Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * dbcommands.c
4 : * Database management commands (create/drop database).
5 : *
6 : * Note: database creation/destruction commands use exclusive locks on
7 : * the database objects (as expressed by LockSharedObject()) to avoid
8 : * stepping on each others' toes. Formerly we used table-level locks
9 : * on pg_database, but that's too coarse-grained.
10 : *
11 : * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
12 : * Portions Copyright (c) 1994, Regents of the University of California
13 : *
14 : *
15 : * IDENTIFICATION
16 : * src/backend/commands/dbcommands.c
17 : *
18 : *-------------------------------------------------------------------------
19 : */
20 : #include "postgres.h"
21 :
22 : #include <fcntl.h>
23 : #include <unistd.h>
24 : #include <sys/stat.h>
25 :
26 : #include "access/genam.h"
27 : #include "access/heapam.h"
28 : #include "access/htup_details.h"
29 : #include "access/multixact.h"
30 : #include "access/tableam.h"
31 : #include "access/xact.h"
32 : #include "access/xloginsert.h"
33 : #include "access/xlogrecovery.h"
34 : #include "access/xlogutils.h"
35 : #include "catalog/catalog.h"
36 : #include "catalog/dependency.h"
37 : #include "catalog/indexing.h"
38 : #include "catalog/objectaccess.h"
39 : #include "catalog/pg_authid.h"
40 : #include "catalog/pg_collation.h"
41 : #include "catalog/pg_database.h"
42 : #include "catalog/pg_db_role_setting.h"
43 : #include "catalog/pg_subscription.h"
44 : #include "catalog/pg_tablespace.h"
45 : #include "commands/comment.h"
46 : #include "commands/dbcommands.h"
47 : #include "commands/dbcommands_xlog.h"
48 : #include "commands/defrem.h"
49 : #include "commands/seclabel.h"
50 : #include "commands/tablespace.h"
51 : #include "common/file_perm.h"
52 : #include "mb/pg_wchar.h"
53 : #include "miscadmin.h"
54 : #include "pgstat.h"
55 : #include "postmaster/bgwriter.h"
56 : #include "replication/slot.h"
57 : #include "storage/copydir.h"
58 : #include "storage/fd.h"
59 : #include "storage/ipc.h"
60 : #include "storage/lmgr.h"
61 : #include "storage/md.h"
62 : #include "storage/procarray.h"
63 : #include "storage/smgr.h"
64 : #include "utils/acl.h"
65 : #include "utils/builtins.h"
66 : #include "utils/fmgroids.h"
67 : #include "utils/lsyscache.h"
68 : #include "utils/pg_locale.h"
69 : #include "utils/relmapper.h"
70 : #include "utils/snapmgr.h"
71 : #include "utils/syscache.h"
72 :
73 : /*
74 : * Create database strategy.
75 : *
76 : * CREATEDB_WAL_LOG will copy the database at the block level and WAL log each
77 : * copied block.
78 : *
79 : * CREATEDB_FILE_COPY will simply perform a file system level copy of the
80 : * database and log a single record for each tablespace copied. To make this
81 : * safe, it also triggers checkpoints before and after the operation.
82 : */
83 : typedef enum CreateDBStrategy
84 : {
85 : CREATEDB_WAL_LOG,
86 : CREATEDB_FILE_COPY,
87 : } CreateDBStrategy;
88 :
89 : typedef struct
90 : {
91 : Oid src_dboid; /* source (template) DB */
92 : Oid dest_dboid; /* DB we are trying to create */
93 : CreateDBStrategy strategy; /* create db strategy */
94 : } createdb_failure_params;
95 :
96 : typedef struct
97 : {
98 : Oid dest_dboid; /* DB we are trying to move */
99 : Oid dest_tsoid; /* tablespace we are trying to move to */
100 : } movedb_failure_params;
101 :
102 : /*
103 : * Information about a relation to be copied when creating a database.
104 : */
105 : typedef struct CreateDBRelInfo
106 : {
107 : RelFileLocator rlocator; /* physical relation identifier */
108 : Oid reloid; /* relation oid */
109 : bool permanent; /* relation is permanent or unlogged */
110 : } CreateDBRelInfo;
111 :
112 :
113 : /* non-export function prototypes */
114 : static void createdb_failure_callback(int code, Datum arg);
115 : static void movedb(const char *dbname, const char *tblspcname);
116 : static void movedb_failure_callback(int code, Datum arg);
117 : static bool get_db_info(const char *name, LOCKMODE lockmode,
118 : Oid *dbIdP, Oid *ownerIdP,
119 : int *encodingP, bool *dbIsTemplateP, bool *dbAllowConnP, bool *dbHasLoginEvtP,
120 : TransactionId *dbFrozenXidP, MultiXactId *dbMinMultiP,
121 : Oid *dbTablespace, char **dbCollate, char **dbCtype, char **dbLocale,
122 : char **dbIcurules,
123 : char *dbLocProvider,
124 : char **dbCollversion);
125 : static void remove_dbtablespaces(Oid db_id);
126 : static bool check_db_file_conflict(Oid db_id);
127 : static int errdetail_busy_db(int notherbackends, int npreparedxacts);
128 : static void CreateDatabaseUsingWalLog(Oid src_dboid, Oid dst_dboid, Oid src_tsid,
129 : Oid dst_tsid);
130 : static List *ScanSourceDatabasePgClass(Oid tbid, Oid dbid, char *srcpath);
131 : static List *ScanSourceDatabasePgClassPage(Page page, Buffer buf, Oid tbid,
132 : Oid dbid, char *srcpath,
133 : List *rlocatorlist, Snapshot snapshot);
134 : static CreateDBRelInfo *ScanSourceDatabasePgClassTuple(HeapTupleData *tuple,
135 : Oid tbid, Oid dbid,
136 : char *srcpath);
137 : static void CreateDirAndVersionFile(char *dbpath, Oid dbid, Oid tsid,
138 : bool isRedo);
139 : static void CreateDatabaseUsingFileCopy(Oid src_dboid, Oid dst_dboid,
140 : Oid src_tsid, Oid dst_tsid);
141 : static void recovery_create_dbdir(char *path, bool only_tblspc);
142 :
143 : /*
144 : * Create a new database using the WAL_LOG strategy.
145 : *
146 : * Each copied block is separately written to the write-ahead log.
147 : */
148 : static void
149 502 : CreateDatabaseUsingWalLog(Oid src_dboid, Oid dst_dboid,
150 : Oid src_tsid, Oid dst_tsid)
151 : {
152 : char *srcpath;
153 : char *dstpath;
154 502 : List *rlocatorlist = NULL;
155 : ListCell *cell;
156 : LockRelId srcrelid;
157 : LockRelId dstrelid;
158 : RelFileLocator srcrlocator;
159 : RelFileLocator dstrlocator;
160 : CreateDBRelInfo *relinfo;
161 :
162 : /* Get source and destination database paths. */
163 502 : srcpath = GetDatabasePath(src_dboid, src_tsid);
164 502 : dstpath = GetDatabasePath(dst_dboid, dst_tsid);
165 :
166 : /* Create database directory and write PG_VERSION file. */
167 502 : CreateDirAndVersionFile(dstpath, dst_dboid, dst_tsid, false);
168 :
169 : /* Copy relmap file from source database to the destination database. */
170 502 : RelationMapCopy(dst_dboid, dst_tsid, srcpath, dstpath);
171 :
172 : /* Get list of relfilelocators to copy from the source database. */
173 502 : rlocatorlist = ScanSourceDatabasePgClass(src_tsid, src_dboid, srcpath);
174 : Assert(rlocatorlist != NIL);
175 :
176 : /*
177 : * Database IDs will be the same for all relations so set them before
178 : * entering the loop.
179 : */
180 502 : srcrelid.dbId = src_dboid;
181 502 : dstrelid.dbId = dst_dboid;
182 :
183 : /* Loop over our list of relfilelocators and copy each one. */
184 112090 : foreach(cell, rlocatorlist)
185 : {
186 111592 : relinfo = lfirst(cell);
187 111592 : srcrlocator = relinfo->rlocator;
188 :
189 : /*
190 : * If the relation is from the source db's default tablespace then we
191 : * need to create it in the destination db's default tablespace.
192 : * Otherwise, we need to create in the same tablespace as it is in the
193 : * source database.
194 : */
195 111592 : if (srcrlocator.spcOid == src_tsid)
196 111592 : dstrlocator.spcOid = dst_tsid;
197 : else
198 0 : dstrlocator.spcOid = srcrlocator.spcOid;
199 :
200 111592 : dstrlocator.dbOid = dst_dboid;
201 111592 : dstrlocator.relNumber = srcrlocator.relNumber;
202 :
203 : /*
204 : * Acquire locks on source and target relations before copying.
205 : *
206 : * We typically do not read relation data into shared_buffers without
207 : * holding a relation lock. It's unclear what could go wrong if we
208 : * skipped it in this case, because nobody can be modifying either the
209 : * source or destination database at this point, and we have locks on
210 : * both databases, too, but let's take the conservative route.
211 : */
212 111592 : dstrelid.relId = srcrelid.relId = relinfo->reloid;
213 111592 : LockRelationId(&srcrelid, AccessShareLock);
214 111592 : LockRelationId(&dstrelid, AccessShareLock);
215 :
216 : /* Copy relation storage from source to the destination. */
217 111592 : CreateAndCopyRelationData(srcrlocator, dstrlocator, relinfo->permanent);
218 :
219 : /* Release the relation locks. */
220 111588 : UnlockRelationId(&srcrelid, AccessShareLock);
221 111588 : UnlockRelationId(&dstrelid, AccessShareLock);
222 : }
223 :
224 498 : pfree(srcpath);
225 498 : pfree(dstpath);
226 498 : list_free_deep(rlocatorlist);
227 498 : }
228 :
229 : /*
230 : * Scan the pg_class table in the source database to identify the relations
231 : * that need to be copied to the destination database.
232 : *
233 : * This is an exception to the usual rule that cross-database access is
234 : * not possible. We can make it work here because we know that there are no
235 : * connections to the source database and (since there can't be prepared
236 : * transactions touching that database) no in-doubt tuples either. This
237 : * means that we don't need to worry about pruning removing anything from
238 : * under us, and we don't need to be too picky about our snapshot either.
239 : * As long as it sees all previously-committed XIDs as committed and all
240 : * aborted XIDs as aborted, we should be fine: nothing else is possible
241 : * here.
242 : *
243 : * We can't rely on the relcache for anything here, because that only knows
244 : * about the database to which we are connected, and can't handle access to
245 : * other databases. That also means we can't rely on the heap scan
246 : * infrastructure, which would be a bad idea anyway since it might try
247 : * to do things like HOT pruning which we definitely can't do safely in
248 : * a database to which we're not even connected.
249 : */
250 : static List *
251 502 : ScanSourceDatabasePgClass(Oid tbid, Oid dbid, char *srcpath)
252 : {
253 : RelFileLocator rlocator;
254 : BlockNumber nblocks;
255 : BlockNumber blkno;
256 : Buffer buf;
257 : RelFileNumber relfilenumber;
258 : Page page;
259 502 : List *rlocatorlist = NIL;
260 : LockRelId relid;
261 : Snapshot snapshot;
262 : SMgrRelation smgr;
263 : BufferAccessStrategy bstrategy;
264 :
265 : /* Get pg_class relfilenumber. */
266 502 : relfilenumber = RelationMapOidToFilenumberForDatabase(srcpath,
267 : RelationRelationId);
268 :
269 : /* Don't read data into shared_buffers without holding a relation lock. */
270 502 : relid.dbId = dbid;
271 502 : relid.relId = RelationRelationId;
272 502 : LockRelationId(&relid, AccessShareLock);
273 :
274 : /* Prepare a RelFileLocator for the pg_class relation. */
275 502 : rlocator.spcOid = tbid;
276 502 : rlocator.dbOid = dbid;
277 502 : rlocator.relNumber = relfilenumber;
278 :
279 502 : smgr = smgropen(rlocator, INVALID_PROC_NUMBER);
280 502 : nblocks = smgrnblocks(smgr, MAIN_FORKNUM);
281 502 : smgrclose(smgr);
282 :
283 : /* Use a buffer access strategy since this is a bulk read operation. */
284 502 : bstrategy = GetAccessStrategy(BAS_BULKREAD);
285 :
286 : /*
287 : * As explained in the function header comments, we need a snapshot that
288 : * will see all committed transactions as committed, and our transaction
289 : * snapshot - or the active snapshot - might not be new enough for that,
290 : * but the return value of GetLatestSnapshot() should work fine.
291 : */
292 502 : snapshot = RegisterSnapshot(GetLatestSnapshot());
293 :
294 : /* Process the relation block by block. */
295 7530 : for (blkno = 0; blkno < nblocks; blkno++)
296 : {
297 7028 : CHECK_FOR_INTERRUPTS();
298 :
299 7028 : buf = ReadBufferWithoutRelcache(rlocator, MAIN_FORKNUM, blkno,
300 : RBM_NORMAL, bstrategy, true);
301 :
302 7028 : LockBuffer(buf, BUFFER_LOCK_SHARE);
303 7028 : page = BufferGetPage(buf);
304 7028 : if (PageIsNew(page) || PageIsEmpty(page))
305 : {
306 0 : UnlockReleaseBuffer(buf);
307 0 : continue;
308 : }
309 :
310 : /* Append relevant pg_class tuples for current page to rlocatorlist. */
311 7028 : rlocatorlist = ScanSourceDatabasePgClassPage(page, buf, tbid, dbid,
312 : srcpath, rlocatorlist,
313 : snapshot);
314 :
315 7028 : UnlockReleaseBuffer(buf);
316 : }
317 502 : UnregisterSnapshot(snapshot);
318 :
319 : /* Release relation lock. */
320 502 : UnlockRelationId(&relid, AccessShareLock);
321 :
322 502 : return rlocatorlist;
323 : }
324 :
325 : /*
326 : * Scan one page of the source database's pg_class relation and add relevant
327 : * entries to rlocatorlist. The return value is the updated list.
328 : */
329 : static List *
330 7028 : ScanSourceDatabasePgClassPage(Page page, Buffer buf, Oid tbid, Oid dbid,
331 : char *srcpath, List *rlocatorlist,
332 : Snapshot snapshot)
333 : {
334 7028 : BlockNumber blkno = BufferGetBlockNumber(buf);
335 : OffsetNumber offnum;
336 : OffsetNumber maxoff;
337 : HeapTupleData tuple;
338 :
339 7028 : maxoff = PageGetMaxOffsetNumber(page);
340 :
341 : /* Loop over offsets. */
342 7028 : for (offnum = FirstOffsetNumber;
343 362122 : offnum <= maxoff;
344 355094 : offnum = OffsetNumberNext(offnum))
345 : {
346 : ItemId itemid;
347 :
348 355094 : itemid = PageGetItemId(page, offnum);
349 :
350 : /* Nothing to do if slot is empty or already dead. */
351 355094 : if (!ItemIdIsUsed(itemid) || ItemIdIsDead(itemid) ||
352 254082 : ItemIdIsRedirected(itemid))
353 145690 : continue;
354 :
355 : Assert(ItemIdIsNormal(itemid));
356 209404 : ItemPointerSet(&(tuple.t_self), blkno, offnum);
357 :
358 : /* Initialize a HeapTupleData structure. */
359 209404 : tuple.t_data = (HeapTupleHeader) PageGetItem(page, itemid);
360 209404 : tuple.t_len = ItemIdGetLength(itemid);
361 209404 : tuple.t_tableOid = RelationRelationId;
362 :
363 : /* Skip tuples that are not visible to this snapshot. */
364 209404 : if (HeapTupleSatisfiesVisibility(&tuple, snapshot, buf))
365 : {
366 : CreateDBRelInfo *relinfo;
367 :
368 : /*
369 : * ScanSourceDatabasePgClassTuple is in charge of constructing a
370 : * CreateDBRelInfo object for this tuple, but can also decide that
371 : * this tuple isn't something we need to copy. If we do need to
372 : * copy the relation, add it to the list.
373 : */
374 209374 : relinfo = ScanSourceDatabasePgClassTuple(&tuple, tbid, dbid,
375 : srcpath);
376 209374 : if (relinfo != NULL)
377 112488 : rlocatorlist = lappend(rlocatorlist, relinfo);
378 : }
379 : }
380 :
381 7028 : return rlocatorlist;
382 : }
383 :
384 : /*
385 : * Decide whether a certain pg_class tuple represents something that
386 : * needs to be copied from the source database to the destination database,
387 : * and if so, construct a CreateDBRelInfo for it.
388 : *
389 : * Visibility checks are handled by the caller, so our job here is just
390 : * to assess the data stored in the tuple.
391 : */
392 : CreateDBRelInfo *
393 209374 : ScanSourceDatabasePgClassTuple(HeapTupleData *tuple, Oid tbid, Oid dbid,
394 : char *srcpath)
395 : {
396 : CreateDBRelInfo *relinfo;
397 : Form_pg_class classForm;
398 209374 : RelFileNumber relfilenumber = InvalidRelFileNumber;
399 :
400 209374 : classForm = (Form_pg_class) GETSTRUCT(tuple);
401 :
402 : /*
403 : * Return NULL if this object does not need to be copied.
