ERROR),
1341 errmsg("conflicting or redundant options")));
1342 dtablespace = defel;
1345 elog(ERROR, "option \"%s\" not recognized",
1351 /* currently, can't be specified along with any other options */
1352 Assert(!dconnlimit);
1353 /* this case isn't allowed within a transaction block */
1354 PreventTransactionChain(isTopLevel, "ALTER DATABASE SET TABLESPACE");
1355 movedb(stmt->dbname, strVal(dtablespace->arg));
1361 connlimit = intVal(dconnlimit->arg);
1364 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1365 errmsg("invalid connection limit: %d", connlimit)));
1369 * Get the old tuple. We don't need a lock on the database per se,
1370 * because we're not going to do anything that would mess up incoming
1373 rel = heap_open(DatabaseRelationId, RowExclusiveLock);
1374 ScanKeyInit(&scankey,
1375 Anum_pg_database_datname,
1376 BTEqualStrategyNumber, F_NAMEEQ,
1377 NameGetDatum(stmt->dbname));
1378 scan = systable_beginscan(rel, DatabaseNameIndexId, true,
1380 tuple = systable_getnext(scan);
1381 if (!HeapTupleIsValid(tuple))
1383 (errcode(ERRCODE_UNDEFINED_DATABASE),
1384 errmsg("database \"%s\" does not exist", stmt->dbname)));
1386 dboid = HeapTupleGetOid(tuple);
1388 if (!pg_database_ownercheck(HeapTupleGetOid(tuple), GetUserId()))
1389 aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
1393 * Build an updated tuple, perusing the information just obtained
1395 MemSet(new_record, 0, sizeof(new_record));
1396 MemSet(new_record_nulls, false, sizeof(new_record_nulls));
1397 MemSet(new_record_repl, false, sizeof(new_record_repl));
1401 new_record[Anum_pg_database_datconnlimit - 1] = Int32GetDatum(connlimit);
1402 new_record_repl[Anum_pg_database_datconnlimit - 1] = true;
1405 newtuple = heap_modify_tuple(tuple, RelationGetDescr(rel), new_record,
1406 new_record_nulls, new_record_repl);
1407 simple_heap_update(rel, &tuple->t_self, newtuple);
1409 /* Update indexes */
1410 CatalogUpdateIndexes(rel, newtuple);
1412 InvokeObjectPostAlterHook(DatabaseRelationId,
1413 HeapTupleGetOid(newtuple), 0);
1415 systable_endscan(scan);
1417 /* Close pg_database, but keep lock till commit */
1418 heap_close(rel, NoLock);
1425 * ALTER DATABASE name SET ...
1428 AlterDatabaseSet(AlterDatabaseSetStmt *stmt)
1430 Oid datid = get_database_oid(stmt->dbname, false);
1433 * Obtain a lock on the database and make sure it didn't go away in the
1436 shdepLockAndCheckObject(DatabaseRelationId, datid);
1438 if (!pg_database_ownercheck(datid, GetUserId()))
1439 aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
1442 AlterSetting(datid, InvalidOid, stmt->setstmt);
1444 UnlockSharedObject(DatabaseRelationId, datid, 0, AccessShareLock);
1451 * ALTER DATABASE name OWNER TO newowner
1454 AlterDatabaseOwner(const char *dbname, Oid newOwnerId)
1459 ScanKeyData scankey;
1461 Form_pg_database datForm;
1464 * Get the old tuple. We don't need a lock on the database per se,
1465 * because we're not going to do anything that would mess up incoming
1468 rel = heap_open(DatabaseRelationId, RowExclusiveLock);
1469 ScanKeyInit(&scankey,
1470 Anum_pg_database_datname,
1471 BTEqualStrategyNumber, F_NAMEEQ,
1472 NameGetDatum(dbname));
1473 scan = systable_beginscan(rel, DatabaseNameIndexId, true,
1475 tuple = systable_getnext(scan);
1476 if (!HeapTupleIsValid(tuple))
1478 (errcode(ERRCODE_UNDEFINED_DATABASE),
1479 errmsg("database \"%s\" does not exist", dbname)));
1481 db_id = HeapTupleGetOid(tuple);
1482 datForm = (Form_pg_database) GETSTRUCT(tuple);
1485 * If the new owner is the same as the existing owner, consider the
1486 * command to have succeeded. This is to be consistent with other
1489 if (datForm->datdba != newOwnerId)
1491 Datum repl_val[Natts_pg_database];
1492 bool repl_null[Natts_pg_database];
1493 bool repl_repl[Natts_pg_database];
1499 /* Otherwise, must be owner of the existing object */
1500 if (!pg_database_ownercheck(HeapTupleGetOid(tuple), GetUserId()))
1501 aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
1504 /* Must be able to become new owner */
1505 check_is_member_of_role(GetUserId(), newOwnerId);
1508 * must have createdb rights
1510 * NOTE: This is different from other alter-owner checks in that the
1511 * current user is checked for createdb privileges instead of the
1512 * destination owner. This is consistent with the CREATE case for
1513 * databases. Because superusers will always have this right, we need
1514 * no special case for them.
