Tom Lane [Fri, 22 Oct 2004 19:48:19 +0000 (19:48 +0000)]
Add a GUC_SUPERUSER_ONLY flag to mark GUC variables that should not be
examinable by non-superusers, and use it to protect the recently-added
GUC variables for data directory and config files. For now I have only
flagged those variables that could be used to deduce something about
the server's filesystem layout, but possibly we should also mark vars
related to logging settings and other admin-only information?
Tom Lane [Fri, 22 Oct 2004 17:20:05 +0000 (17:20 +0000)]
In ALTER COLUMN TYPE, strip any implicit coercion operations appearing
at the top level of the column's old default expression before adding
an implicit coercion to the new column type. This seems to satisfy the
principle of least surprise, as per discussion of bug #1290.
Neil Conway [Fri, 22 Oct 2004 07:21:06 +0000 (07:21 +0000)]
Minor code cleanup: hdefault() only ever returned "true", so it may as
well be declared to return "void" to save callers the trouble of
checking for errors.
Tom Lane [Fri, 22 Oct 2004 00:24:18 +0000 (00:24 +0000)]
Prevent pg_ctl from being run as root. Since it uses configuration files
owned by postgres, doing "pg_ctl start" as root could allow a privilege
escalation attack, as pointed out by iDEFENSE. Of course the postmaster would
fail, but we ought to fail a little sooner to protect sysadmins unfamiliar
with Postgres. The chosen fix is to disable root use of pg_ctl in all cases,
just to be confident there are no other holes.
Tom Lane [Thu, 21 Oct 2004 21:33:59 +0000 (21:33 +0000)]
Disallow referential integrity actions from being deferred; only the
NO ACTION check is deferrable. This seems to be a closer approximation
to what the SQL spec says than what we were doing before, and it prevents
some anomalous behaviors that are possible now that triggers can fire
during the execution of PL functions.
Stephan Szabo.
Tom Lane [Thu, 21 Oct 2004 20:23:19 +0000 (20:23 +0000)]
Set the close-on-exec flag for libpq's socket to the backend, to avoid
any possible problems from child programs executed by the client app.
Per suggestion from Elliot Lee of Red Hat.
Tom Lane [Thu, 21 Oct 2004 19:28:36 +0000 (19:28 +0000)]
Standardize on using the Min, Max, and Abs macros that are in our c.h file,
getting rid of numerous ad-hoc versions that have popped up in various
places. Shortens code and avoids conflict with Windows min() and max()
macros.
Tom Lane [Wed, 20 Oct 2004 16:04:50 +0000 (16:04 +0000)]
Allow functions returning void or cstring to appear in FROM clause,
to make life cushy for the JDBC driver. Centralize the decision-making
that affects this by inventing a get_type_func_class() function, rather
than adding special cases in half a dozen places.
Tom Lane [Mon, 18 Oct 2004 23:23:19 +0000 (23:23 +0000)]
Add some code to ensure that we don't lose communication sync due to
an oversize message, per suggestion from Oliver Jowett. I'm a bit
dubious that this is a real problem, since the client likely doesn't
have any more space available than the server, but it's not hard to
make it behave according to the protocol intention.
Tom Lane [Mon, 18 Oct 2004 22:00:42 +0000 (22:00 +0000)]
Add PQprepare/PQsendPrepared functions to libpq to support preparing
statements without necessarily specifying the datatypes of their parameters.
Abhijit Menon-Sen with some help from Tom Lane.
Bruce Momjian [Mon, 18 Oct 2004 16:13:43 +0000 (16:13 +0000)]
Improve indentation of sublists:
< The proper solution to this will probably the use of a master/slave
< replication solution like Sloney and a connection pooling tool like
< pgpool.
> The proper solution to this will probably the use of a master/slave
> replication solution like Sloney and a connection pooling tool like
> pgpool.
114,116c114,116
< You can use any of the master/slave replication servers to use a
< standby server for data warehousing. To allow read/write queries to
< multiple servers, you need multi-master replication like pgcluster.
> You can use any of the master/slave replication servers to use a
> standby server for data warehousing. To allow read/write queries to
> multiple servers, you need multi-master replication like pgcluster.
166,167c166,167
< Currently large objects entries do not have owners. Permissions can
< only be set at the pg_largeobject table level.
> Currently large objects entries do not have owners. Permissions can
> only be set at the pg_largeobject table level. 173c173
< This requires the TOAST column to be stored EXTERNAL.
> This requires the TOAST column to be stored EXTERNAL.
359,360c359,360
< One complexity is whether moving a schema should move all existing
< schema objects or just define the location for future object creation.
> One complexity is whether moving a schema should move all existing
> schema objects or just define the location for future object creation.
364,365c364,365
< Currently non-global system tables must be in the default database
< schema. Global system tables can never be moved.
> Currently non-global system tables must be in the default database
> schema. Global system tables can never be moved.