404 : *
405 : * Shared objects don't need to be copied, because they are shared.
406 : * Objects without storage can't be copied, because there's nothing to
407 : * copy. Temporary relations don't need to be copied either, because they
408 : * are inaccessible outside of the session that created them, which must
409 : * be gone already, and couldn't connect to a different database if it
410 : * still existed. autovacuum will eventually remove the pg_class entries
411 : * as well.
412 : */
413 209374 : if (classForm->reltablespace == GLOBALTABLESPACE_OID ||
414 186282 : !RELKIND_HAS_STORAGE(classForm->relkind) ||
415 112488 : classForm->relpersistence == RELPERSISTENCE_TEMP)
416 96886 : return NULL;
417 :
418 : /*
419 : * If relfilenumber is valid then directly use it. Otherwise, consult the
420 : * relmap.
421 : */
422 112488 : if (RelFileNumberIsValid(classForm->relfilenode))
423 103954 : relfilenumber = classForm->relfilenode;
424 : else
425 8534 : relfilenumber = RelationMapOidToFilenumberForDatabase(srcpath,
426 : classForm->oid);
427 :
428 : /* We must have a valid relfilenumber. */
429 112488 : if (!RelFileNumberIsValid(relfilenumber))
430 0 : elog(ERROR, "relation with OID %u does not have a valid relfilenumber",
431 : classForm->oid);
432 :
433 : /* Prepare a rel info element and add it to the list. */
434 112488 : relinfo = palloc_object(CreateDBRelInfo);
435 112488 : if (OidIsValid(classForm->reltablespace))
436 0 : relinfo->rlocator.spcOid = classForm->reltablespace;
437 : else
438 112488 : relinfo->rlocator.spcOid = tbid;
439 :
440 112488 : relinfo->rlocator.dbOid = dbid;
441 112488 : relinfo->rlocator.relNumber = relfilenumber;
442 112488 : relinfo->reloid = classForm->oid;
443 :
444 : /* Temporary relations were rejected above. */
445 : Assert(classForm->relpersistence != RELPERSISTENCE_TEMP);
446 112488 : relinfo->permanent =
447 112488 : (classForm->relpersistence == RELPERSISTENCE_PERMANENT) ? true : false;
448 :
449 112488 : return relinfo;
450 : }
451 :
452 : /*
453 : * Create database directory and write out the PG_VERSION file in the database
454 : * path. If isRedo is true, it's okay for the database directory to exist
455 : * already.
456 : */
457 : static void
458 548 : CreateDirAndVersionFile(char *dbpath, Oid dbid, Oid tsid, bool isRedo)
459 : {
460 : int fd;
461 : int nbytes;
462 : char versionfile[MAXPGPATH];
463 : char buf[16];
464 :
465 : /*
466 : * Note that we don't have to copy version data from the source database;
467 : * there's only one legal value.
468 : */
469 548 : sprintf(buf, "%s\n", PG_MAJORVERSION);
470 548 : nbytes = strlen(PG_MAJORVERSION) + 1;
471 :
472 : /* Create database directory. */
473 548 : if (MakePGDirectory(dbpath) < 0)
474 : {
475 : /* Failure other than already exists or not in WAL replay? */
476 16 : if (errno != EEXIST || !isRedo)
477 0 : ereport(ERROR,
478 : (errcode_for_file_access(),
479 : errmsg("could not create directory \"%s\": %m", dbpath)));
480 : }
481 :
482 : /*
483 : * Create PG_VERSION file in the database path. If the file already
484 : * exists and we are in WAL replay then try again to open it in write
485 : * mode.
486 : */
487 548 : snprintf(versionfile, sizeof(versionfile), "%s/%s", dbpath, "PG_VERSION");
488 :
489 548 : fd = OpenTransientFile(versionfile, O_WRONLY | O_CREAT | O_EXCL | PG_BINARY);
490 548 : if (fd < 0 && errno == EEXIST && isRedo)
491 16 : fd = OpenTransientFile(versionfile, O_WRONLY | O_TRUNC | PG_BINARY);
492 :
493 548 : if (fd < 0)
494 0 : ereport(ERROR,
495 : (errcode_for_file_access(),
496 : errmsg("could not create file \"%s\": %m", versionfile)));
497 :
498 : /* Write PG_MAJORVERSION in the PG_VERSION file. */
499 548 : pgstat_report_wait_start(WAIT_EVENT_VERSION_FILE_WRITE);
500 548 : errno = 0;
501 548 : if ((int) write(fd, buf, nbytes) != nbytes)
502 : {
503 : /* If write didn't set errno, assume problem is no disk space. */
504 0 : if (errno == 0)
505 0 : errno = ENOSPC;
506 0 : ereport(ERROR,
507 : (errcode_for_file_access(),
508 : errmsg("could not write to file \"%s\": %m", versionfile)));
509 : }
510 548 : pgstat_report_wait_end();
511 :
512 548 : pgstat_report_wait_start(WAIT_EVENT_VERSION_FILE_SYNC);
513 548 : if (pg_fsync(fd) != 0)
514 0 : ereport(data_sync_elevel(ERROR),
515 : (errcode_for_file_access(),
516 : errmsg("could not fsync file \"%s\": %m", versionfile)));
517 548 : fsync_fname(dbpath, true);
518 548 : pgstat_report_wait_end();
519 :
520 : /* Close the version file. */
521 548 : CloseTransientFile(fd);
522 :
523 : /* If we are not in WAL replay then write the WAL. */
524 548 : if (!isRedo)
525 : {
526 : xl_dbase_create_wal_log_rec xlrec;
527 :
528 502 : START_CRIT_SECTION();
529 :
530 502 : xlrec.db_id = dbid;
531 502 : xlrec.tablespace_id = tsid;
532 :
533 502 : XLogBeginInsert();
534 502 : XLogRegisterData(&xlrec,
535 : sizeof(xl_dbase_create_wal_log_rec));
536 :
537 502 : (void) XLogInsert(RM_DBASE_ID, XLOG_DBASE_CREATE_WAL_LOG);
538 :
539 502 : END_CRIT_SECTION();
540 : }
541 548 : }
542 :
543 : /*
544 : * Create a new database using the FILE_COPY strategy.
545 : *
546 : * Copy each tablespace at the filesystem level, and log a single WAL record
547 : * for each tablespace copied. This requires a checkpoint before and after the
548 : * copy, which may be expensive, but it does greatly reduce WAL generation
549 : * if the copied database is large.
550 : */
551 : static void
552 276 : CreateDatabaseUsingFileCopy(Oid src_dboid, Oid dst_dboid, Oid src_tsid,
553 : Oid dst_tsid)
554 : {
555 : TableScanDesc scan;
556 : Relation rel;
557 : HeapTuple tuple;
558 :
559 : /*
560 : * Force a checkpoint before starting the copy. This will force all dirty
561 : * buffers, including those of unlogged tables, out to disk, to ensure
562 : * source database is up-to-date on disk for the copy.
563 : * FlushDatabaseBuffers() would suffice for that, but we also want to
564 : * process any pending unlink requests. Otherwise, if a checkpoint
565 : * happened while we're copying files, a file might be deleted just when
566 : * we're about to copy it, causing the lstat() call in copydir() to fail
567 : * with ENOENT.
568 : *
569 : * In binary upgrade mode, we can skip this checkpoint because pg_upgrade
570 : * is careful to ensure that template0 is fully written to disk prior to
571 : * any CREATE DATABASE commands.
572 : */
573 276 : if (!IsBinaryUpgrade)
574 216 : RequestCheckpoint(CHECKPOINT_FAST | CHECKPOINT_FORCE |
575 : CHECKPOINT_WAIT | CHECKPOINT_FLUSH_UNLOGGED);
576 :
577 : /*
578 : * Iterate through all tablespaces of the template database, and copy each
579 : * one to the new database.
580 : */
581 276 : rel = table_open(TableSpaceRelationId, AccessShareLock);
582 276 : scan = table_beginscan_catalog(rel, 0, NULL);
583 896 : while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
584 : {
585 620 : Form_pg_tablespace spaceform = (Form_pg_tablespace) GETSTRUCT(tuple);
586 620 : Oid srctablespace = spaceform->oid;
587 : Oid dsttablespace;
588 : char *srcpath;
589 : char *dstpath;
590 : struct stat st;
591 :
592 : /* No need to copy global tablespace */
593 620 : if (srctablespace == GLOBALTABLESPACE_OID)
594 344 : continue;
595 :
596 344 : srcpath = GetDatabasePath(src_dboid, srctablespace);
597 :
598 620 : if (stat(srcpath, &st) < 0 || !S_ISDIR(st.st_mode) ||
599 276 : directory_is_empty(srcpath))
600 : {
601 : /* Assume we can ignore it */
602 68 : pfree(srcpath);
603 68 : continue;
604 : }
605 :
606 276 : if (srctablespace == src_tsid)
607 276 : dsttablespace = dst_tsid;
608 : else
609 0 : dsttablespace = srctablespace;
610 :
611 276 : dstpath = GetDatabasePath(dst_dboid, dsttablespace);
612 :
613 : /*
614 : * Copy this subdirectory to the new location
615 : *
616 : * We don't need to copy subdirectories
617 : */
618 276 : copydir(srcpath, dstpath, false);
619 :
620 : /* Record the filesystem change in XLOG */
621 : {
622 : xl_dbase_create_file_copy_rec xlrec;
623 :
624 276 : xlrec.db_id = dst_dboid;
625 276 : xlrec.tablespace_id = dsttablespace;
626 276 : xlrec.src_db_id = src_dboid;
627 276 : xlrec.src_tablespace_id = srctablespace;
628 :
629 276 : XLogBeginInsert();
630 276 : XLogRegisterData(&xlrec,
631 : sizeof(xl_dbase_create_file_copy_rec));
632 :
633 276 : (void) XLogInsert(RM_DBASE_ID,
634 : XLOG_DBASE_CREATE_FILE_COPY | XLR_SPECIAL_REL_UPDATE);
635 : }
636 276 : pfree(srcpath);
637 276 : pfree(dstpath);
638 : }
639 276 : table_endscan(scan);
640 276 : table_close(rel, AccessShareLock);
641 :
642 : /*
643 : * We force a checkpoint before committing. This effectively means that
644 : * committed XLOG_DBASE_CREATE_FILE_COPY operations will never need to be
645 : * replayed (at least not in ordinary crash recovery; we still have to
646 : * make the XLOG entry for the benefit of PITR operations). This avoids
647 : * two nasty scenarios:
648 : *
649 : * #1: At wal_level=minimal, we don't XLOG the contents of newly created
650 : * relfilenodes; therefore the drop-and-recreate-whole-directory behavior
651 : * of DBASE_CREATE replay would lose such files created in the new
652 : * database between our commit and the next checkpoint.
653 : *
654 : * #2: Since we have to recopy the source database during DBASE_CREATE
655 : * replay, we run the risk of copying changes in it that were committed
656 : * after the original CREATE DATABASE command but before the system crash
657 : * that led to the replay. This is at least unexpected and at worst could
658 : * lead to inconsistencies, eg duplicate table names.
659 : *
660 : * (Both of these were real bugs in releases 8.0 through 8.0.3.)
661 : *
662 : * In PITR replay, the first of these isn't an issue, and the second is
663 : * only a risk if the CREATE DATABASE and subsequent template database
664 : * change both occur while a base backup is being taken. There doesn't
665 : * seem to be much we can do about that except document it as a
666 : * limitation.
667 : *
668 : * In binary upgrade mode, we can skip this checkpoint because neither of
669 : * these problems applies: we don't ever replay the WAL generated during
670 : * pg_upgrade, and we don't support taking base backups during pg_upgrade
671 : * (not to mention that we don't concurrently modify template0, either).
672 : *
673 : * See CreateDatabaseUsingWalLog() for a less cheesy CREATE DATABASE
674 : * strategy that avoids these problems.
675 : */
676 276 : if (!IsBinaryUpgrade)
677 216 : RequestCheckpoint(CHECKPOINT_FAST | CHECKPOINT_FORCE |
678 : CHECKPOINT_WAIT);
679 276 : }
680 :
681 : /*
682 : * CREATE DATABASE
683 : */
684 : Oid
685 812 : createdb(ParseState *pstate, const CreatedbStmt *stmt)
686 : {
687 : Oid src_dboid;
688 : Oid src_owner;
689 812 : int src_encoding = -1;
690 812 : char *src_collate = NULL;
691 812 : char *src_ctype = NULL;
692 812 : char *src_locale = NULL;
693 812 : char *src_icurules = NULL;
694 812 : char src_locprovider = '\0';
695 812 : char *src_collversion = NULL;
696 : bool src_istemplate;
697 812 : bool src_hasloginevt = false;
698 : bool src_allowconn;
699 812 : TransactionId src_frozenxid = InvalidTransactionId;
700 812 : MultiXactId src_minmxid = InvalidMultiXactId;
701 : Oid src_deftablespace;
702 : volatile Oid dst_deftablespace;
703 : Relation pg_database_rel;
704 : HeapTuple tuple;
705 812 : Datum new_record[Natts_pg_database] = {0};
706 812 : bool new_record_nulls[Natts_pg_database] = {0};
707 812 : Oid dboid = InvalidOid;
708 : Oid datdba;
709 : ListCell *option;
710 812 : DefElem *tablespacenameEl = NULL;
711 812 : DefElem *ownerEl = NULL;
712 812 : DefElem *templateEl = NULL;
713 812 : DefElem *encodingEl = NULL;
714 812 : DefElem *localeEl = NULL;
715 812 : DefElem *builtinlocaleEl = NULL;
716 812 : DefElem *collateEl = NULL;
717 812 : DefElem *ctypeEl = NULL;
718 812 : DefElem *iculocaleEl = NULL;
719 812 : DefElem *icurulesEl = NULL;
720 812 : DefElem *locproviderEl = NULL;
721 812 : DefElem *istemplateEl = NULL;
722 812 : DefElem *allowconnectionsEl = NULL;
723 812 : DefElem *connlimitEl = NULL;
724 812 : DefElem *collversionEl = NULL;
725 812 : DefElem *strategyEl = NULL;
726 812 : char *dbname = stmt->dbname;
727 812 : char *dbowner = NULL;
728 812 : const char *dbtemplate = NULL;
729 812 : char *dbcollate = NULL;
730 812 : char *dbctype = NULL;
731 812 : const char *dblocale = NULL;
732 812 : char *dbicurules = NULL;
733 812 : char dblocprovider = '\0';
734 : char *canonname;
735 812 : int encoding = -1;
736 812 : bool dbistemplate = false;
737 812 : bool dballowconnections = true;
738 812 : int dbconnlimit = DATCONNLIMIT_UNLIMITED;
739 812 : char *dbcollversion = NULL;
740 : int notherbackends;
741 : int npreparedxacts;
742 812 : CreateDBStrategy dbstrategy = CREATEDB_WAL_LOG;
743 : createdb_failure_params fparms;
744 :
745 : /* Extract options from the statement node tree */
746 2432 : foreach(option, stmt->options)
747 : {
748 1620 : DefElem *defel = (DefElem *) lfirst(option);
749 :
750 1620 : if (strcmp(defel->defname, "tablespace") == 0)
751 : {
752 34 : if (tablespacenameEl)
753 0 : errorConflictingDefElem(defel, pstate);
754 34 : tablespacenameEl = defel;
755 : }
756 1586 : else if (strcmp(defel->defname, "owner") == 0)
757 : {
758 2 : if (ownerEl)
759 0 : errorConflictingDefElem(defel, pstate);
760 2 : ownerEl = defel;
761 : }
762 1584 : else if (strcmp(defel->defname, "template") == 0)
763 : {
764 364 : if (templateEl)
765 0 : errorConflictingDefElem(defel, pstate);
766 364 : templateEl = defel;
767 : }
768 1220 : else if (strcmp(defel->defname, "encoding") == 0)
769 : {
770 106 : if (encodingEl)
771 0 : errorConflictingDefElem(defel, pstate);
772 106 : encodingEl = defel;
773 : }
774 1114 : else if (strcmp(defel->defname, "locale") == 0)
775 : {
776 108 : if (localeEl)
777 0 : errorConflictingDefElem(defel, pstate);
778 108 : localeEl = defel;
779 : }
780 1006 : else if (strcmp(defel->defname, "builtin_locale") == 0)
781 : {
782 16 : if (builtinlocaleEl)
783 0 : errorConflictingDefElem(defel, pstate);
784 16 : builtinlocaleEl = defel;
785 : }
786 990 : else if (strcmp(defel->defname, "lc_collate") == 0)
787 : {
788 16 : if (collateEl)
789 0 : errorConflictingDefElem(defel, pstate);
790 16 : collateEl = defel;
791 : }
792 974 : else if (strcmp(defel->defname, "lc_ctype") == 0)
793 : {
794 16 : if (ctypeEl)
795 0 : errorConflictingDefElem(defel, pstate);
796 16 : ctypeEl = defel;
797 : }
798 958 : else if (strcmp(defel->defname, "icu_locale") == 0)
799 : {
800 10 : if (iculocaleEl)
801 0 : errorConflictingDefElem(defel, pstate);
802 10 : iculocaleEl = defel;
803 : }
804 948 : else if (strcmp(defel->defname, "icu_rules") == 0)
805 : {
806 2 : if (icurulesEl)
807 0 : errorConflictingDefElem(defel, pstate);
808 2 : icurulesEl = defel;
809 : }
810 946 : else if (strcmp(defel->defname, "locale_provider") == 0)
811 : {
812 118 : if (locproviderEl)
813 0 : errorConflictingDefElem(defel, pstate);
814 118 : locproviderEl = defel;
815 : }
816 828 : else if (strcmp(defel->defname, "is_template") == 0)
817 : {
818 102 : if (istemplateEl)
819 0 : errorConflictingDefElem(defel, pstate);
820 102 : istemplateEl = defel;
821 : }
822 726 : else if (strcmp(defel->defname, "allow_connections") == 0)
823 : {
824 100 : if (allowconnectionsEl)
825 0 : errorConflictingDefElem(defel, pstate);
826 100 : allowconnectionsEl = defel;
827 : }
828 626 : else if (strcmp(defel->defname, "connection_limit") == 0)
829 : {
830 0 : if (connlimitEl)
831 0 : errorConflictingDefElem(defel, pstate);
832 0 : connlimitEl = defel;
833 : }
834 626 : else if (strcmp(defel->defname, "collation_version") == 0)
835 : {
836 60 : if (collversionEl)
837 0 : errorConflictingDefElem(defel, pstate);
838 60 : collversionEl = defel;
839 : }
840 566 : else if (strcmp(defel->defname, "location") == 0)
841 : {
842 0 : ereport(WARNING,
843 : (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
844 : errmsg("LOCATION is not supported anymore"),
845 : errhint("Consider using tablespaces instead."),
846 : parser_errposition(pstate, defel->location)));
847 : }
848 566 : else if (strcmp(defel->defname, "oid") == 0)
849 : {
850 266 : dboid = defGetObjectId(defel);
851 :
852 : /*
853 : * We don't normally permit new databases to be created with
854 : * system-assigned OIDs. pg_upgrade tries to preserve database
855 : * OIDs, so we can't allow any database to be created with an OID
856 : * that might be in use in a freshly-initialized cluster created
857 : * by some future version. We assume all such OIDs will be from
858 : * the system-managed OID range.