1516 if (!have_createdb_privilege())
1518 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1519 errmsg("permission denied to change owner of database")));
1521 memset(repl_null, false, sizeof(repl_null));
1522 memset(repl_repl, false, sizeof(repl_repl));
1524 repl_repl[Anum_pg_database_datdba - 1] = true;
1525 repl_val[Anum_pg_database_datdba - 1] = ObjectIdGetDatum(newOwnerId);
1528 * Determine the modified ACL for the new owner. This is only
1529 * necessary when the ACL is non-null.
1531 aclDatum = heap_getattr(tuple,
1532 Anum_pg_database_datacl,
1533 RelationGetDescr(rel),
1537 newAcl = aclnewowner(DatumGetAclP(aclDatum),
1538 datForm->datdba, newOwnerId);
1539 repl_repl[Anum_pg_database_datacl - 1] = true;
1540 repl_val[Anum_pg_database_datacl - 1] = PointerGetDatum(newAcl);
1543 newtuple = heap_modify_tuple(tuple, RelationGetDescr(rel), repl_val, repl_null, repl_repl);
1544 simple_heap_update(rel, &newtuple->t_self, newtuple);
1545 CatalogUpdateIndexes(rel, newtuple);
1547 heap_freetuple(newtuple);
1549 /* Update owner dependency reference */
1550 changeDependencyOnOwner(DatabaseRelationId, HeapTupleGetOid(tuple),
1554 InvokeObjectPostAlterHook(DatabaseRelationId, HeapTupleGetOid(tuple), 0);
1556 systable_endscan(scan);
1558 /* Close pg_database, but keep lock till commit */
1559 heap_close(rel, NoLock);
1570 * Look up info about the database named "name". If the database exists,
1571 * obtain the specified lock type on it, fill in any of the remaining
1572 * parameters that aren't NULL, and return TRUE. If no such database,
1576 get_db_info(const char *name, LOCKMODE lockmode,
1577 Oid *dbIdP, Oid *ownerIdP,
1578 int *encodingP, bool *dbIsTemplateP, bool *dbAllowConnP,
1579 Oid *dbLastSysOidP, TransactionId *dbFrozenXidP,
1580 MultiXactId *dbMinMultiP,
1581 Oid *dbTablespace, char **dbCollate, char **dbCtype)
1583 bool result = false;
1588 /* Caller may wish to grab a better lock on pg_database beforehand... */
1589 relation = heap_open(DatabaseRelationId, AccessShareLock);
1592 * Loop covers the rare case where the database is renamed before we can
1593 * lock it. We try again just in case we can find a new one of the same
1598 ScanKeyData scanKey;
1604 * there's no syscache for database-indexed-by-name, so must do it the
1607 ScanKeyInit(&scanKey,
1608 Anum_pg_database_datname,
1609 BTEqualStrategyNumber, F_NAMEEQ,
1610 NameGetDatum(name));
1612 scan = systable_beginscan(relation, DatabaseNameIndexId, true,
1615 tuple = systable_getnext(scan);
1617 if (!HeapTupleIsValid(tuple))
1619 /* definitely no database of that name */
1620 systable_endscan(scan);
1624 dbOid = HeapTupleGetOid(tuple);
1626 systable_endscan(scan);
1629 * Now that we have a database OID, we can try to lock the DB.