371,375c371,375
< This might require some background daemon to maintain clustering
< during periods of low usage. It might also require tables to be only
< paritally filled for easier reorganization. Another idea would
< be to create a merged heap/index data file so an index lookup would
< automatically access the heap data too.
> This might require some background daemon to maintain clustering
> during periods of low usage. It might also require tables to be only
> paritally filled for easier reorganization. Another idea would
> be to create a merged heap/index data file so an index lookup would
> automatically access the heap data too.
379,380c379,380
< To do this, determine the ideal cluster index for each system
< table and set the cluster setting during initdb.
> To do this, determine the ideal cluster index for each system
> table and set the cluster setting during initdb.
385,386c385,386
< This requires the use of a savepoint before each COPY line is
< processed, with ROLLBACK on COPY failure.
> This requires the use of a savepoint before each COPY line is
> processed, with ROLLBACK on COPY failure.
395,398c395,398
< This requires using the row ctid to map cursor rows back to the
< original heap row. This become more complicated if WITH HOLD cursors
< are to be supported because WITH HOLD cursors have a copy of the row
< and no FOR UPDATE lock.
> This requires using the row ctid to map cursor rows back to the
> original heap row. This become more complicated if WITH HOLD cursors
> are to be supported because WITH HOLD cursors have a copy of the row
> and no FOR UPDATE lock.
405,406c405,406
< Because WITH HOLD cursors exist outside transactions, this allows
< them to be listed so they can be closed.
> Because WITH HOLD cursors exist outside transactions, this allows
> them to be listed so they can be closed.
413,415c413,415
< This is useful for returning the auto-generated key for an INSERT.
< One complication is how to handle rules that run as part of
< the insert.
> This is useful for returning the auto-generated key for an INSERT.
> One complication is how to handle rules that run as part of
> the insert. 422c422
< This is basically the same as SET search_path.
> This is basically the same as SET search_path.
426,427c426,427
< This requires a checking function to be called after the server
< configuration file is read.
> This requires a checking function to be called after the server
> configuration file is read. 432c432
< Currently only constants are supported.
> Currently only constants are supported.
438,439c438,439
< This requires the cached PL/PgSQL byte code to be invalidated when
< an object referenced in the function is changed.
> This requires the cached PL/PgSQL byte code to be invalidated when
> an object referenced in the function is changed.
512,513c512,513
< Document differences between ecpg and the SQL standard and
< information about the Informix-compatibility module.
> Document differences between ecpg and the SQL standard and
> information about the Informix-compatibility module.
Bruce Momjian [Mon, 18 Oct 2004 03:27:14 +0000 (03:27 +0000)]
Update wording:
* Allow a database in tablespace t1 with tables created in tablespace t2
to be used as a template for a new database created with default
tablespace t2
All objects in the default database tablespace must have default tablespace
specifications. This is because new databases are created by copying
directories. If you mix default tablespace tables and tablespace-specified
tables in the same directory, creating a new database from such a mixed
directory would create a new database with tables that had incorrect
explicit tablespaces. To fix this would require modifying pg_class in the
newly copied database, which we don't currently do.
Bruce Momjian [Mon, 18 Oct 2004 02:56:42 +0000 (02:56 +0000)]
Add:
>
> * Allow a database in tablespace t1 with tables created in tablespace t2
> to be used as a template for a new database created with default
> tablespace t2
>
> All objects in the default database tablespace must have default tablespace
> specifications. This is because new databases are created by copying
> directories. If you mix default tablespace tables and tablespace-specified
> tables in the same directory, creating a new database from such a mixed
> directory would create a new database with tables that had incorrect
> explicit tablespaces. To fix this would require modifying pg_class in the
> newly copied database, which we don't currently do.
Tom Lane [Sun, 17 Oct 2004 22:01:51 +0000 (22:01 +0000)]
Allow background writing to be shut down by setting limit values to zero.
This does not disable the bgwriter process: it still has to wake up often
enough to collect fsync requests from backends in a timely fashion. But
it responds to the recent gripe about not being able to prevent the disk
from being spun up constantly.
Tom Lane [Sun, 17 Oct 2004 20:47:21 +0000 (20:47 +0000)]
Give a more user-friendly error message in situation where CREATE DATABASE
specifies a new default tablespace and the template database already has
some tables in that tablespace. There isn't any way to solve this fully
without modifying the clone database's pg_class contents, so for now the
best we can do is issue a better error message.
Tom Lane [Sun, 17 Oct 2004 20:02:26 +0000 (20:02 +0000)]
Make locale_messages_assign() really work on Windows; the prior hack
only covered the case of assigning "", and failed to recognize that
actually setlocale(LC_MESSAGES,...) does not work at all on this platform.
Magnus Hagander, some code prettification by Tom Lane.
Tom Lane [Sat, 16 Oct 2004 22:52:55 +0000 (22:52 +0000)]
Remove dllist.c from libpq. It's overkill for what libpq needs; we can
just stick a list-link into struct PGnotify instead. Result is a smaller
faster and more robust library (mainly because we reduce the number of
malloc's and free's involved in notify processing), plus less pollution
of application link-symbol namespace.