859 : *
860 : * As an exception, however, we permit any OID to be assigned when
861 : * allow_system_table_mods=on (so that initdb can assign system
862 : * OIDs to template0 and postgres) or when performing a binary
863 : * upgrade (so that pg_upgrade can preserve whatever OIDs it finds
864 : * in the source cluster).
865 : */
866 266 : if (dboid < FirstNormalObjectId &&
867 232 : !allowSystemTableMods && !IsBinaryUpgrade)
868 0 : ereport(ERROR,
869 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE)),
870 : errmsg("OIDs less than %u are reserved for system objects", FirstNormalObjectId));
871 : }
872 300 : else if (strcmp(defel->defname, "strategy") == 0)
873 : {
874 300 : if (strategyEl)
875 0 : errorConflictingDefElem(defel, pstate);
876 300 : strategyEl = defel;
877 : }
878 : else
879 0 : ereport(ERROR,
880 : (errcode(ERRCODE_SYNTAX_ERROR),
881 : errmsg("option \"%s\" not recognized", defel->defname),
882 : parser_errposition(pstate, defel->location)));
883 : }
884 :
885 812 : if (ownerEl && ownerEl->arg)
886 2 : dbowner = defGetString(ownerEl);
887 812 : if (templateEl && templateEl->arg)
888 364 : dbtemplate = defGetString(templateEl);
889 812 : if (encodingEl && encodingEl->arg)
890 : {
891 : const char *encoding_name;
892 :
893 106 : if (IsA(encodingEl->arg, Integer))
894 : {
895 0 : encoding = defGetInt32(encodingEl);
896 0 : encoding_name = pg_encoding_to_char(encoding);
897 0 : if (strcmp(encoding_name, "") == 0 ||
898 0 : pg_valid_server_encoding(encoding_name) < 0)
899 0 : ereport(ERROR,
900 : (errcode(ERRCODE_UNDEFINED_OBJECT),
901 : errmsg("%d is not a valid encoding code",
902 : encoding),
903 : parser_errposition(pstate, encodingEl->location)));
904 : }
905 : else
906 : {
907 106 : encoding_name = defGetString(encodingEl);
908 106 : encoding = pg_valid_server_encoding(encoding_name);
909 106 : if (encoding < 0)
910 0 : ereport(ERROR,
911 : (errcode(ERRCODE_UNDEFINED_OBJECT),
912 : errmsg("%s is not a valid encoding name",
913 : encoding_name),
914 : parser_errposition(pstate, encodingEl->location)));
915 : }
916 : }
917 812 : if (localeEl && localeEl->arg)
918 : {
919 108 : dbcollate = defGetString(localeEl);
920 108 : dbctype = defGetString(localeEl);
921 108 : dblocale = defGetString(localeEl);
922 : }
923 812 : if (builtinlocaleEl && builtinlocaleEl->arg)
924 16 : dblocale = defGetString(builtinlocaleEl);
925 812 : if (collateEl && collateEl->arg)
926 16 : dbcollate = defGetString(collateEl);
927 812 : if (ctypeEl && ctypeEl->arg)
928 16 : dbctype = defGetString(ctypeEl);
929 812 : if (iculocaleEl && iculocaleEl->arg)
930 10 : dblocale = defGetString(iculocaleEl);
931 812 : if (icurulesEl && icurulesEl->arg)
932 2 : dbicurules = defGetString(icurulesEl);
933 812 : if (locproviderEl && locproviderEl->arg)
934 : {
935 118 : char *locproviderstr = defGetString(locproviderEl);
936 :
937 118 : if (pg_strcasecmp(locproviderstr, "builtin") == 0)
938 34 : dblocprovider = COLLPROVIDER_BUILTIN;
939 84 : else if (pg_strcasecmp(locproviderstr, "icu") == 0)
940 14 : dblocprovider = COLLPROVIDER_ICU;
941 70 : else if (pg_strcasecmp(locproviderstr, "libc") == 0)
942 68 : dblocprovider = COLLPROVIDER_LIBC;
943 : else
944 2 : ereport(ERROR,
945 : (errcode(ERRCODE_INVALID_OBJECT_DEFINITION),
946 : errmsg("unrecognized locale provider: %s",
947 : locproviderstr)));
948 : }
949 810 : if (istemplateEl && istemplateEl->arg)
950 102 : dbistemplate = defGetBoolean(istemplateEl);
951 810 : if (allowconnectionsEl && allowconnectionsEl->arg)
952 100 : dballowconnections = defGetBoolean(allowconnectionsEl);
953 810 : if (connlimitEl && connlimitEl->arg)
954 : {
955 0 : dbconnlimit = defGetInt32(connlimitEl);
956 0 : if (dbconnlimit < DATCONNLIMIT_UNLIMITED)
957 0 : ereport(ERROR,
958 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
959 : errmsg("invalid connection limit: %d", dbconnlimit)));
960 : }
961 810 : if (collversionEl)
962 60 : dbcollversion = defGetString(collversionEl);
963 :
964 : /* obtain OID of proposed owner */
965 810 : if (dbowner)
966 2 : datdba = get_role_oid(dbowner, false);
967 : else
968 808 : datdba = GetUserId();
969 :
970 : /*
971 : * To create a database, must have createdb privilege and must be able to
972 : * become the target role (this does not imply that the target role itself
973 : * must have createdb privilege). The latter provision guards against
974 : * "giveaway" attacks. Note that a superuser will always have both of
975 : * these privileges a fortiori.
976 : */
977 810 : if (!have_createdb_privilege())
978 6 : ereport(ERROR,
979 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
980 : errmsg("permission denied to create database")));
981 :
982 804 : check_can_set_role(GetUserId(), datdba);
983 :
984 : /*
985 : * Lookup database (template) to be cloned, and obtain share lock on it.
986 : * ShareLock allows two CREATE DATABASEs to work from the same template
987 : * concurrently, while ensuring no one is busy dropping it in parallel
988 : * (which would be Very Bad since we'd likely get an incomplete copy
989 : * without knowing it). This also prevents any new connections from being
990 : * made to the source until we finish copying it, so we can be sure it
991 : * won't change underneath us.
992 : */
993 804 : if (!dbtemplate)
994 442 : dbtemplate = "template1"; /* Default template database name */
995 :
996 804 : if (!get_db_info(dbtemplate, ShareLock,
997 : &src_dboid, &src_owner, &src_encoding,
998 : &src_istemplate, &src_allowconn, &src_hasloginevt,
999 : &src_frozenxid, &src_minmxid, &src_deftablespace,
1000 : &src_collate, &src_ctype, &src_locale, &src_icurules, &src_locprovider,
1001 : &src_collversion))
1002 0 : ereport(ERROR,
1003 : (errcode(ERRCODE_UNDEFINED_DATABASE),
1004 : errmsg("template database \"%s\" does not exist",
1005 : dbtemplate)));
1006 :
1007 : /*
1008 : * If the source database was in the process of being dropped, we can't
1009 : * use it as a template.
1010 : */
1011 804 : if (database_is_invalid_oid(src_dboid))
1012 2 : ereport(ERROR,
1013 : errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
1014 : errmsg("cannot use invalid database \"%s\" as template", dbtemplate),
1015 : errhint("Use DROP DATABASE to drop invalid databases."));
1016 :
1017 : /*
1018 : * Permission check: to copy a DB that's not marked datistemplate, you
1019 : * must be superuser or the owner thereof.
1020 : */
1021 802 : if (!src_istemplate)
1022 : {
1023 24 : if (!object_ownercheck(DatabaseRelationId, src_dboid, GetUserId()))
1024 0 : ereport(ERROR,
1025 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1026 : errmsg("permission denied to copy database \"%s\"",
1027 : dbtemplate)));
1028 : }
1029 :
1030 : /* Validate the database creation strategy. */
1031 802 : if (strategyEl && strategyEl->arg)
1032 : {
1033 : char *strategy;
1034 :
1035 300 : strategy = defGetString(strategyEl);
1036 300 : if (pg_strcasecmp(strategy, "wal_log") == 0)
1037 22 : dbstrategy = CREATEDB_WAL_LOG;
1038 278 : else if (pg_strcasecmp(strategy, "file_copy") == 0)
1039 276 : dbstrategy = CREATEDB_FILE_COPY;
1040 : else
1041 2 : ereport(ERROR,
1042 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1043 : errmsg("invalid create database strategy \"%s\"", strategy),
1044 : errhint("Valid strategies are \"wal_log\" and \"file_copy\".")));
1045 : }
1046 :
1047 : /* If encoding or locales are defaulted, use source's setting */
1048 800 : if (encoding < 0)
1049 694 : encoding = src_encoding;
1050 800 : if (dbcollate == NULL)
1051 680 : dbcollate = src_collate;
1052 800 : if (dbctype == NULL)
1053 680 : dbctype = src_ctype;
1054 800 : if (dblocprovider == '\0')
1055 684 : dblocprovider = src_locprovider;
1056 800 : if (dblocale == NULL && dblocprovider == src_locprovider)
1057 676 : dblocale = src_locale;
1058 800 : if (dbicurules == NULL)
1059 798 : dbicurules = src_icurules;
1060 :
1061 : /* Some encodings are client only */
1062 800 : if (!PG_VALID_BE_ENCODING(encoding))
1063 0 : ereport(ERROR,
1064 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1065 : errmsg("invalid server encoding %d", encoding)));
1066 :
1067 : /* Check that the chosen locales are valid, and get canonical spellings */
1068 800 : if (!check_locale(LC_COLLATE, dbcollate, &canonname))
1069 : {
1070 2 : if (dblocprovider == COLLPROVIDER_BUILTIN)
1071 0 : ereport(ERROR,
1072 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1073 : errmsg("invalid LC_COLLATE locale name: \"%s\"", dbcollate),
1074 : errhint("If the locale name is specific to the builtin provider, use BUILTIN_LOCALE.")));
1075 2 : else if (dblocprovider == COLLPROVIDER_ICU)
1076 0 : ereport(ERROR,
1077 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1078 : errmsg("invalid LC_COLLATE locale name: \"%s\"", dbcollate),
1079 : errhint("If the locale name is specific to the ICU provider, use ICU_LOCALE.")));
1080 : else
1081 2 : ereport(ERROR,
1082 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1083 : errmsg("invalid LC_COLLATE locale name: \"%s\"", dbcollate)));
1084 : }
1085 798 : dbcollate = canonname;
1086 798 : if (!check_locale(LC_CTYPE, dbctype, &canonname))
1087 : {
1088 2 : if (dblocprovider == COLLPROVIDER_BUILTIN)
1089 0 : ereport(ERROR,
1090 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1091 : errmsg("invalid LC_CTYPE locale name: \"%s\"", dbctype),
1092 : errhint("If the locale name is specific to the builtin provider, use BUILTIN_LOCALE.")));
1093 2 : else if (dblocprovider == COLLPROVIDER_ICU)
1094 0 : ereport(ERROR,
1095 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1096 : errmsg("invalid LC_CTYPE locale name: \"%s\"", dbctype),
1097 : errhint("If the locale name is specific to the ICU provider, use ICU_LOCALE.")));
1098 : else
1099 2 : ereport(ERROR,
1100 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1101 : errmsg("invalid LC_CTYPE locale name: \"%s\"", dbctype)));
1102 : }
1103 :
1104 796 : dbctype = canonname;
1105 :
1106 796 : check_encoding_locale_matches(encoding, dbcollate, dbctype);
1107 :
1108 : /* validate provider-specific parameters */
1109 796 : if (dblocprovider != COLLPROVIDER_BUILTIN)
1110 : {
1111 734 : if (builtinlocaleEl)
1112 0 : ereport(ERROR,
1113 : (errcode(ERRCODE_INVALID_OBJECT_DEFINITION),
1114 : errmsg("BUILTIN_LOCALE cannot be specified unless locale provider is builtin")));
1115 : }
1116 :
1117 796 : if (dblocprovider != COLLPROVIDER_ICU)
1118 : {
1119 768 : if (iculocaleEl)
1120 2 : ereport(ERROR,
1121 : (errcode(ERRCODE_INVALID_OBJECT_DEFINITION),
1122 : errmsg("ICU locale cannot be specified unless locale provider is ICU")));
1123 :
1124 766 : if (dbicurules)
1125 2 : ereport(ERROR,
1126 : (errcode(ERRCODE_INVALID_OBJECT_DEFINITION),
1127 : errmsg("ICU rules cannot be specified unless locale provider is ICU")));
1128 : }
1129 :
1130 : /* validate and canonicalize locale for the provider */
1131 792 : if (dblocprovider == COLLPROVIDER_BUILTIN)
1132 : {
1133 : /*
1134 : * This would happen if template0 uses the libc provider but the new
1135 : * database uses builtin.
1136 : */
1137 58 : if (!dblocale)
1138 2 : ereport(ERROR,
1139 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1140 : errmsg("LOCALE or BUILTIN_LOCALE must be specified")));
1141 :
1142 56 : dblocale = builtin_validate_locale(encoding, dblocale);
1143 : }
1144 734 : else if (dblocprovider == COLLPROVIDER_ICU)
1145 : {
1146 28 : if (!(is_encoding_supported_by_icu(encoding)))
1147 2 : ereport(ERROR,
1148 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1149 : errmsg("encoding \"%s\" is not supported with ICU provider",
1150 : pg_encoding_to_char(encoding))));
1151 :
1152 : /*
1153 : * This would happen if template0 uses the libc provider but the new
1154 : * database uses icu.
1155 : */
1156 26 : if (!dblocale)
1157 2 : ereport(ERROR,
1158 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1159 : errmsg("LOCALE or ICU_LOCALE must be specified")));
1160 :
1161 : /*
1162 : * During binary upgrade, or when the locale came from the template
1163 : * database, preserve locale string. Otherwise, canonicalize to a
1164 : * language tag.
1165 : */
1166 24 : if (!IsBinaryUpgrade && dblocale != src_locale)
1167 : {
1168 12 : char *langtag = icu_language_tag(dblocale,
1169 : icu_validation_level);
1170 :
1171 12 : if (langtag && strcmp(dblocale, langtag) != 0)
1172 : {
1173 4 : ereport(NOTICE,
1174 : (errmsg("using standard form \"%s\" for ICU locale \"%s\"",
1175 : langtag, dblocale)));
1176 :
1177 4 : dblocale = langtag;
1178 : }
1179 : }
1180 :
1181 24 : icu_validate_locale(dblocale);
1182 : }
1183 :
1184 : /* for libc, locale comes from datcollate and datctype */
1185 782 : if (dblocprovider == COLLPROVIDER_LIBC)
1186 706 : dblocale = NULL;
1187 :
1188 : /*
1189 : * Check that the new encoding and locale settings match the source
1190 : * database. We insist on this because we simply copy the source data ---
1191 : * any non-ASCII data would be wrongly encoded, and any indexes sorted
1192 : * according to the source locale would be wrong.