1631 if (lockmode != NoLock)
1632 LockSharedObject(DatabaseRelationId, dbOid, 0, lockmode);
1635 * And now, re-fetch the tuple by OID. If it's still there and still
1636 * the same name, we win; else, drop the lock and loop back to try
1639 tuple = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(dbOid));
1640 if (HeapTupleIsValid(tuple))
1642 Form_pg_database dbform = (Form_pg_database) GETSTRUCT(tuple);
1644 if (strcmp(name, NameStr(dbform->datname)) == 0)
1646 /* oid of the database */
1649 /* oid of the owner */
1651 *ownerIdP = dbform->datdba;
1652 /* character encoding */
1654 *encodingP = dbform->encoding;
1655 /* allowed as template? */
1657 *dbIsTemplateP = dbform->datistemplate;
1658 /* allowing connections? */
1660 *dbAllowConnP = dbform->datallowconn;
1661 /* last system OID used in database */
1663 *dbLastSysOidP = dbform->datlastsysoid;
1664 /* limit of frozen XIDs */
1666 *dbFrozenXidP = dbform->datfrozenxid;
1667 /* minimum MultixactId */
1669 *dbMinMultiP = dbform->datminmxid;
1670 /* default tablespace for this database */
1672 *dbTablespace = dbform->dattablespace;
1673 /* default locale settings for this database */
1675 *dbCollate = pstrdup(NameStr(dbform->datcollate));
1677 *dbCtype = pstrdup(NameStr(dbform->datctype));
1678 ReleaseSysCache(tuple);
1682 /* can only get here if it was just renamed */
1683 ReleaseSysCache(tuple);
1686 if (lockmode != NoLock)
1687 UnlockSharedObject(DatabaseRelationId, dbOid, 0, lockmode);
1690 heap_close(relation, AccessShareLock);
1695 /* Check if current user has createdb privileges */
1697 have_createdb_privilege(void)
1699 bool result = false;
1702 /* Superusers can always do everything */
1706 utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetUserId()));
1707 if (HeapTupleIsValid(utup))
1709 result = ((Form_pg_authid) GETSTRUCT(utup))->rolcreatedb;
1710 ReleaseSysCache(utup);
1716 * Remove tablespace directories
1718 * We don't know what tablespaces db_id is using, so iterate through all
1719 * tablespaces removing <tablespace>/db_id
1722 remove_dbtablespaces(Oid db_id)
1728 rel = heap_open(TableSpaceRelationId, AccessShareLock);
1729 scan = heap_beginscan_catalog(rel, 0, NULL);
1730 while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
1732 Oid dsttablespace = HeapTupleGetOid(tuple);
1736 /* Don't mess with the global tablespace */
1737 if (dsttablespace == GLOBALTABLESPACE_OID)
1740 dstpath = GetDatabasePath(db_id, dsttablespace);
1742 if (lstat(dstpath, &st) < 0 || !S_ISDIR(st.st_mode))
1744 /* Assume we can ignore it */
1749 if (!rmtree(dstpath, true))
1751 (errmsg("some useless files may be left behind in old database directory \"%s\"",
1754 /* Record the filesystem change in XLOG */
1756 xl_dbase_drop_rec xlrec;
1757 XLogRecData rdata[1];
1759 xlrec.db_id = db_id;
1760 xlrec.tablespace_id = dsttablespace;
1762 rdata[0].data = (char *) &xlrec;
1763 rdata[0].len = sizeof(xl_dbase_drop_rec);
1764 rdata[0].buffer = InvalidBuffer;
1765 rdata[0].next = NULL;
1767 (void) XLogInsert(RM_DBASE_ID, XLOG_DBASE_DROP, rdata);
1774 heap_close(rel, AccessShareLock);
1778 * Check for existing files that conflict with a proposed new DB OID;
1779 * return TRUE if there are any
1781 * If there were a subdirectory in any tablespace matching the proposed new
1782 * OID, we'd get a create failure due to the duplicate name ... and then we'd
1783 * try to remove that already-existing subdirectory during the cleanup in
1784 * remove_dbtablespaces. Nuking existing files seems like a bad idea, so
1785 * instead we make this extra check before settling on the OID of the new
1786 * database. This exactly parallels what GetNewRelFileNode() does for table
1787 * relfilenode values.
1790 check_db_file_conflict(Oid db_id)
1792 bool result = false;
1797 rel = heap_open(TableSpaceRelationId, AccessShareLock);
1798 scan = heap_beginscan_catalog(rel, 0, NULL);
1799 while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
1801 Oid dsttablespace = HeapTupleGetOid(tuple);
1805 /* Don't mess with the global tablespace */
1806 if (dsttablespace == GLOBALTABLESPACE_OID)
1809 dstpath = GetDatabasePath(db_id, dsttablespace);
1811 if (lstat(dstpath, &st) == 0)
1813 /* Found a conflicting file (or directory, whatever) */
1823 heap_close(rel, AccessShareLock);
1829 * Issue a suitable errdetail message for a busy database
1832 errdetail_busy_db(int notherbackends, int npreparedxacts)
1834 if (notherbackends > 0 && npreparedxacts > 0)
1837 * We don't deal with singular versus plural here, since gettext
1838 * doesn't support multiple plurals in one string.
1840 errdetail("There are %d other session(s) and %d prepared transaction(s) using the database.",
1841 notherbackends, npreparedxacts);
1842 else if (notherbackends > 0)
1843 errdetail_plural("There is %d other session using the database.",
1844 "There are %d other sessions using the database.",
1848 errdetail_plural("There is %d prepared transaction using the database.",
1849 "There are %d prepared transactions using the database.",
1852 return 0; /* just to keep ereport macro happy */
1856 * get_database_oid - given a database name, look up the OID
1858 * If missing_ok is false, throw an error if database name not found. If
1859 * true, just return InvalidOid.
