From: Tom Lane Date: Thu, 8 Nov 2018 22:33:26 +0000 (-0500) Subject: Disallow setting client_min_messages higher than ERROR. X-Git-Tag: REL9_6_12~103 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=041ad9a66d28c3106a8bba79d94af447efc60347;p=postgresql Disallow setting client_min_messages higher than ERROR. Previously it was possible to set client_min_messages to FATAL or PANIC, which had the effect of suppressing transmission of regular ERROR messages to the client. Perhaps that seemed like a useful option in the past, but the trouble with it is that it breaks guarantees that are explicitly made in our FE/BE protocol spec about how a query cycle can end. While libpq and psql manage to cope with the omission, that's mostly because they are not very bright; client libraries that have more semantic knowledge are likely to get confused. Notably, pgODBC doesn't behave very sanely. Let's fix this by getting rid of the ability to set client_min_messages above ERROR. In HEAD, just remove the FATAL and PANIC options from the set of allowed enum values for client_min_messages. (This change also affects trace_recovery_messages, but that's OK since these aren't useful values for that variable either.) In the back branches, there was concern that rejecting these values might break applications that are explicitly setting things that way. I'm pretty skeptical of that argument, but accommodate it by accepting these values and then internally setting the variable to ERROR anyway. In all branches, this allows a couple of tiny simplifications in the logic in elog.c, so do that. Also respond to the point that was made that client_min_messages has exactly nothing to do with the server's logging behavior, and therefore does not belong in the "When To Log" subsection of the documentation. The "Statement Behavior" subsection is a better match, so move it there. Jonah Harris and Tom Lane Discussion: https://postgr.es/m/7809.1541521180@sss.pgh.pa.us Discussion: https://postgr.es/m/15479-ef0f4cc2fd995ca2@postgresql.org --- diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 5189e8e26c..54dfa14963 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -4571,28 +4571,6 @@ local0.* /var/log/postgresql - - client_min_messages (enum) - - client_min_messages configuration parameter - - - - - Controls which message levels are sent to the client. - Valid values are DEBUG5, - DEBUG4, DEBUG3, DEBUG2, - DEBUG1, LOG, NOTICE, - WARNING, ERROR, FATAL, - and PANIC. Each level - includes all the levels that follow it. The later the level, - the fewer messages are sent. The default is - NOTICE. Note that LOG has a different - rank here than in log_min_messages. - - - - log_min_messages (enum) @@ -4610,7 +4588,7 @@ local0.* /var/log/postgresql follow it. The later the level, the fewer messages are sent to the log. The default is WARNING. Note that LOG has a different rank here than in - client_min_messages. + . Only superusers can change this setting. @@ -5919,6 +5897,27 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv; Statement Behavior + + client_min_messages (enum) + + client_min_messages configuration parameter + + + + + Controls which message levels are sent to the client. + Valid values are DEBUG5, + DEBUG4, DEBUG3, DEBUG2, + DEBUG1, LOG, NOTICE, + WARNING, and ERROR. + Each level includes all the levels that follow it. The later the level, + the fewer messages are sent. The default is + NOTICE. Note that LOG has a different + rank here than in . + + + + search_path (string) diff --git a/src/backend/utils/error/elog.c b/src/backend/utils/error/elog.c index 7e977e8b18..8a21f5de63 100644 --- a/src/backend/utils/error/elog.c +++ b/src/backend/utils/error/elog.c @@ -472,9 +472,7 @@ errfinish(int dummy,...) * progress, so that we can report the message before dying. (Without * this, pq_putmessage will refuse to send the message at all, which is * what we want for NOTICE messages, but not for fatal exits.) This hack - * is necessary because of poor design of old-style copy protocol. Note - * we must do this even if client is fool enough to have set - * client_min_messages above FATAL, so don't look at output_to_client. + * is necessary because of poor design of old-style copy protocol. */ if (elevel >= FATAL && whereToSendOutput == DestRemote) pq_endcopyout(true); @@ -1758,12 +1756,7 @@ pg_re_throw(void) else edata->output_to_server = (FATAL >= log_min_messages); if (whereToSendOutput == DestRemote) - { - if (ClientAuthInProgress) - edata->output_to_client = true; - else - edata->output_to_client = (FATAL >= client_min_messages); - } + edata->output_to_client = true; /* * We can use errfinish() for the rest, but we don't want it to call diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 0628912ed9..5c27397ccc 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -153,6 +153,7 @@ static int syslog_facility = 0; static void assign_syslog_facility(int newval, void *extra); static void assign_syslog_ident(const char *newval, void *extra); static void assign_session_replication_role(int newval, void *extra); +static bool check_client_min_messages(int *newval, void **extra, GucSource source); static bool check_temp_buffers(int *newval, void **extra, GucSource source); static bool check_bonjour(bool *newval, void **extra, GucSource source); static bool check_ssl(bool *newval, void **extra, GucSource source); @@ -3581,14 +3582,14 @@ static struct config_enum ConfigureNamesEnum[] = }, { - {"client_min_messages", PGC_USERSET, LOGGING_WHEN, + {"client_min_messages", PGC_USERSET, CLIENT_CONN_STATEMENT, gettext_noop("Sets the message levels that are sent to the client."), gettext_noop("Each level includes all the levels that follow it. The later" " the level, the fewer messages are sent.") }, &client_min_messages, NOTICE, client_message_level_options, - NULL, NULL, NULL + check_client_min_messages, NULL, NULL }, { @@ -9968,6 +9969,20 @@ assign_session_replication_role(int newval, void *extra) ResetPlanCache(); } +static bool +check_client_min_messages(int *newval, void **extra, GucSource source) +{ + /* + * We disallow setting client_min_messages above ERROR, because not + * sending an ErrorResponse message for an error breaks the FE/BE + * protocol. However, for backwards compatibility, we still accept FATAL + * or PANIC as input values, and then adjust here. + */ + if (*newval > ERROR) + *newval = ERROR; + return true; +} + static bool check_temp_buffers(int *newval, void **extra, GucSource source) { diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample index 9a999c9359..b6b683ec28 100644 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -373,17 +373,6 @@ # - When to Log - -#client_min_messages = notice # values in order of decreasing detail: - # debug5 - # debug4 - # debug3 - # debug2 - # debug1 - # log - # notice - # warning - # error - #log_min_messages = warning # values in order of decreasing detail: # debug5 # debug4 @@ -527,6 +516,16 @@ # - Statement Behavior - +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error #search_path = '"$user", public' # schema names #default_tablespace = '' # a tablespace name, '' uses the default #temp_tablespaces = '' # a list of tablespace names, '' uses