1193 : *
1194 : * However, we assume that template0 doesn't contain any non-ASCII data
1195 : * nor any indexes that depend on collation or ctype, so template0 can be
1196 : * used as template for creating a database with any encoding or locale.
1197 : */
1198 782 : if (strcmp(dbtemplate, "template0") != 0)
1199 : {
1200 468 : if (encoding != src_encoding)
1201 0 : ereport(ERROR,
1202 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1203 : errmsg("new encoding (%s) is incompatible with the encoding of the template database (%s)",
1204 : pg_encoding_to_char(encoding),
1205 : pg_encoding_to_char(src_encoding)),
1206 : errhint("Use the same encoding as in the template database, or use template0 as template.")));
1207 :
1208 468 : if (strcmp(dbcollate, src_collate) != 0)
1209 2 : ereport(ERROR,
1210 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1211 : errmsg("new collation (%s) is incompatible with the collation of the template database (%s)",
1212 : dbcollate, src_collate),
1213 : errhint("Use the same collation as in the template database, or use template0 as template.")));
1214 :
1215 466 : if (strcmp(dbctype, src_ctype) != 0)
1216 0 : ereport(ERROR,
1217 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1218 : errmsg("new LC_CTYPE (%s) is incompatible with the LC_CTYPE of the template database (%s)",
1219 : dbctype, src_ctype),
1220 : errhint("Use the same LC_CTYPE as in the template database, or use template0 as template.")));
1221 :
1222 466 : if (dblocprovider != src_locprovider)
1223 0 : ereport(ERROR,
1224 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1225 : errmsg("new locale provider (%s) does not match locale provider of the template database (%s)",
1226 : collprovider_name(dblocprovider), collprovider_name(src_locprovider)),
1227 : errhint("Use the same locale provider as in the template database, or use template0 as template.")));
1228 :
1229 466 : if (dblocprovider == COLLPROVIDER_ICU)
1230 : {
1231 : char *val1;
1232 : char *val2;
1233 :
1234 : Assert(dblocale);
1235 : Assert(src_locale);
1236 12 : if (strcmp(dblocale, src_locale) != 0)
1237 0 : ereport(ERROR,
1238 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1239 : errmsg("new ICU locale (%s) is incompatible with the ICU locale of the template database (%s)",
1240 : dblocale, src_locale),
1241 : errhint("Use the same ICU locale as in the template database, or use template0 as template.")));
1242 :
1243 12 : val1 = dbicurules;
1244 12 : if (!val1)
1245 12 : val1 = "";
1246 12 : val2 = src_icurules;
1247 12 : if (!val2)
1248 12 : val2 = "";
1249 12 : if (strcmp(val1, val2) != 0)
1250 0 : ereport(ERROR,
1251 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1252 : errmsg("new ICU collation rules (%s) are incompatible with the ICU collation rules of the template database (%s)",
1253 : val1, val2),
1254 : errhint("Use the same ICU collation rules as in the template database, or use template0 as template.")));
1255 : }
1256 : }
1257 :
1258 : /*
1259 : * If we got a collation version for the template database, check that it
1260 : * matches the actual OS collation version. Otherwise error; the user
1261 : * needs to fix the template database first. Don't complain if a
1262 : * collation version was specified explicitly as a statement option; that
1263 : * is used by pg_upgrade to reproduce the old state exactly.
1264 : *
1265 : * (If the template database has no collation version, then either the
1266 : * platform/provider does not support collation versioning, or it's
1267 : * template0, for which we stipulate that it does not contain
1268 : * collation-using objects.)
1269 : */
1270 780 : if (src_collversion && !collversionEl)
1271 : {
1272 : char *actual_versionstr;
1273 : const char *locale;
1274 :
1275 306 : if (dblocprovider == COLLPROVIDER_LIBC)
1276 284 : locale = dbcollate;
1277 : else
1278 22 : locale = dblocale;
1279 :
1280 306 : actual_versionstr = get_collation_actual_version(dblocprovider, locale);
1281 306 : if (!actual_versionstr)
1282 0 : ereport(ERROR,
1283 : (errmsg("template database \"%s\" has a collation version, but no actual collation version could be determined",
1284 : dbtemplate)));
1285 :
1286 306 : if (strcmp(actual_versionstr, src_collversion) != 0)
1287 0 : ereport(ERROR,
1288 : (errmsg("template database \"%s\" has a collation version mismatch",
1289 : dbtemplate),
1290 : errdetail("The template database was created using collation version %s, "
1291 : "but the operating system provides version %s.",
1292 : src_collversion, actual_versionstr),
1293 : errhint("Rebuild all objects in the template database that use the default collation and run "
1294 : "ALTER DATABASE %s REFRESH COLLATION VERSION, "
1295 : "or build PostgreSQL with the right library version.",
1296 : quote_identifier(dbtemplate))));
1297 : }
1298 :
1299 780 : if (dbcollversion == NULL)
1300 720 : dbcollversion = src_collversion;
1301 :
1302 : /*
1303 : * Normally, we copy the collation version from the template database.
1304 : * This last resort only applies if the template database does not have a
1305 : * collation version, which is normally only the case for template0.
1306 : */
1307 780 : if (dbcollversion == NULL)
1308 : {
1309 : const char *locale;
1310 :
1311 414 : if (dblocprovider == COLLPROVIDER_LIBC)
1312 374 : locale = dbcollate;
1313 : else
1314 40 : locale = dblocale;
1315 :
1316 414 : dbcollversion = get_collation_actual_version(dblocprovider, locale);
1317 : }
1318 :
1319 : /* Resolve default tablespace for new database */
1320 780 : if (tablespacenameEl && tablespacenameEl->arg)
1321 34 : {
1322 : char *tablespacename;
1323 : AclResult aclresult;
1324 :
1325 34 : tablespacename = defGetString(tablespacenameEl);
1326 34 : dst_deftablespace = get_tablespace_oid(tablespacename, false);
1327 : /* check permissions */
1328 34 : aclresult = object_aclcheck(TableSpaceRelationId, dst_deftablespace, GetUserId(),
1329 : ACL_CREATE);
1330 34 : if (aclresult != ACLCHECK_OK)
1331 0 : aclcheck_error(aclresult, OBJECT_TABLESPACE,
1332 : tablespacename);
1333 :
1334 : /* pg_global must never be the default tablespace */
1335 34 : if (dst_deftablespace == GLOBALTABLESPACE_OID)
1336 0 : ereport(ERROR,
1337 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1338 : errmsg("pg_global cannot be used as default tablespace")));
1339 :
1340 : /*
1341 : * If we are trying to change the default tablespace of the template,
1342 : * we require that the template not have any files in the new default
1343 : * tablespace. This is necessary because otherwise the copied
1344 : * database would contain pg_class rows that refer to its default
1345 : * tablespace both explicitly (by OID) and implicitly (as zero), which
1346 : * would cause problems. For example another CREATE DATABASE using
1347 : * the copied database as template, and trying to change its default
1348 : * tablespace again, would yield outright incorrect results (it would
1349 : * improperly move tables to the new default tablespace that should
1350 : * stay in the same tablespace).
1351 : */
1352 34 : if (dst_deftablespace != src_deftablespace)
1353 : {
1354 : char *srcpath;
1355 : struct stat st;
1356 :
1357 34 : srcpath = GetDatabasePath(src_dboid, dst_deftablespace);
1358 :
1359 34 : if (stat(srcpath, &st) == 0 &&
1360 0 : S_ISDIR(st.st_mode) &&
1361 0 : !directory_is_empty(srcpath))
1362 0 : ereport(ERROR,
1363 : (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1364 : errmsg("cannot assign new default tablespace \"%s\"",
1365 : tablespacename),
1366 : errdetail("There is a conflict because database \"%s\" already has some tables in this tablespace.",
1367 : dbtemplate)));
1368 34 : pfree(srcpath);
1369 : }
1370 : }
1371 : else
1372 : {
1373 : /* Use template database's default tablespace */
1374 746 : dst_deftablespace = src_deftablespace;
1375 : /* Note there is no additional permission check in this path */
1376 : }
1377 :
1378 : /*
1379 : * If built with appropriate switch, whine when regression-testing
1380 : * conventions for database names are violated. But don't complain during
1381 : * initdb.
1382 : */
1383 : #ifdef ENFORCE_REGRESSION_TEST_NAME_RESTRICTIONS
1384 : if (IsUnderPostmaster && strstr(dbname, "regression") == NULL)
1385 : elog(WARNING, "databases created by regression test cases should have names including \"regression\"");
1386 : #endif
1387 :
1388 : /*
1389 : * Check for db name conflict. This is just to give a more friendly error
1390 : * message than "unique index violation". There's a race condition but
1391 : * we're willing to accept the less friendly message in that case.
1392 : */
1393 780 : if (OidIsValid(get_database_oid(dbname, true)))
1394 2 : ereport(ERROR,
1395 : (errcode(ERRCODE_DUPLICATE_DATABASE),
1396 : errmsg("database \"%s\" already exists", dbname)));
1397 :
1398 : /*
1399 : * The source DB can't have any active backends, except this one
1400 : * (exception is to allow CREATE DB while connected to template1).
1401 : * Otherwise we might copy inconsistent data.
1402 : *
1403 : * This should be last among the basic error checks, because it involves
1404 : * potential waiting; we may as well throw an error first if we're gonna
1405 : * throw one.
1406 : */
1407 778 : if (CountOtherDBBackends(src_dboid, ¬herbackends, &npreparedxacts))
1408 0 : ereport(ERROR,
1409 : (errcode(ERRCODE_OBJECT_IN_USE),
1410 : errmsg("source database \"%s\" is being accessed by other users",
1411 : dbtemplate),
1412 : errdetail_busy_db(notherbackends, npreparedxacts)));
1413 :
1414 : /*
1415 : * Select an OID for the new database, checking that it doesn't have a
1416 : * filename conflict with anything already existing in the tablespace
1417 : * directories.
1418 : */
1419 778 : pg_database_rel = table_open(DatabaseRelationId, RowExclusiveLock);
1420 :
1421 : /*
1422 : * If database OID is configured, check if the OID is already in use or
1423 : * data directory already exists.
1424 : */
1425 778 : if (OidIsValid(dboid))
1426 : {
1427 266 : char *existing_dbname = get_database_name(dboid);
1428 :
1429 266 : if (existing_dbname != NULL)
1430 0 : ereport(ERROR,
1431 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE)),
1432 : errmsg("database OID %u is already in use by database \"%s\"",
1433 : dboid, existing_dbname));
1434 :
1435 266 : if (check_db_file_conflict(dboid))
1436 0 : ereport(ERROR,
1437 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE)),
1438 : errmsg("data directory with the specified OID %u already exists", dboid));
1439 : }
1440 : else
1441 : {
1442 : /* Select an OID for the new database if is not explicitly configured. */
1443 : do
1444 : {
1445 512 : dboid = GetNewOidWithIndex(pg_database_rel, DatabaseOidIndexId,
1446 : Anum_pg_database_oid);
1447 512 : } while (check_db_file_conflict(dboid));
1448 : }
1449 :
1450 : /*
1451 : * Insert a new tuple into pg_database. This establishes our ownership of
1452 : * the new database name (anyone else trying to insert the same name will
1453 : * block on the unique index, and fail after we commit).
1454 : */
1455 :
1456 : Assert((dblocprovider != COLLPROVIDER_LIBC && dblocale) ||
1457 : (dblocprovider == COLLPROVIDER_LIBC && !dblocale));
1458 :
1459 : /* Form tuple */
1460 778 : new_record[Anum_pg_database_oid - 1] = ObjectIdGetDatum(dboid);
1461 778 : new_record[Anum_pg_database_datname - 1] =
1462 778 : DirectFunctionCall1(namein, CStringGetDatum(dbname));
1463 778 : new_record[Anum_pg_database_datdba - 1] = ObjectIdGetDatum(datdba);
1464 778 : new_record[Anum_pg_database_encoding - 1] = Int32GetDatum(encoding);
1465 778 : new_record[Anum_pg_database_datlocprovider - 1] = CharGetDatum(dblocprovider);
1466 778 : new_record[Anum_pg_database_datistemplate - 1] = BoolGetDatum(dbistemplate);
1467 778 : new_record[Anum_pg_database_datallowconn - 1] = BoolGetDatum(dballowconnections);
1468 778 : new_record[Anum_pg_database_dathasloginevt - 1] = BoolGetDatum(src_hasloginevt);
1469 778 : new_record[Anum_pg_database_datconnlimit - 1] = Int32GetDatum(dbconnlimit);
1470 778 : new_record[Anum_pg_database_datfrozenxid - 1] = TransactionIdGetDatum(src_frozenxid);
1471 778 : new_record[Anum_pg_database_datminmxid - 1] = TransactionIdGetDatum(src_minmxid);
1472 778 : new_record[Anum_pg_database_dattablespace - 1] = ObjectIdGetDatum(dst_deftablespace);
1473 778 : new_record[Anum_pg_database_datcollate - 1] = CStringGetTextDatum(dbcollate);
1474 778 : new_record[Anum_pg_database_datctype - 1] = CStringGetTextDatum(dbctype);
1475 778 : if (dblocale)
1476 74 : new_record[Anum_pg_database_datlocale - 1] = CStringGetTextDatum(dblocale);
1477 : else
1478 704 : new_record_nulls[Anum_pg_database_datlocale - 1] = true;
1479 778 : if (dbicurules)
1480 0 : new_record[Anum_pg_database_daticurules - 1] = CStringGetTextDatum(dbicurules);
1481 : else
1482 778 : new_record_nulls[Anum_pg_database_daticurules - 1] = true;
1483 778 : if (dbcollversion)
1484 662 : new_record[Anum_pg_database_datcollversion - 1] = CStringGetTextDatum(dbcollversion);
1485 : else
1486 116 : new_record_nulls[Anum_pg_database_datcollversion - 1] = true;
1487 :
1488 : /*
1489 : * We deliberately set datacl to default (NULL), rather than copying it
1490 : * from the template database. Copying it would be a bad idea when the
1491 : * owner is not the same as the template's owner.
1492 : */
1493 778 : new_record_nulls[Anum_pg_database_datacl - 1] = true;
1494 :
1495 778 : tuple = heap_form_tuple(RelationGetDescr(pg_database_rel),
1496 : new_record, new_record_nulls);
1497 :
1498 778 : CatalogTupleInsert(pg_database_rel, tuple);
1499 :
1500 : /*
1501 : * Now generate additional catalog entries associated with the new DB
1502 : */
1503 :
1504 : /* Register owner dependency */
1505 778 : recordDependencyOnOwner(DatabaseRelationId, dboid, datdba);
1506 :
1507 : /* Create pg_shdepend entries for objects within database */
1508 778 : copyTemplateDependencies(src_dboid, dboid);
1509 :
1510 : /* Post creation hook for new database */
1511 778 : InvokeObjectPostCreateHook(DatabaseRelationId, dboid, 0);
1512 :
1513 : /*
1514 : * If we're going to be reading data for the to-be-created database into
1515 : * shared_buffers, take a lock on it. Nobody should know that this
1516 : * database exists yet, but it's good to maintain the invariant that an
1517 : * AccessExclusiveLock on the database is sufficient to drop all of its
1518 : * buffers without worrying about more being read later.
1519 : *
1520 : * Note that we need to do this before entering the
1521 : * PG_ENSURE_ERROR_CLEANUP block below, because createdb_failure_callback
1522 : * expects this lock to be held already.
1523 : */
1524 778 : if (dbstrategy == CREATEDB_WAL_LOG)
1525 502 : LockSharedObject(DatabaseRelationId, dboid, 0, AccessShareLock);
1526 :
1527 : /*
1528 : * Once we start copying subdirectories, we need to be able to clean 'em
1529 : * up if we fail. Use an ENSURE block to make sure this happens. (This
1530 : * is not a 100% solution, because of the possibility of failure during
1531 : * transaction commit after we leave this routine, but it should handle
1532 : * most scenarios.)
1533 : */
1534 778 : fparms.src_dboid = src_dboid;
1535 778 : fparms.dest_dboid = dboid;
1536 778 : fparms.strategy = dbstrategy;
1537 :
1538 778 : PG_ENSURE_ERROR_CLEANUP(createdb_failure_callback,
1539 : PointerGetDatum(&fparms));
1540 : {
1541 : /*
1542 : * If the user has asked to create a database with WAL_LOG strategy
1543 : * then call CreateDatabaseUsingWalLog, which will copy the database
1544 : * at the block level and it will WAL log each copied block.
1545 : * Otherwise, call CreateDatabaseUsingFileCopy that will copy the
1546 : * database file by file.