1862 get_database_oid(const char *dbname, bool missing_ok)
1864 Relation pg_database;
1865 ScanKeyData entry[1];
1871 * There's no syscache for pg_database indexed by name, so we must look
1874 pg_database = heap_open(DatabaseRelationId, AccessShareLock);
1875 ScanKeyInit(&entry[0],
1876 Anum_pg_database_datname,
1877 BTEqualStrategyNumber, F_NAMEEQ,
1878 CStringGetDatum(dbname));
1879 scan = systable_beginscan(pg_database, DatabaseNameIndexId, true,
1882 dbtuple = systable_getnext(scan);
1884 /* We assume that there can be at most one matching tuple */
1885 if (HeapTupleIsValid(dbtuple))
1886 oid = HeapTupleGetOid(dbtuple);
1890 systable_endscan(scan);
1891 heap_close(pg_database, AccessShareLock);
1893 if (!OidIsValid(oid) && !missing_ok)
1895 (errcode(ERRCODE_UNDEFINED_DATABASE),
1896 errmsg("database \"%s\" does not exist",
1904 * get_database_name - given a database OID, look up the name
1906 * Returns a palloc'd string, or NULL if no such database.
1909 get_database_name(Oid dbid)
1914 dbtuple = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(dbid));
1915 if (HeapTupleIsValid(dbtuple))
1917 result = pstrdup(NameStr(((Form_pg_database) GETSTRUCT(dbtuple))->datname));
1918 ReleaseSysCache(dbtuple);
1927 * DATABASE resource manager's routines
1930 dbase_redo(XLogRecPtr lsn, XLogRecord *record)
1932 uint8 info = record->xl_info & ~XLR_INFO_MASK;
1934 /* Backup blocks are not used in dbase records */
1935 Assert(!(record->xl_info & XLR_BKP_BLOCK_MASK));
1937 if (info == XLOG_DBASE_CREATE)
1939 xl_dbase_create_rec *xlrec = (xl_dbase_create_rec *) XLogRecGetData(record);
1944 src_path = GetDatabasePath(xlrec->src_db_id, xlrec->src_tablespace_id);
1945 dst_path = GetDatabasePath(xlrec->db_id, xlrec->tablespace_id);
1948 * Our theory for replaying a CREATE is to forcibly drop the target
1949 * subdirectory if present, then re-copy the source data. This may be
1950 * more work than needed, but it is simple to implement.
1952 if (stat(dst_path, &st) == 0 && S_ISDIR(st.st_mode))
1954 if (!rmtree(dst_path, true))
1955 /* If this failed, copydir() below is going to error. */
1957 (errmsg("some useless files may be left behind in old database directory \"%s\"",
1962 * Force dirty buffers out to disk, to ensure source database is
1963 * up-to-date for the copy.
1965 FlushDatabaseBuffers(xlrec->src_db_id);
1968 * Copy this subdirectory to the new location
1970 * We don't need to copy subdirectories
1972 copydir(src_path, dst_path, false);
1974 else if (info == XLOG_DBASE_DROP)
1976 xl_dbase_drop_rec *xlrec = (xl_dbase_drop_rec *) XLogRecGetData(record);
1979 dst_path = GetDatabasePath(xlrec->db_id, xlrec->tablespace_id);
1984 * Lock database while we resolve conflicts to ensure that
1985 * InitPostgres() cannot fully re-execute concurrently. This
1986 * avoids backends re-connecting automatically to same database,
1987 * which can happen in some cases.
1989 LockSharedObjectForSession(DatabaseRelationId, xlrec->db_id, 0, AccessExclusiveLock);
1990 ResolveRecoveryConflictWithDatabase(xlrec->db_id);
1993 /* Drop pages for this database that are in the shared buffer cache */
1994 DropDatabaseBuffers(xlrec->db_id);
1996 /* Also, clean out any fsync requests that might be pending in md.c */
1997 ForgetDatabaseFsyncRequests(xlrec->db_id);
1999 /* Clean out the xlog relcache too */
2000 XLogDropDatabase(xlrec->db_id);
2002 /* And remove the physical files */
2003 if (!rmtree(dst_path, true))
2005 (errmsg("some useless files may be left behind in old database directory \"%s\"",
2011 * Release locks prior to commit. XXX There is a race condition
2012 * here that may allow backends to reconnect, but the window for
2013 * this is small because the gap between here and commit is mostly
2014 * fairly small and it is unlikely that people will be dropping
2015 * databases that we are trying to connect to anyway.
2017 UnlockSharedObjectForSession(DatabaseRelationId, xlrec->db_id, 0, AccessExclusiveLock);
2021 elog(PANIC, "dbase_redo: unknown op code %u", info);