Tom Lane [Sat, 16 Oct 2004 21:50:02 +0000 (21:50 +0000)]
Include dllist.c directly instead of assuming that libpq will provide it.
Whack some semblance of project-conventions-conformance into pg_autovacuum.h.
Tom Lane [Sat, 16 Oct 2004 20:10:57 +0000 (20:10 +0000)]
Generate the various .def files for libpq DLLs from a single list of
exportable functions. The .def files are removed from CVS, but will
still be present in distribution tarballs, since we can't assume that
Windows boxes will have sed.
Tom Lane [Sat, 16 Oct 2004 19:08:38 +0000 (19:08 +0000)]
Limit NBuffers and some related values to INT_MAX / BLCKSZ, to prevent
arithmetic overflow during initial sizing calculations. This is not
water-tight but it should avoid the grossest sorts of failures.
Tom Lane [Sat, 16 Oct 2004 18:57:26 +0000 (18:57 +0000)]
Give the ResourceOwner mechanism full responsibility for releasing buffer
pins at end of transaction, and reduce AtEOXact_Buffers to an Assert
cross-check that this was done correctly. When not USE_ASSERT_CHECKING,
AtEOXact_Buffers is a complete no-op. This gets rid of an O(NBuffers)
bottleneck during transaction commit/abort, which recent testing has shown
becomes significant above a few tens of thousands of shared buffers.
Tom Lane [Sat, 16 Oct 2004 18:05:07 +0000 (18:05 +0000)]
Remove BufferLocks[] array in favor of a single pointer to the buffer
(if any) currently waited for by LockBufferForCleanup(), which is all
that we were using it for anymore. Saves some space and eliminates
proportional-to-NBuffers slowdown in UnlockBuffers().
Tom Lane [Fri, 15 Oct 2004 22:40:29 +0000 (22:40 +0000)]
Repair possible failure to update hint bits back to disk, per
http://archives.postgresql.org/pgsql-hackers/2004-10/msg00464.php.
This fix is intended to be permanent: it moves the responsibility for
calling SetBufferCommitInfoNeedsSave() into the tqual.c routines,
eliminating the requirement for callers to test whether t_infomask changed.
Also, tighten validity checking on buffer IDs in bufmgr.c --- several
routines were paranoid about out-of-range shared buffer numbers but not
about out-of-range local ones, which seems a tad pointless.
Bruce Momjian [Fri, 15 Oct 2004 17:10:58 +0000 (17:10 +0000)]
The previous build rules caused each binary to be re-linked on every
"make", even if nothing had changed. With this patch, it's only relinked
if it's actually updated.
//Magnus
PS. Yes, the old buildrule for the .rc file is still needed, as it's
used by pgevent.rc (or any other binary in the future that would need
it's own .rc file)
Bruce Momjian [Fri, 15 Oct 2004 17:08:26 +0000 (17:08 +0000)]
I have attached 5 patches (split up for ease of review) to plperl.c.
1. Two minor cleanups:
- We don't need to call hv_exists+hv_fetch; we should just check the
return value of hv_fetch.
- newSVpv("undef",0) is the string "undef", not a real undef.
2. This should fix the bug Andrew Dunstan described in a recent -hackers
post. It replaces three bogus "eval_pv(key, 0)" calls with newSVpv,
and eliminates another redundant hv_exists+hv_fetch pair.
3. plperl_build_tuple_argument builds up a string of Perl code to create
a hash representing the tuple. This patch creates the hash directly.
4. Another minor cleanup: replace a couple of av_store()s with av_push.
5. Analogous to #3 for plperl_trigger_build_args. This patch removes the
static sv_add_tuple_value function, which does much the same as two
other utility functions defined later, and merges the functionality
into plperl_hash_from_tuple.
I have tested the patches to the best of my limited ability, but I would
appreciate it very much if someone else could review and test them too.
(Thanks to Andrew and David Fetter for their help with some testing.)
Bruce Momjian [Fri, 15 Oct 2004 05:11:00 +0000 (05:11 +0000)]
> This lets you do something like:
>
> ./configure LDFLAGS=-static-libgcc LDFLAGS_SL=-static-libgcc
>
> to produce binaries that do not depend on libgcc_s.so at all.
Bruce Momjian [Fri, 15 Oct 2004 04:54:33 +0000 (04:54 +0000)]
Fix pg_ctl -D handling for Win32:
C:\msys\1.0\home\y-asaba>pg_ctl -D data restart
waiting for postmaster to shut down...LOG: received smart shutdown
request.
LOG: shutting down
LOG: database system is shut down
done
postmaster stopped
postmaster starting
C:\msys\1.0\home\y-asaba>postmaster.exe: invalid argument: "'-D'"
Try "postmaster.exe --help" for more information.
projects / postgresql / log