1547 : */
1548 778 : if (dbstrategy == CREATEDB_WAL_LOG)
1549 502 : CreateDatabaseUsingWalLog(src_dboid, dboid, src_deftablespace,
1550 : dst_deftablespace);
1551 : else
1552 276 : CreateDatabaseUsingFileCopy(src_dboid, dboid, src_deftablespace,
1553 : dst_deftablespace);
1554 :
1555 : /*
1556 : * Close pg_database, but keep lock till commit.
1557 : */
1558 774 : table_close(pg_database_rel, NoLock);
1559 :
1560 : /*
1561 : * Force synchronous commit, thus minimizing the window between
1562 : * creation of the database files and committal of the transaction. If
1563 : * we crash before committing, we'll have a DB that's taking up disk
1564 : * space but is not in pg_database, which is not good.
1565 : */
1566 774 : ForceSyncCommit();
1567 : }
1568 778 : PG_END_ENSURE_ERROR_CLEANUP(createdb_failure_callback,
1569 : PointerGetDatum(&fparms));
1570 :
1571 774 : return dboid;
1572 : }
1573 :
1574 : /*
1575 : * Check whether chosen encoding matches chosen locale settings. This
1576 : * restriction is necessary because libc's locale-specific code usually
1577 : * fails when presented with data in an encoding it's not expecting. We
1578 : * allow mismatch in four cases:
1579 : *
1580 : * 1. locale encoding = SQL_ASCII, which means that the locale is C/POSIX
1581 : * which works with any encoding.
1582 : *
1583 : * 2. locale encoding = -1, which means that we couldn't determine the
1584 : * locale's encoding and have to trust the user to get it right.
1585 : *
1586 : * 3. selected encoding is UTF8 and platform is win32. This is because
1587 : * UTF8 is a pseudo codepage that is supported in all locales since it's
1588 : * converted to UTF16 before being used.
1589 : *
1590 : * 4. selected encoding is SQL_ASCII, but only if you're a superuser. This
1591 : * is risky but we have historically allowed it --- notably, the
1592 : * regression tests require it.
1593 : *
1594 : * Note: if you change this policy, fix initdb to match.
1595 : */
1596 : void
1597 824 : check_encoding_locale_matches(int encoding, const char *collate, const char *ctype)
1598 : {
1599 824 : int ctype_encoding = pg_get_encoding_from_locale(ctype, true);
1600 824 : int collate_encoding = pg_get_encoding_from_locale(collate, true);
1601 :
1602 832 : if (!(ctype_encoding == encoding ||
1603 8 : ctype_encoding == PG_SQL_ASCII ||
1604 : ctype_encoding == -1 ||
1605 : #ifdef WIN32
1606 : encoding == PG_UTF8 ||
1607 : #endif
1608 8 : (encoding == PG_SQL_ASCII && superuser())))
1609 0 : ereport(ERROR,
1610 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1611 : errmsg("encoding \"%s\" does not match locale \"%s\"",
1612 : pg_encoding_to_char(encoding),
1613 : ctype),
1614 : errdetail("The chosen LC_CTYPE setting requires encoding \"%s\".",
1615 : pg_encoding_to_char(ctype_encoding))));
1616 :
1617 832 : if (!(collate_encoding == encoding ||
1618 8 : collate_encoding == PG_SQL_ASCII ||
1619 : collate_encoding == -1 ||
1620 : #ifdef WIN32
1621 : encoding == PG_UTF8 ||
1622 : #endif
1623 8 : (encoding == PG_SQL_ASCII && superuser())))
1624 0 : ereport(ERROR,
1625 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1626 : errmsg("encoding \"%s\" does not match locale \"%s\"",
1627 : pg_encoding_to_char(encoding),
1628 : collate),
1629 : errdetail("The chosen LC_COLLATE setting requires encoding \"%s\".",
1630 : pg_encoding_to_char(collate_encoding))));
1631 824 : }
1632 :
1633 : /* Error cleanup callback for createdb */
1634 : static void
1635 4 : createdb_failure_callback(int code, Datum arg)
1636 : {
1637 4 : createdb_failure_params *fparms = (createdb_failure_params *) DatumGetPointer(arg);
1638 :
1639 : /*
1640 : * If we were copying database at block levels then drop pages for the
1641 : * destination database that are in the shared buffer cache. And tell
1642 : * checkpointer to forget any pending fsync and unlink requests for files
1643 : * in the database. The reasoning behind doing this is same as explained
1644 : * in dropdb function. But unlike dropdb we don't need to call
1645 : * pgstat_drop_database because this database is still not created so
1646 : * there should not be any stat for this.
1647 : */
1648 4 : if (fparms->strategy == CREATEDB_WAL_LOG)
1649 : {
1650 4 : DropDatabaseBuffers(fparms->dest_dboid);
1651 4 : ForgetDatabaseSyncRequests(fparms->dest_dboid);
1652 :
1653 : /* Release lock on the target database. */
1654 4 : UnlockSharedObject(DatabaseRelationId, fparms->dest_dboid, 0,
1655 : AccessShareLock);
1656 : }
1657 :
1658 : /*
1659 : * Release lock on source database before doing recursive remove. This is
1660 : * not essential but it seems desirable to release the lock as soon as
1661 : * possible.
1662 : */
1663 4 : UnlockSharedObject(DatabaseRelationId, fparms->src_dboid, 0, ShareLock);
1664 :
1665 : /* Throw away any successfully copied subdirectories */
1666 4 : remove_dbtablespaces(fparms->dest_dboid);
1667 4 : }
1668 :
1669 :
1670 : /*
1671 : * DROP DATABASE
1672 : */
1673 : void
1674 128 : dropdb(const char *dbname, bool missing_ok, bool force)
1675 : {
1676 : Oid db_id;
1677 : bool db_istemplate;
1678 : Relation pgdbrel;
1679 : HeapTuple tup;
1680 : ScanKeyData scankey;
1681 : void *inplace_state;
1682 : Form_pg_database datform;
1683 : int notherbackends;
1684 : int npreparedxacts;
1685 : int nslots,
1686 : nslots_active;
1687 : int nsubscriptions;
1688 :
1689 : /*
1690 : * Look up the target database's OID, and get exclusive lock on it. We
1691 : * need this to ensure that no new backend starts up in the target
1692 : * database while we are deleting it (see postinit.c), and that no one is
1693 : * using it as a CREATE DATABASE template or trying to delete it for
1694 : * themselves.
1695 : */
1696 128 : pgdbrel = table_open(DatabaseRelationId, RowExclusiveLock);
1697 :
1698 128 : if (!get_db_info(dbname, AccessExclusiveLock, &db_id, NULL, NULL,
1699 : &db_istemplate, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL))
1700 : {
1701 32 : if (!missing_ok)
1702 : {
1703 16 : ereport(ERROR,
1704 : (errcode(ERRCODE_UNDEFINED_DATABASE),
1705 : errmsg("database \"%s\" does not exist", dbname)));
1706 : }
1707 : else
1708 : {
1709 : /* Close pg_database, release the lock, since we changed nothing */
1710 16 : table_close(pgdbrel, RowExclusiveLock);
1711 16 : ereport(NOTICE,
1712 : (errmsg("database \"%s\" does not exist, skipping",
1713 : dbname)));
1714 16 : return;
1715 : }
1716 : }
1717 :
1718 : /*
1719 : * Permission checks
1720 : */
1721 96 : if (!object_ownercheck(DatabaseRelationId, db_id, GetUserId()))
1722 0 : aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
1723 : dbname);
1724 :
1725 : /* DROP hook for the database being removed */
1726 96 : InvokeObjectDropHook(DatabaseRelationId, db_id, 0);
1727 :
1728 : /*
1729 : * Disallow dropping a DB that is marked istemplate. This is just to
1730 : * prevent people from accidentally dropping template0 or template1; they
1731 : * can do so if they're really determined ...
1732 : */
1733 96 : if (db_istemplate)
1734 0 : ereport(ERROR,
1735 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1736 : errmsg("cannot drop a template database")));
1737 :
1738 : /* Obviously can't drop my own database */
1739 96 : if (db_id == MyDatabaseId)
1740 0 : ereport(ERROR,
1741 : (errcode(ERRCODE_OBJECT_IN_USE),
1742 : errmsg("cannot drop the currently open database")));
1743 :
1744 : /*
1745 : * Check whether there are active logical slots that refer to the
1746 : * to-be-dropped database. The database lock we are holding prevents the
1747 : * creation of new slots using the database or existing slots becoming
1748 : * active.
1749 : */
1750 96 : (void) ReplicationSlotsCountDBSlots(db_id, &nslots, &nslots_active);
1751 96 : if (nslots_active)
1752 : {
1753 2 : ereport(ERROR,
1754 : (errcode(ERRCODE_OBJECT_IN_USE),
1755 : errmsg("database \"%s\" is used by an active logical replication slot",
1756 : dbname),
1757 : errdetail_plural("There is %d active slot.",
1758 : "There are %d active slots.",
1759 : nslots_active, nslots_active)));
1760 : }
1761 :
1762 : /*
1763 : * Check if there are subscriptions defined in the target database.
1764 : *
1765 : * We can't drop them automatically because they might be holding
1766 : * resources in other databases/instances.
1767 : */
1768 94 : if ((nsubscriptions = CountDBSubscriptions(db_id)) > 0)
1769 0 : ereport(ERROR,
1770 : (errcode(ERRCODE_OBJECT_IN_USE),
1771 : errmsg("database \"%s\" is being used by logical replication subscription",
1772 : dbname),
1773 : errdetail_plural("There is %d subscription.",
1774 : "There are %d subscriptions.",
1775 : nsubscriptions, nsubscriptions)));
1776 :
1777 :
1778 : /*
1779 : * Attempt to terminate all existing connections to the target database if
1780 : * the user has requested to do so.
1781 : */
1782 94 : if (force)
1783 2 : TerminateOtherDBBackends(db_id);
1784 :
1785 : /*
1786 : * Check for other backends in the target database. (Because we hold the
1787 : * database lock, no new ones can start after this.)
1788 : *
1789 : * As in CREATE DATABASE, check this after other error conditions.
1790 : */
1791 94 : if (CountOtherDBBackends(db_id, ¬herbackends, &npreparedxacts))
1792 0 : ereport(ERROR,
1793 : (errcode(ERRCODE_OBJECT_IN_USE),
1794 : errmsg("database \"%s\" is being accessed by other users",
1795 : dbname),
1796 : errdetail_busy_db(notherbackends, npreparedxacts)));
1797 :
1798 : /*
1799 : * Delete any comments or security labels associated with the database.
1800 : */
1801 94 : DeleteSharedComments(db_id, DatabaseRelationId);
1802 94 : DeleteSharedSecurityLabel(db_id, DatabaseRelationId);
1803 :
1804 : /*
1805 : * Remove settings associated with this database
1806 : */
1807 94 : DropSetting(db_id, InvalidOid);
1808 :
1809 : /*
1810 : * Remove shared dependency references for the database.
1811 : */
1812 94 : dropDatabaseDependencies(db_id);
1813 :
1814 : /*
1815 : * Tell the cumulative stats system to forget it immediately, too.
1816 : */
1817 94 : pgstat_drop_database(db_id);
1818 :
1819 : /*
1820 : * Except for the deletion of the catalog row, subsequent actions are not
1821 : * transactional (consider DropDatabaseBuffers() discarding modified
1822 : * buffers). But we might crash or get interrupted below. To prevent
1823 : * accesses to a database with invalid contents, mark the database as
1824 : * invalid using an in-place update.
1825 : *
1826 : * We need to flush the WAL before continuing, to guarantee the
1827 : * modification is durable before performing irreversible filesystem
1828 : * operations.
1829 : */
1830 94 : ScanKeyInit(&scankey,
1831 : Anum_pg_database_datname,
1832 : BTEqualStrategyNumber, F_NAMEEQ,
1833 : CStringGetDatum(dbname));
1834 94 : systable_inplace_update_begin(pgdbrel, DatabaseNameIndexId, true,
1835 : NULL, 1, &scankey, &tup, &inplace_state);
1836 94 : if (!HeapTupleIsValid(tup))
1837 0 : elog(ERROR, "cache lookup failed for database %u", db_id);
1838 94 : datform = (Form_pg_database) GETSTRUCT(tup);
1839 94 : datform->datconnlimit = DATCONNLIMIT_INVALID_DB;
1840 94 : systable_inplace_update_finish(inplace_state, tup);
1841 94 : XLogFlush(XactLastRecEnd);
1842 :
1843 : /*
1844 : * Also delete the tuple - transactionally. If this transaction commits,
1845 : * the row will be gone, but if we fail, dropdb() can be invoked again.
1846 : */
1847 94 : CatalogTupleDelete(pgdbrel, &tup->t_self);
1848 94 : heap_freetuple(tup);
1849 :
1850 : /*
1851 : * Drop db-specific replication slots.
1852 : */
1853 94 : ReplicationSlotsDropDBSlots(db_id);
1854 :
1855 : /*
1856 : * Drop pages for this database that are in the shared buffer cache. This
1857 : * is important to ensure that no remaining backend tries to write out a
1858 : * dirty buffer to the dead database later...
1859 : */
1860 94 : DropDatabaseBuffers(db_id);
1861 :
1862 : /*
1863 : * Tell checkpointer to forget any pending fsync and unlink requests for
1864 : * files in the database; else the fsyncs will fail at next checkpoint, or
1865 : * worse, it will delete files that belong to a newly created database
1866 : * with the same OID.
1867 : */
1868 94 : ForgetDatabaseSyncRequests(db_id);
1869 :
1870 : /*
1871 : * Force a checkpoint to make sure the checkpointer has received the
1872 : * message sent by ForgetDatabaseSyncRequests.
1873 : */
1874 94 : RequestCheckpoint(CHECKPOINT_FAST | CHECKPOINT_FORCE | CHECKPOINT_WAIT);
1875 :
1876 : /* Close all smgr fds in all backends. */
1877 94 : WaitForProcSignalBarrier(EmitProcSignalBarrier(PROCSIGNAL_BARRIER_SMGRRELEASE));
1878 :
1879 : /*
1880 : * Remove all tablespace subdirs belonging to the database.
1881 : */
1882 94 : remove_dbtablespaces(db_id);
1883 :
1884 : /*
1885 : * Close pg_database, but keep lock till commit.
1886 : */
1887 94 : table_close(pgdbrel, NoLock);
1888 :
1889 : /*
1890 : * Force synchronous commit, thus minimizing the window between removal of
1891 : * the database files and committal of the transaction. If we crash before
1892 : * committing, we'll have a DB that's gone on disk but still there
1893 : * according to pg_database, which is not good.
1894 : */
1895 94 : ForceSyncCommit();
1896 : }
1897 :
1898 :
1899 : /*
1900 : * Rename database
1901 : */
1902 : ObjectAddress
1903 12 : RenameDatabase(const char *oldname, const char *newname)
1904 : {
1905 : Oid db_id;
1906 : HeapTuple newtup;
1907 : ItemPointerData otid;
1908 : Relation rel;
1909 : int notherbackends;
1910 : int npreparedxacts;
1911 : ObjectAddress address;
1912 :
1913 : /*
1914 : * Look up the target database's OID, and get exclusive lock on it. We
1915 : * need this for the same reasons as DROP DATABASE.
1916 : */
1917 12 : rel = table_open(DatabaseRelationId, RowExclusiveLock);
1918 :
1919 12 : if (!get_db_info(oldname, AccessExclusiveLock, &db_id, NULL, NULL, NULL,
1920 : NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL))
1921 0 : ereport(ERROR,
1922 : (errcode(ERRCODE_UNDEFINED_DATABASE),
1923 : errmsg("database \"%s\" does not exist", oldname)));
1924 :
1925 : /* must be owner */
1926 12 : if (!object_ownercheck(DatabaseRelationId, db_id, GetUserId()))
1927 0 : aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
1928 : oldname);
1929 :
1930 : /* must have createdb rights */
1931 12 : if (!have_createdb_privilege())
1932 0 : ereport(ERROR,
1933 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1934 : errmsg("permission denied to rename database")));
1935 :
1936 : /*
1937 : * If built with appropriate switch, whine when regression-testing
1938 : * conventions for database names are violated.
1939 : */
1940 : #ifdef ENFORCE_REGRESSION_TEST_NAME_RESTRICTIONS
1941 : if (strstr(newname, "regression") == NULL)
1942 : elog(WARNING, "databases created by regression test cases should have names including \"regression\"");
1943 : #endif
1944 :
1945 : /*
1946 : * Make sure the new name doesn't exist. See notes for same error in
1947 : * CREATE DATABASE.
1948 : */
1949 12 : if (OidIsValid(get_database_oid(newname, true)))
1950 0 : ereport(ERROR,
1951 : (errcode(ERRCODE_DUPLICATE_DATABASE),
1952 : errmsg("database \"%s\" already exists", newname)));
1953 :
1954 : /*
1955 : * XXX Client applications probably store the current database somewhere,
1956 : * so renaming it could cause confusion. On the other hand, there may not
1957 : * be an actual problem besides a little confusion, so think about this
1958 : * and decide.
1959 : */
1960 12 : if (db_id == MyDatabaseId)
1961 0 : ereport(ERROR,
1962 : (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1963 : errmsg("current database cannot be renamed")));
1964 :
1965 : /*
1966 : * Make sure the database does not have active sessions. This is the same
1967 : * concern as above, but applied to other sessions.
1968 : *
1969 : * As in CREATE DATABASE, check this after other error conditions.
1970 : */
1971 12 : if (CountOtherDBBackends(db_id, ¬herbackends, &npreparedxacts))
1972 0 : ereport(ERROR,
1973 : (errcode(ERRCODE_OBJECT_IN_USE),
1974 : errmsg("database \"%s\" is being accessed by other users",
1975 : oldname),
1976 : errdetail_busy_db(notherbackends, npreparedxacts)));
1977 :
1978 : /* rename */
1979 12 : newtup = SearchSysCacheLockedCopy1(DATABASEOID, ObjectIdGetDatum(db_id));
1980 12 : if (!HeapTupleIsValid(newtup))
1981 0 : elog(ERROR, "cache lookup failed for database %u", db_id);
1982 12 : otid = newtup->t_self;
1983 12 : namestrcpy(&(((Form_pg_database) GETSTRUCT(newtup))->datname), newname);
1984 12 : CatalogTupleUpdate(rel, &otid, newtup);
1985 12 : UnlockTuple(rel, &otid, InplaceUpdateTupleLock);
1986 :
1987 12 : InvokeObjectPostAlterHook(DatabaseRelationId, db_id, 0);
1988 :
1989 12 : ObjectAddressSet(address, DatabaseRelationId, db_id);
1990 :
1991 : /*
1992 : * Close pg_database, but keep lock till commit.
1993 : */
1994 12 : table_close(rel, NoLock);
1995 :
1996 12 : return address;
1997 : }
1998 :
1999 :
2000 : /*
2001 : * ALTER DATABASE SET TABLESPACE
2002 : */
2003 : static void
2004 22 : movedb(const char *dbname, const char *tblspcname)
2005 : {
2006 : Oid db_id;
2007 : Relation pgdbrel;
2008 : int notherbackends;
2009 : int npreparedxacts;
2010 : HeapTuple oldtuple,
2011 : newtuple;
2012 : Oid src_tblspcoid,
2013 : dst_tblspcoid;
2014 : ScanKeyData scankey;
2015 : SysScanDesc sysscan;
2016 : AclResult aclresult;
2017 : char *src_dbpath;
2018 : char *dst_dbpath;
2019 : DIR *dstdir;
2020 : struct dirent *xlde;
2021 : movedb_failure_params fparms;
2022 :
2023 : /*
2024 : * Look up the target database's OID, and get exclusive lock on it. We
2025 : * need this to ensure that no new backend starts up in the database while
2026 : * we are moving it, and that no one is using it as a CREATE DATABASE
2027 : * template or trying to delete it.
2028 : */
2029 22 : pgdbrel = table_open(DatabaseRelationId, RowExclusiveLock);
2030 :
2031 22 : if (!get_db_info(dbname, AccessExclusiveLock, &db_id, NULL, NULL, NULL,
2032 : NULL, NULL, NULL, NULL, &src_tblspcoid, NULL, NULL, NULL, NULL, NULL, NULL))
2033 0 : ereport(ERROR,
2034 : (errcode(ERRCODE_UNDEFINED_DATABASE),
2035 : errmsg("database \"%s\" does not exist", dbname)));
2036 :
2037 : /*
2038 : * We actually need a session lock, so that the lock will persist across
2039 : * the commit/restart below. (We could almost get away with letting the
2040 : * lock be released at commit, except that someone could try to move
2041 : * relations of the DB back into the old directory while we rmtree() it.)
2042 : */
2043 22 : LockSharedObjectForSession(DatabaseRelationId, db_id, 0,
2044 : AccessExclusiveLock);
2045 :
2046 : /*
2047 : * Permission checks
2048 : */
2049 22 : if (!object_ownercheck(DatabaseRelationId, db_id, GetUserId()))
2050 0 : aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
2051 : dbname);
2052 :
2053 : /*
2054 : * Obviously can't move the tables of my own database
2055 : */
2056 22 : if (db_id == MyDatabaseId)
2057 0 : ereport(ERROR,
2058 : (errcode(ERRCODE_OBJECT_IN_USE),
2059 : errmsg("cannot change the tablespace of the currently open database")));
2060 :
2061 : /*
2062 : * Get tablespace's oid
2063 : */
2064 22 : dst_tblspcoid = get_tablespace_oid(tblspcname, false);
2065 :
2066 : /*
2067 : * Permission checks
2068 : */
2069 22 : aclresult = object_aclcheck(TableSpaceRelationId, dst_tblspcoid, GetUserId(),
2070 : ACL_CREATE);
2071 22 : if (aclresult != ACLCHECK_OK)
2072 0 : aclcheck_error(aclresult, OBJECT_TABLESPACE,
2073 : tblspcname);
2074 :
2075 : /*
2076 : * pg_global must never be the default tablespace
2077 : */
2078 22 : if (dst_tblspcoid == GLOBALTABLESPACE_OID)
2079 0 : ereport(ERROR,
2080 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
2081 : errmsg("pg_global cannot be used as default tablespace")));
2082 :
2083 : /*
2084 : * No-op if same tablespace
2085 : */
2086 22 : if (src_tblspcoid == dst_tblspcoid)
2087 : {
2088 0 : table_close(pgdbrel, NoLock);
2089 0 : UnlockSharedObjectForSession(DatabaseRelationId, db_id, 0,
2090 : AccessExclusiveLock);
2091 0 : return;
2092 : }
2093 :
2094 : /*
2095 : * Check for other backends in the target database. (Because we hold the
2096 : * database lock, no new ones can start after this.)
2097 : *
2098 : * As in CREATE DATABASE, check this after other error conditions.
2099 : */
2100 22 : if (CountOtherDBBackends(db_id, ¬herbackends, &npreparedxacts))
2101 0 : ereport(ERROR,
2102 : (errcode(ERRCODE_OBJECT_IN_USE),
2103 : errmsg("database \"%s\" is being accessed by other users",
2104 : dbname),
2105 : errdetail_busy_db(notherbackends, npreparedxacts)));
2106 :
2107 : /*
2108 : * Get old and new database paths
2109 : */
2110 22 : src_dbpath = GetDatabasePath(db_id, src_tblspcoid);
2111 22 : dst_dbpath = GetDatabasePath(db_id, dst_tblspcoid);
2112 :
2113 : /*
2114 : * Force a checkpoint before proceeding. This will force all dirty
2115 : * buffers, including those of unlogged tables, out to disk, to ensure
2116 : * source database is up-to-date on disk for the copy.
2117 : * FlushDatabaseBuffers() would suffice for that, but we also want to
2118 : * process any pending unlink requests. Otherwise, the check for existing
2119 : * files in the target directory might fail unnecessarily, not to mention
2120 : * that the copy might fail due to source files getting deleted under it.
2121 : * On Windows, this also ensures that background procs don't hold any open
2122 : * files, which would cause rmdir() to fail.
2123 : */
2124 22 : RequestCheckpoint(CHECKPOINT_FAST | CHECKPOINT_FORCE | CHECKPOINT_WAIT
2125 : | CHECKPOINT_FLUSH_UNLOGGED);
2126 :
2127 : /* Close all smgr fds in all backends. */
2128 22 : WaitForProcSignalBarrier(EmitProcSignalBarrier(PROCSIGNAL_BARRIER_SMGRRELEASE));
2129 :
2130 : /*
2131 : * Now drop all buffers holding data of the target database; they should
2132 : * no longer be dirty so DropDatabaseBuffers is safe.
2133 : *
2134 : * It might seem that we could just let these buffers age out of shared
2135 : * buffers naturally, since they should not get referenced anymore. The
2136 : * problem with that is that if the user later moves the database back to
2137 : * its original tablespace, any still-surviving buffers would appear to
2138 : * contain valid data again --- but they'd be missing any changes made in
2139 : * the database while it was in the new tablespace. In any case, freeing
2140 : * buffers that should never be used again seems worth the cycles.
2141 : *
2142 : * Note: it'd be sufficient to get rid of buffers matching db_id and
2143 : * src_tblspcoid, but bufmgr.c presently provides no API for that.
2144 : */
2145 22 : DropDatabaseBuffers(db_id);
2146 :
2147 : /*
2148 : * Check for existence of files in the target directory, i.e., objects of
2149 : * this database that are already in the target tablespace. We can't
2150 : * allow the move in such a case, because we would need to change those
2151 : * relations' pg_class.reltablespace entries to zero, and we don't have
2152 : * access to the DB's pg_class to do so.
2153 : */
2154 22 : dstdir = AllocateDir(dst_dbpath);
2155 22 : if (dstdir != NULL)
2156 : {
2157 0 : while ((xlde = ReadDir(dstdir, dst_dbpath)) != NULL)
2158 : {
2159 0 : if (strcmp(xlde->d_name, ".") == 0 ||
2160 0 : strcmp(xlde->d_name, "..") == 0)
2161 0 : continue;
2162 :
2163 0 : ereport(ERROR,
2164 : (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
2165 : errmsg("some relations of database \"%s\" are already in tablespace \"%s\"",
2166 : dbname, tblspcname),
2167 : errhint("You must move them back to the database's default tablespace before using this command.")));
2168 : }
2169 :
2170 0 : FreeDir(dstdir);
2171 :
2172 : /*
2173 : * The directory exists but is empty. We must remove it before using
2174 : * the copydir function.
2175 : */
2176 0 : if (rmdir(dst_dbpath) != 0)
2177 0 : elog(ERROR, "could not remove directory \"%s\": %m",
2178 : dst_dbpath);
2179 : }
2180 :
2181 : /*
2182 : * Use an ENSURE block to make sure we remove the debris if the copy fails
2183 : * (eg, due to out-of-disk-space). This is not a 100% solution, because
2184 : * of the possibility of failure during transaction commit, but it should
2185 : * handle most scenarios.
2186 : */
2187 22 : fparms.dest_dboid = db_id;
2188 22 : fparms.dest_tsoid = dst_tblspcoid;
2189 22 : PG_ENSURE_ERROR_CLEANUP(movedb_failure_callback,
2190 : PointerGetDatum(&fparms));
2191 : {
2192 22 : Datum new_record[Natts_pg_database] = {0};
2193 22 : bool new_record_nulls[Natts_pg_database] = {0};
2194 22 : bool new_record_repl[Natts_pg_database] = {0};
2195 :
2196 : /*
2197 : * Copy files from the old tablespace to the new one
2198 : */
2199 22 : copydir(src_dbpath, dst_dbpath, false);
2200 :
2201 : /*
2202 : * Record the filesystem change in XLOG
2203 : */
2204 : {
2205 : xl_dbase_create_file_copy_rec xlrec;
2206 :
2207 22 : xlrec.db_id = db_id;
2208 22 : xlrec.tablespace_id = dst_tblspcoid;
2209 22 : xlrec.src_db_id = db_id;
2210 22 : xlrec.src_tablespace_id = src_tblspcoid;
2211 :
2212 22 : XLogBeginInsert();
2213 22 : XLogRegisterData(&xlrec,
2214 : sizeof(xl_dbase_create_file_copy_rec));
2215 :
2216 22 : (void) XLogInsert(RM_DBASE_ID,
2217 : XLOG_DBASE_CREATE_FILE_COPY | XLR_SPECIAL_REL_UPDATE);
2218 : }
2219 :
2220 : /*
2221 : * Update the database's pg_database tuple
2222 : */
2223 22 : ScanKeyInit(&scankey,
2224 : Anum_pg_database_datname,
2225 : BTEqualStrategyNumber, F_NAMEEQ,
2226 : CStringGetDatum(dbname));
2227 22 : sysscan = systable_beginscan(pgdbrel, DatabaseNameIndexId, true,
2228 : NULL, 1, &scankey);
2229 22 : oldtuple = systable_getnext(sysscan);
2230 22 : if (!HeapTupleIsValid(oldtuple)) /* shouldn't happen... */
2231 0 : ereport(ERROR,
2232 : (errcode(ERRCODE_UNDEFINED_DATABASE),
2233 : errmsg("database \"%s\" does not exist", dbname)));
2234 22 : LockTuple(pgdbrel, &oldtuple->t_self, InplaceUpdateTupleLock);
2235 :
2236 22 : new_record[Anum_pg_database_dattablespace - 1] = ObjectIdGetDatum(dst_tblspcoid);
2237 22 : new_record_repl[Anum_pg_database_dattablespace - 1] = true;
2238 :
2239 22 : newtuple = heap_modify_tuple(oldtuple, RelationGetDescr(pgdbrel),
2240 : new_record,
2241 : new_record_nulls, new_record_repl);
2242 22 : CatalogTupleUpdate(pgdbrel, &oldtuple->t_self, newtuple);
2243 22 : UnlockTuple(pgdbrel, &oldtuple->t_self, InplaceUpdateTupleLock);
2244 :
2245 22 : InvokeObjectPostAlterHook(DatabaseRelationId, db_id, 0);
2246 :
2247 22 : systable_endscan(sysscan);
2248 :
2249 : /*
2250 : * Force another checkpoint here. As in CREATE DATABASE, this is to
2251 : * ensure that we don't have to replay a committed
2252 : * XLOG_DBASE_CREATE_FILE_COPY operation, which would cause us to lose
2253 : * any unlogged operations done in the new DB tablespace before the
2254 : * next checkpoint.
2255 : */
2256 22 : RequestCheckpoint(CHECKPOINT_FAST | CHECKPOINT_FORCE | CHECKPOINT_WAIT);
2257 :
2258 : /*
2259 : * Force synchronous commit, thus minimizing the window between
2260 : * copying the database files and committal of the transaction. If we
2261 : * crash before committing, we'll leave an orphaned set of files on
2262 : * disk, which is not fatal but not good either.
2263 : */
2264 22 : ForceSyncCommit();
2265 :
2266 : /*
2267 : * Close pg_database, but keep lock till commit.
2268 : */
2269 22 : table_close(pgdbrel, NoLock);
2270 : }
2271 22 : PG_END_ENSURE_ERROR_CLEANUP(movedb_failure_callback,
2272 : PointerGetDatum(&fparms));
2273 :
2274 : /*
2275 : * Commit the transaction so that the pg_database update is committed. If
2276 : * we crash while removing files, the database won't be corrupt, we'll
2277 : * just leave some orphaned files in the old directory.
2278 : *
2279 : * (This is OK because we know we aren't inside a transaction block.)
2280 : *
2281 : * XXX would it be safe/better to do this inside the ensure block? Not
2282 : * convinced it's a good idea; consider elog just after the transaction
2283 : * really commits.
2284 : */
2285 22 : PopActiveSnapshot();
2286 22 : CommitTransactionCommand();
2287 :
2288 : /* Start new transaction for the remaining work; don't need a snapshot */
2289 22 : StartTransactionCommand();
2290 :
2291 : /*
2292 : * Remove files from the old tablespace
2293 : */
2294 22 : if (!rmtree(src_dbpath, true))
2295 0 : ereport(WARNING,
2296 : (errmsg("some useless files may be left behind in old database directory \"%s\"",
2297 : src_dbpath)));
2298 :
2299 : /*
2300 : * Record the filesystem change in XLOG
2301 : */
2302 : {
2303 : xl_dbase_drop_rec xlrec;
2304 :
2305 22 : xlrec.db_id = db_id;
2306 22 : xlrec.ntablespaces = 1;
2307 :
2308 22 : XLogBeginInsert();
2309 22 : XLogRegisterData(&xlrec, sizeof(xl_dbase_drop_rec));
2310 22 : XLogRegisterData(&src_tblspcoid, sizeof(Oid));
2311 :
2312 22 : (void) XLogInsert(RM_DBASE_ID,
2313 : XLOG_DBASE_DROP | XLR_SPECIAL_REL_UPDATE);
2314 : }
2315 :
2316 : /* Now it's safe to release the database lock */
2317 22 : UnlockSharedObjectForSession(DatabaseRelationId, db_id, 0,
2318 : AccessExclusiveLock);
2319 :
2320 22 : pfree(src_dbpath);
2321 22 : pfree(dst_dbpath);
2322 : }
2323 :
2324 : /* Error cleanup callback for movedb */
2325 : static void
2326 0 : movedb_failure_callback(int code, Datum arg)
2327 : {
2328 0 : movedb_failure_params *fparms = (movedb_failure_params *) DatumGetPointer(arg);
2329 : char *dstpath;
2330 :
2331 : /* Get rid of anything we managed to copy to the target directory */
2332 0 : dstpath = GetDatabasePath(fparms->dest_dboid, fparms->dest_tsoid);
2333 :
2334 0 : (void) rmtree(dstpath, true);
2335 :
2336 0 : pfree(dstpath);
2337 0 : }
2338 :
2339 : /*
2340 : * Process options and call dropdb function.
2341 : */
2342 : void
2343 128 : DropDatabase(ParseState *pstate, DropdbStmt *stmt)
2344 : {
2345 128 : bool force = false;
2346 : ListCell *lc;
2347 :
2348 154 : foreach(lc, stmt->options)
2349 : {
2350 26 : DefElem *opt = (DefElem *) lfirst(lc);
2351 :
2352 26 : if (strcmp(opt->defname, "force") == 0)
2353 26 : force = true;
2354 : else
2355 0 : ereport(ERROR,
2356 : (errcode(ERRCODE_SYNTAX_ERROR),
2357 : errmsg("unrecognized %s option \"%s\"",
2358 : "DROP DATABASE", opt->defname),
2359 : parser_errposition(pstate, opt->location)));
2360 : }
2361 :
2362 128 : dropdb(stmt->dbname, stmt->missing_ok, force);
2363 110 : }
2364 :
2365 : /*
2366 : * ALTER DATABASE name ...
2367 : */
2368 : Oid
2369 90 : AlterDatabase(ParseState *pstate, AlterDatabaseStmt *stmt, bool isTopLevel)
2370 : {
2371 : Relation rel;
2372 : Oid dboid;
2373 : HeapTuple tuple,
2374 : newtuple;
2375 : Form_pg_database datform;
2376 : ScanKeyData scankey;
2377 : SysScanDesc scan;
2378 : ListCell *option;
2379 90 : bool dbistemplate = false;
2380 90 : bool dballowconnections = true;
2381 90 : int dbconnlimit = DATCONNLIMIT_UNLIMITED;
2382 90 : DefElem *distemplate = NULL;
2383 90 : DefElem *dallowconnections = NULL;
2384 90 : DefElem *dconnlimit = NULL;
2385 90 : DefElem *dtablespace = NULL;
2386 90 : Datum new_record[Natts_pg_database] = {0};
2387 90 : bool new_record_nulls[Natts_pg_database] = {0};
2388 90 : bool new_record_repl[Natts_pg_database] = {0};
2389 :
2390 : /* Extract options from the statement node tree */
2391 180 : foreach(option, stmt->options)
2392 : {
2393 90 : DefElem *defel = (DefElem *) lfirst(option);
2394 :
2395 90 : if (strcmp(defel->defname, "is_template") == 0)
2396 : {
2397 22 : if (distemplate)
2398 0 : errorConflictingDefElem(defel, pstate);
2399 22 : distemplate = defel;
2400 : }
2401 68 : else if (strcmp(defel->defname, "allow_connections") == 0)
2402 : {
2403 38 : if (dallowconnections)
2404 0 : errorConflictingDefElem(defel, pstate);
2405 38 : dallowconnections = defel;
2406 : }
2407 30 : else if (strcmp(defel->defname, "connection_limit") == 0)
2408 : {
2409 8 : if (dconnlimit)
2410 0 : errorConflictingDefElem(defel, pstate);
2411 8 : dconnlimit = defel;
2412 : }
2413 22 : else if (strcmp(defel->defname, "tablespace") == 0)
2414 : {
2415 22 : if (dtablespace)
2416 0 : errorConflictingDefElem(defel, pstate);
2417 22 : dtablespace = defel;
2418 : }
2419 : else
2420 0 : ereport(ERROR,
2421 : (errcode(ERRCODE_SYNTAX_ERROR),
2422 : errmsg("option \"%s\" not recognized", defel->defname),
2423 : parser_errposition(pstate, defel->location)));
2424 : }
2425 :
2426 90 : if (dtablespace)
2427 : {
2428 : /*
2429 : * While the SET TABLESPACE syntax doesn't allow any other options,
2430 : * somebody could write "WITH TABLESPACE ...". Forbid any other
2431 : * options from being specified in that case.
2432 : */
2433 22 : if (list_length(stmt->options) != 1)
2434 0 : ereport(ERROR,
2435 : (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
2436 : errmsg("option \"%s\" cannot be specified with other options",
2437 : dtablespace->defname),
2438 : parser_errposition(pstate, dtablespace->location)));
2439 : /* this case isn't allowed within a transaction block */
2440 22 : PreventInTransactionBlock(isTopLevel, "ALTER DATABASE SET TABLESPACE");
2441 22 : movedb(stmt->dbname, defGetString(dtablespace));
2442 22 : return InvalidOid;
2443 : }
2444 :
2445 68 : if (distemplate && distemplate->arg)
2446 22 : dbistemplate = defGetBoolean(distemplate);
2447 68 : if (dallowconnections && dallowconnections->arg)
2448 38 : dballowconnections = defGetBoolean(dallowconnections);
2449 68 : if (dconnlimit && dconnlimit->arg)
2450 : {
2451 8 : dbconnlimit = defGetInt32(dconnlimit);
2452 8 : if (dbconnlimit < DATCONNLIMIT_UNLIMITED)
2453 0 : ereport(ERROR,
2454 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
2455 : errmsg("invalid connection limit: %d", dbconnlimit)));
2456 : }
2457 :
2458 : /*
2459 : * Get the old tuple. We don't need a lock on the database per se,
2460 : * because we're not going to do anything that would mess up incoming
2461 : * connections.
2462 : */
2463 68 : rel = table_open(DatabaseRelationId, RowExclusiveLock);
2464 68 : ScanKeyInit(&scankey,
2465 : Anum_pg_database_datname,
2466 : BTEqualStrategyNumber, F_NAMEEQ,
2467 68 : CStringGetDatum(stmt->dbname));
2468 68 : scan = systable_beginscan(rel, DatabaseNameIndexId, true,
2469 : NULL, 1, &scankey);
2470 68 : tuple = systable_getnext(scan);
2471 68 : if (!HeapTupleIsValid(tuple))
2472 0 : ereport(ERROR,
2473 : (errcode(ERRCODE_UNDEFINED_DATABASE),
2474 : errmsg("database \"%s\" does not exist", stmt->dbname)));
2475 68 : LockTuple(rel, &tuple->t_self, InplaceUpdateTupleLock);
2476 :
2477 68 : datform = (Form_pg_database) GETSTRUCT(tuple);
2478 68 : dboid = datform->oid;
2479 :
2480 68 : if (database_is_invalid_form(datform))
2481 : {
2482 2 : ereport(FATAL,
2483 : errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
2484 : errmsg("cannot alter invalid database \"%s\"", stmt->dbname),
2485 : errhint("Use DROP DATABASE to drop invalid databases."));
2486 : }
2487 :
2488 66 : if (!object_ownercheck(DatabaseRelationId, dboid, GetUserId()))
2489 0 : aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
2490 0 : stmt->dbname);
2491 :
2492 : /*
2493 : * In order to avoid getting locked out and having to go through
2494 : * standalone mode, we refuse to disallow connections to the database
2495 : * we're currently connected to. Lockout can still happen with concurrent
2496 : * sessions but the likeliness of that is not high enough to worry about.
2497 : */
2498 66 : if (!dballowconnections && dboid == MyDatabaseId)
2499 0 : ereport(ERROR,
2500 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
2501 : errmsg("cannot disallow connections for current database")));
2502 :
2503 : /*
2504 : * Build an updated tuple, perusing the information just obtained
2505 : */
2506 66 : if (distemplate)
2507 : {
2508 22 : new_record[Anum_pg_database_datistemplate - 1] = BoolGetDatum(dbistemplate);
2509 22 : new_record_repl[Anum_pg_database_datistemplate - 1] = true;
2510 : }
2511 66 : if (dallowconnections)
2512 : {
2513 38 : new_record[Anum_pg_database_datallowconn - 1] = BoolGetDatum(dballowconnections);
2514 38 : new_record_repl[Anum_pg_database_datallowconn - 1] = true;
2515 : }
2516 66 : if (dconnlimit)
2517 : {
2518 6 : new_record[Anum_pg_database_datconnlimit - 1] = Int32GetDatum(dbconnlimit);
2519 6 : new_record_repl[Anum_pg_database_datconnlimit - 1] = true;
2520 : }
2521 :
2522 66 : newtuple = heap_modify_tuple(tuple, RelationGetDescr(rel), new_record,
2523 : new_record_nulls, new_record_repl);
2524 66 : CatalogTupleUpdate(rel, &tuple->t_self, newtuple);
2525 66 : UnlockTuple(rel, &tuple->t_self, InplaceUpdateTupleLock);
2526 :
2527 66 : InvokeObjectPostAlterHook(DatabaseRelationId, dboid, 0);
2528 :
2529 66 : systable_endscan(scan);
2530 :
2531 : /* Close pg_database, but keep lock till commit */
2532 66 : table_close(rel, NoLock);
2533 :
2534 66 : return dboid;
2535 : }
2536 :
2537 :
2538 : /*
2539 : * ALTER DATABASE name REFRESH COLLATION VERSION
2540 : */
2541 : ObjectAddress
2542 6 : AlterDatabaseRefreshColl(AlterDatabaseRefreshCollStmt *stmt)
2543 : {
2544 : Relation rel;
2545 : ScanKeyData scankey;
2546 : SysScanDesc scan;
2547 : Oid db_id;
2548 : HeapTuple tuple;
2549 : Form_pg_database datForm;
2550 : ObjectAddress address;
2551 : Datum datum;
2552 : bool isnull;
2553 : char *oldversion;
2554 : char *newversion;
2555 :
2556 6 : rel = table_open(DatabaseRelationId, RowExclusiveLock);
2557 6 : ScanKeyInit(&scankey,
2558 : Anum_pg_database_datname,
2559 : BTEqualStrategyNumber, F_NAMEEQ,
2560 6 : CStringGetDatum(stmt->dbname));
2561 6 : scan = systable_beginscan(rel, DatabaseNameIndexId, true,
2562 : NULL, 1, &scankey);
2563 6 : tuple = systable_getnext(scan);
2564 6 : if (!HeapTupleIsValid(tuple))
2565 0 : ereport(ERROR,
2566 : (errcode(ERRCODE_UNDEFINED_DATABASE),
2567 : errmsg("database \"%s\" does not exist", stmt->dbname)));
2568 :
2569 6 : datForm = (Form_pg_database) GETSTRUCT(tuple);
2570 6 : db_id = datForm->oid;
2571 :
2572 6 : if (!object_ownercheck(DatabaseRelationId, db_id, GetUserId()))
2573 0 : aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
2574 0 : stmt->dbname);
2575 6 : LockTuple(rel, &tuple->t_self, InplaceUpdateTupleLock);
2576 :
2577 6 : datum = heap_getattr(tuple, Anum_pg_database_datcollversion, RelationGetDescr(rel), &isnull);
2578 6 : oldversion = isnull ? NULL : TextDatumGetCString(datum);
2579 :
2580 6 : if (datForm->datlocprovider == COLLPROVIDER_LIBC)
2581 : {
2582 4 : datum = heap_getattr(tuple, Anum_pg_database_datcollate, RelationGetDescr(rel), &isnull);
2583 4 : if (isnull)
2584 0 : elog(ERROR, "unexpected null in pg_database");
2585 : }
2586 : else
2587 : {
2588 2 : datum = heap_getattr(tuple, Anum_pg_database_datlocale, RelationGetDescr(rel), &isnull);
2589 2 : if (isnull)
2590 0 : elog(ERROR, "unexpected null in pg_database");
2591 : }
2592 :
2593 6 : newversion = get_collation_actual_version(datForm->datlocprovider,
2594 6 : TextDatumGetCString(datum));
2595 :
2596 : /* cannot change from NULL to non-NULL or vice versa */
2597 6 : if ((!oldversion && newversion) || (oldversion && !newversion))
2598 0 : elog(ERROR, "invalid collation version change");
2599 6 : else if (oldversion && newversion && strcmp(newversion, oldversion) != 0)
2600 0 : {
2601 0 : bool nulls[Natts_pg_database] = {0};
2602 0 : bool replaces[Natts_pg_database] = {0};
2603 0 : Datum values[Natts_pg_database] = {0};
2604 : HeapTuple newtuple;
2605 :
2606 0 : ereport(NOTICE,
2607 : (errmsg("changing version from %s to %s",
2608 : oldversion, newversion)));
2609 :
2610 0 : values[Anum_pg_database_datcollversion - 1] = CStringGetTextDatum(newversion);
2611 0 : replaces[Anum_pg_database_datcollversion - 1] = true;
2612 :
2613 0 : newtuple = heap_modify_tuple(tuple, RelationGetDescr(rel),
2614 : values, nulls, replaces);
2615 0 : CatalogTupleUpdate(rel, &tuple->t_self, newtuple);
2616 0 : heap_freetuple(newtuple);
2617 : }
2618 : else
2619 6 : ereport(NOTICE,
2620 : (errmsg("version has not changed")));
2621 6 : UnlockTuple(rel, &tuple->t_self, InplaceUpdateTupleLock);
2622 :
2623 6 : InvokeObjectPostAlterHook(DatabaseRelationId, db_id, 0);
2624 :
2625 6 : ObjectAddressSet(address, DatabaseRelationId, db_id);
2626 :
2627 6 : systable_endscan(scan);
2628 :
2629 6 : table_close(rel, NoLock);
2630 :
2631 6 : return address;
2632 : }
2633 :
2634 :
2635 : /*
2636 : * ALTER DATABASE name SET ...
2637 : */
2638 : Oid
2639 1254 : AlterDatabaseSet(AlterDatabaseSetStmt *stmt)
2640 : {
2641 1254 : Oid datid = get_database_oid(stmt->dbname, false);
2642 :
2643 : /*
2644 : * Obtain a lock on the database and make sure it didn't go away in the
2645 : * meantime.
2646 : */
2647 1254 : shdepLockAndCheckObject(DatabaseRelationId, datid);
2648 :
2649 1254 : if (!object_ownercheck(DatabaseRelationId, datid, GetUserId()))
2650 0 : aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
2651 0 : stmt->dbname);
2652 :
2653 1254 : AlterSetting(datid, InvalidOid, stmt->setstmt);
2654 :
2655 1250 : UnlockSharedObject(DatabaseRelationId, datid, 0, AccessShareLock);
2656 :
2657 1250 : return datid;
2658 : }
2659 :
2660 :
2661 : /*
2662 : * ALTER DATABASE name OWNER TO newowner
2663 : */
2664 : ObjectAddress
2665 90 : AlterDatabaseOwner(const char *dbname, Oid newOwnerId)
2666 : {
2667 : Oid db_id;
2668 : HeapTuple tuple;
2669 : Relation rel;
2670 : ScanKeyData scankey;
2671 : SysScanDesc scan;
2672 : Form_pg_database datForm;
2673 : ObjectAddress address;
2674 :
2675 : /*
2676 : * Get the old tuple. We don't need a lock on the database per se,
2677 : * because we're not going to do anything that would mess up incoming
2678 : * connections.
2679 : */
2680 90 : rel = table_open(DatabaseRelationId, RowExclusiveLock);
2681 90 : ScanKeyInit(&scankey,
2682 : Anum_pg_database_datname,
2683 : BTEqualStrategyNumber, F_NAMEEQ,
2684 : CStringGetDatum(dbname));
2685 90 : scan = systable_beginscan(rel, DatabaseNameIndexId, true,
2686 : NULL, 1, &scankey);
2687 90 : tuple = systable_getnext(scan);
2688 90 : if (!HeapTupleIsValid(tuple))
2689 0 : ereport(ERROR,
2690 : (errcode(ERRCODE_UNDEFINED_DATABASE),
2691 : errmsg("database \"%s\" does not exist", dbname)));
2692 :
2693 90 : datForm = (Form_pg_database) GETSTRUCT(tuple);
2694 90 : db_id = datForm->oid;
2695 :
2696 : /*
2697 : * If the new owner is the same as the existing owner, consider the
2698 : * command to have succeeded. This is to be consistent with other
2699 : * objects.
2700 : */
2701 90 : if (datForm->datdba != newOwnerId)
2702 : {
2703 : Datum repl_val[Natts_pg_database];
2704 30 : bool repl_null[Natts_pg_database] = {0};
2705 30 : bool repl_repl[Natts_pg_database] = {0};
2706 : Acl *newAcl;
2707 : Datum aclDatum;
2708 : bool isNull;
2709 : HeapTuple newtuple;
2710 :
2711 : /* Otherwise, must be owner of the existing object */
2712 30 : if (!object_ownercheck(DatabaseRelationId, db_id, GetUserId()))
2713 0 : aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_DATABASE,
2714 : dbname);
2715 :
2716 : /* Must be able to become new owner */
2717 30 : check_can_set_role(GetUserId(), newOwnerId);
2718 :
2719 : /*
2720 : * must have createdb rights
2721 : *
2722 : * NOTE: This is different from other alter-owner checks in that the
2723 : * current user is checked for createdb privileges instead of the
2724 : * destination owner. This is consistent with the CREATE case for
2725 : * databases. Because superusers will always have this right, we need
2726 : * no special case for them.
2727 : */
2728 30 : if (!have_createdb_privilege())
2729 0 : ereport(ERROR,
2730 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2731 : errmsg("permission denied to change owner of database")));
2732 :
2733 30 : LockTuple(rel, &tuple->t_self, InplaceUpdateTupleLock);
2734 :
2735 30 : repl_repl[Anum_pg_database_datdba - 1] = true;
2736 30 : repl_val[Anum_pg_database_datdba - 1] = ObjectIdGetDatum(newOwnerId);
2737 :
2738 : /*
2739 : * Determine the modified ACL for the new owner. This is only
2740 : * necessary when the ACL is non-null.
2741 : */
2742 30 : aclDatum = heap_getattr(tuple,
2743 : Anum_pg_database_datacl,
2744 : RelationGetDescr(rel),
2745 : &isNull);
2746 30 : if (!isNull)
2747 : {
2748 0 : newAcl = aclnewowner(DatumGetAclP(aclDatum),
2749 : datForm->datdba, newOwnerId);
2750 0 : repl_repl[Anum_pg_database_datacl - 1] = true;
2751 0 : repl_val[Anum_pg_database_datacl - 1] = PointerGetDatum(newAcl);
2752 : }
2753 :
2754 30 : newtuple = heap_modify_tuple(tuple, RelationGetDescr(rel), repl_val, repl_null, repl_repl);
2755 30 : CatalogTupleUpdate(rel, &newtuple->t_self, newtuple);
2756 30 : UnlockTuple(rel, &tuple->t_self, InplaceUpdateTupleLock);
2757 :
2758 30 : heap_freetuple(newtuple);
2759 :
2760 : /* Update owner dependency reference */
2761 30 : changeDependencyOnOwner(DatabaseRelationId, db_id, newOwnerId);
2762 : }
2763 :
2764 90 : InvokeObjectPostAlterHook(DatabaseRelationId, db_id, 0);
2765 :
2766 90 : ObjectAddressSet(address, DatabaseRelationId, db_id);
2767 :
2768 90 : systable_endscan(scan);
2769 :
2770 : /* Close pg_database, but keep lock till commit */
2771 90 : table_close(rel, NoLock);
2772 :
2773 90 : return address;
2774 : }
2775 :
2776 :
2777 : Datum
2778 98 : pg_database_collation_actual_version(PG_FUNCTION_ARGS)
2779 : {
2780 98 : Oid dbid = PG_GETARG_OID(0);
2781 : HeapTuple tp;
2782 : char datlocprovider;
2783 : Datum datum;
2784 : char *version;
2785 :
2786 98 : tp = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(dbid));
2787 98 : if (!HeapTupleIsValid(tp))
2788 0 : ereport(ERROR,
2789 : (errcode(ERRCODE_UNDEFINED_OBJECT),
2790 : errmsg("database with OID %u does not exist", dbid)));
2791 :
2792 98 : datlocprovider = ((Form_pg_database) GETSTRUCT(tp))->datlocprovider;
2793 :
2794 98 : if (datlocprovider == COLLPROVIDER_LIBC)
2795 84 : datum = SysCacheGetAttrNotNull(DATABASEOID, tp, Anum_pg_database_datcollate);
2796 : else
2797 14 : datum = SysCacheGetAttrNotNull(DATABASEOID, tp, Anum_pg_database_datlocale);
2798 :
2799 98 : version = get_collation_actual_version(datlocprovider,
2800 98 : TextDatumGetCString(datum));
2801 :
2802 98 : ReleaseSysCache(tp);
2803 :
2804 98 : if (version)
2805 70 : PG_RETURN_TEXT_P(cstring_to_text(version));
2806 : else
2807 28 : PG_RETURN_NULL();
2808 : }
2809 :
2810 :
2811 : /*
2812 : * Helper functions
2813 : */
2814 :
2815 : /*
2816 : * Look up info about the database named "name". If the database exists,
2817 : * obtain the specified lock type on it, fill in any of the remaining
2818 : * parameters that aren't NULL, and return true. If no such database,
2819 : * return false.
2820 : */
2821 : static bool
2822 966 : get_db_info(const char *name, LOCKMODE lockmode,
2823 : Oid *dbIdP, Oid *ownerIdP,
2824 : int *encodingP, bool *dbIsTemplateP, bool *dbAllowConnP, bool *dbHasLoginEvtP,
2825 : TransactionId *dbFrozenXidP, MultiXactId *dbMinMultiP,
2826 : Oid *dbTablespace, char **dbCollate, char **dbCtype, char **dbLocale,
2827 : char **dbIcurules,
2828 : char *dbLocProvider,
2829 : char **dbCollversion)
2830 : {
2831 966 : bool result = false;
2832 : Relation relation;
2833 :
2834 : Assert(name);
2835 :
2836 : /* Caller may wish to grab a better lock on pg_database beforehand... */
2837 966 : relation = table_open(DatabaseRelationId, AccessShareLock);
2838 :
2839 : /*
2840 : * Loop covers the rare case where the database is renamed before we can
2841 : * lock it. We try again just in case we can find a new one of the same
2842 : * name.
2843 : */
2844 : for (;;)
2845 0 : {
2846 : ScanKeyData scanKey;
2847 : SysScanDesc scan;
2848 : HeapTuple tuple;
2849 : Oid dbOid;
2850 :
2851 : /*
2852 : * there's no syscache for database-indexed-by-name, so must do it the
2853 : * hard way
2854 : */
2855 966 : ScanKeyInit(&scanKey,
2856 : Anum_pg_database_datname,
2857 : BTEqualStrategyNumber, F_NAMEEQ,
2858 : CStringGetDatum(name));
2859 :
2860 966 : scan = systable_beginscan(relation, DatabaseNameIndexId, true,
2861 : NULL, 1, &scanKey);
2862 :
2863 966 : tuple = systable_getnext(scan);
2864 :
2865 966 : if (!HeapTupleIsValid(tuple))
2866 : {
2867 : /* definitely no database of that name */
2868 32 : systable_endscan(scan);
2869 32 : break;
2870 : }
2871 :
2872 934 : dbOid = ((Form_pg_database) GETSTRUCT(tuple))->oid;
2873 :
2874 934 : systable_endscan(scan);
2875 :
2876 : /*
2877 : * Now that we have a database OID, we can try to lock the DB.
2878 : */
2879 934 : if (lockmode != NoLock)
2880 934 : LockSharedObject(DatabaseRelationId, dbOid, 0, lockmode);
2881 :
2882 : /*
2883 : * And now, re-fetch the tuple by OID. If it's still there and still
2884 : * the same name, we win; else, drop the lock and loop back to try
2885 : * again.
2886 : */
2887 934 : tuple = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(dbOid));
2888 934 : if (HeapTupleIsValid(tuple))
2889 : {
2890 934 : Form_pg_database dbform = (Form_pg_database) GETSTRUCT(tuple);
2891 :
2892 934 : if (strcmp(name, NameStr(dbform->datname)) == 0)
2893 : {
2894 : Datum datum;
2895 : bool isnull;
2896 :
2897 : /* oid of the database */
2898 934 : if (dbIdP)
2899 934 : *dbIdP = dbOid;
2900 : /* oid of the owner */
2901 934 : if (ownerIdP)
2902 804 : *ownerIdP = dbform->datdba;
2903 : /* character encoding */
2904 934 : if (encodingP)
2905 804 : *encodingP = dbform->encoding;
2906 : /* allowed as template? */
2907 934 : if (dbIsTemplateP)
2908 900 : *dbIsTemplateP = dbform->datistemplate;
2909 : /* Has on login event trigger? */
2910 934 : if (dbHasLoginEvtP)
2911 804 : *dbHasLoginEvtP = dbform->dathasloginevt;
2912 : /* allowing connections? */
2913 934 : if (dbAllowConnP)
2914 804 : *dbAllowConnP = dbform->datallowconn;
2915 : /* limit of frozen XIDs */
2916 934 : if (dbFrozenXidP)
2917 804 : *dbFrozenXidP = dbform->datfrozenxid;
2918 : /* minimum MultiXactId */
2919 934 : if (dbMinMultiP)
2920 804 : *dbMinMultiP = dbform->datminmxid;
2921 : /* default tablespace for this database */
2922 934 : if (dbTablespace)
2923 826 : *dbTablespace = dbform->dattablespace;
2924 : /* default locale settings for this database */
2925 934 : if (dbLocProvider)
2926 804 : *dbLocProvider = dbform->datlocprovider;
2927 934 : if (dbCollate)
2928 : {
2929 804 : datum = SysCacheGetAttrNotNull(DATABASEOID, tuple, Anum_pg_database_datcollate);
2930 804 : *dbCollate = TextDatumGetCString(datum);
2931 : }
2932 934 : if (dbCtype)
2933 : {
2934 804 : datum = SysCacheGetAttrNotNull(DATABASEOID, tuple, Anum_pg_database_datctype);
2935 804 : *dbCtype = TextDatumGetCString(datum);
2936 : }
2937 934 : if (dbLocale)
2938 : {
2939 804 : datum = SysCacheGetAttr(DATABASEOID, tuple, Anum_pg_database_datlocale, &isnull);
2940 804 : if (isnull)
2941 746 : *dbLocale = NULL;
2942 : else
2943 58 : *dbLocale = TextDatumGetCString(datum);
2944 : }
2945 934 : if (dbIcurules)
2946 : {
2947 804 : datum = SysCacheGetAttr(DATABASEOID, tuple, Anum_pg_database_daticurules, &isnull);
2948 804 : if (isnull)
2949 804 : *dbIcurules = NULL;
2950 : else
2951 0 : *dbIcurules = TextDatumGetCString(datum);
2952 : }
2953 934 : if (dbCollversion)
2954 : {
2955 804 : datum = SysCacheGetAttr(DATABASEOID, tuple, Anum_pg_database_datcollversion, &isnull);
2956 804 : if (isnull)
2957 488 : *dbCollversion = NULL;
2958 : else
2959 316 : *dbCollversion = TextDatumGetCString(datum);
2960 : }
2961 934 : ReleaseSysCache(tuple);
2962 934 : result = true;
2963 934 : break;
2964 : }
2965 : /* can only get here if it was just renamed */
2966 0 : ReleaseSysCache(tuple);
2967 : }
2968 :
2969 0 : if (lockmode != NoLock)
2970 0 : UnlockSharedObject(DatabaseRelationId, dbOid, 0, lockmode);
2971 : }
2972 :
2973 966 : table_close(relation, AccessShareLock);
2974 :
2975 966 : return result;
2976 : }
2977 :
2978 : /* Check if current user has createdb privileges */
2979 : bool
2980 882 : have_createdb_privilege(void)
2981 : {
2982 882 : bool result = false;
2983 : HeapTuple utup;
2984 :
2985 : /* Superusers can always do everything */
2986 882 : if (superuser())
2987 846 : return true;
2988 :
2989 36 : utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetUserId()));
2990 36 : if (HeapTupleIsValid(utup))
2991 : {
2992 36 : result = ((Form_pg_authid) GETSTRUCT(utup))->rolcreatedb;
2993 36 : ReleaseSysCache(utup);
2994 : }
2995 36 : return result;
2996 : }
2997 :
2998 : /*
2999 : * Remove tablespace directories
3000 : *
3001 : * We don't know what tablespaces db_id is using, so iterate through all
3002 : * tablespaces removing <tablespace>/db_id
3003 : */
3004 : static void
3005 98 : remove_dbtablespaces(Oid db_id)
3006 : {
3007 : Relation rel;
3008 : TableScanDesc scan;
3009 : HeapTuple tuple;
3010 98 : List *ltblspc = NIL;
3011 : ListCell *cell;
3012 : int ntblspc;
3013 : int i;
3014 : Oid *tablespace_ids;
3015 :
3016 98 : rel = table_open(TableSpaceRelationId, AccessShareLock);
3017 98 : scan = table_beginscan_catalog(rel, 0, NULL);
3018 360 : while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
3019 : {
3020 262 : Form_pg_tablespace spcform = (Form_pg_tablespace) GETSTRUCT(tuple);
3021 262 : Oid dsttablespace = spcform->oid;
3022 : char *dstpath;
3023 : struct stat st;
3024 :
3025 : /* Don't mess with the global tablespace */
3026 262 : if (dsttablespace == GLOBALTABLESPACE_OID)
3027 164 : continue;
3028 :
3029 164 : dstpath = GetDatabasePath(db_id, dsttablespace);
3030 :
3031 164 : if (lstat(dstpath, &st) < 0 || !S_ISDIR(st.st_mode))
3032 : {
3033 : /* Assume we can ignore it */
3034 66 : pfree(dstpath);
3035 66 : continue;
3036 : }
3037 :
3038 98 : if (!rmtree(dstpath, true))
3039 0 : ereport(WARNING,
3040 : (errmsg("some useless files may be left behind in old database directory \"%s\"",
3041 : dstpath)));
3042 :
3043 98 : ltblspc = lappend_oid(ltblspc, dsttablespace);
3044 98 : pfree(dstpath);
3045 : }
3046 :
3047 98 : ntblspc = list_length(ltblspc);
3048 98 : if (ntblspc == 0)
3049 : {
3050 0 : table_endscan(scan);
3051 0 : table_close(rel, AccessShareLock);
3052 0 : return;
3053 : }
3054 :
3055 98 : tablespace_ids = (Oid *) palloc(ntblspc * sizeof(Oid));
3056 98 : i = 0;
3057 196 : foreach(cell, ltblspc)
3058 98 : tablespace_ids[i++] = lfirst_oid(cell);
3059 :
3060 : /* Record the filesystem change in XLOG */
3061 : {
3062 : xl_dbase_drop_rec xlrec;
3063 :
3064 98 : xlrec.db_id = db_id;
3065 98 : xlrec.ntablespaces = ntblspc;
3066 :
3067 98 : XLogBeginInsert();
3068 98 : XLogRegisterData(&xlrec, MinSizeOfDbaseDropRec);
3069 98 : XLogRegisterData(tablespace_ids, ntblspc * sizeof(Oid));
3070 :
3071 98 : (void) XLogInsert(RM_DBASE_ID,
3072 : XLOG_DBASE_DROP | XLR_SPECIAL_REL_UPDATE);
3073 : }
3074 :
3075 98 : list_free(ltblspc);
3076 98 : pfree(tablespace_ids);
3077 :
3078 98 : table_endscan(scan);
3079 98 : table_close(rel, AccessShareLock);
3080 : }
3081 :
3082 : /*
3083 : * Check for existing files that conflict with a proposed new DB OID;
3084 : * return true if there are any
3085 : *
3086 : * If there were a subdirectory in any tablespace matching the proposed new
3087 : * OID, we'd get a create failure due to the duplicate name ... and then we'd
3088 : * try to remove that already-existing subdirectory during the cleanup in
3089 : * remove_dbtablespaces. Nuking existing files seems like a bad idea, so
3090 : * instead we make this extra check before settling on the OID of the new
3091 : * database. This exactly parallels what GetNewRelFileNumber() does for table
3092 : * relfilenumber values.
3093 : */
3094 : static bool
3095 778 : check_db_file_conflict(Oid db_id)
3096 : {
3097 778 : bool result = false;
3098 : Relation rel;
3099 : TableScanDesc scan;
3100 : HeapTuple tuple;
3101 :
3102 778 : rel = table_open(TableSpaceRelationId, AccessShareLock);
3103 778 : scan = table_beginscan_catalog(rel, 0, NULL);
3104 2474 : while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
3105 : {
3106 1696 : Form_pg_tablespace spcform = (Form_pg_tablespace) GETSTRUCT(tuple);
3107 1696 : Oid dsttablespace = spcform->oid;
3108 : char *dstpath;
3109 : struct stat st;
3110 :
3111 : /* Don't mess with the global tablespace */
3112 1696 : if (dsttablespace == GLOBALTABLESPACE_OID)
3113 778 : continue;
3114 :
3115 918 : dstpath = GetDatabasePath(db_id, dsttablespace);
3116 :
3117 918 : if (lstat(dstpath, &st) == 0)
3118 : {
3119 : /* Found a conflicting file (or directory, whatever) */
3120 0 : pfree(dstpath);
3121 0 : result = true;
3122 0 : break;
3123 : }
3124 :
3125 918 : pfree(dstpath);
3126 : }
3127 :
3128 778 : table_endscan(scan);
3129 778 : table_close(rel, AccessShareLock);
3130 :
3131 778 : return result;
3132 : }
3133 :
3134 : /*
3135 : * Issue a suitable errdetail message for a busy database
3136 : */
3137 : static int
3138 0 : errdetail_busy_db(int notherbackends, int npreparedxacts)
3139 : {
3140 0 : if (notherbackends > 0 && npreparedxacts > 0)
3141 :
3142 : /*
3143 : * We don't deal with singular versus plural here, since gettext
3144 : * doesn't support multiple plurals in one string.
3145 : */
3146 0 : errdetail("There are %d other session(s) and %d prepared transaction(s) using the database.",
3147 : notherbackends, npreparedxacts);
3148 0 : else if (notherbackends > 0)
3149 0 : errdetail_plural("There is %d other session using the database.",
3150 : "There are %d other sessions using the database.",
3151 : notherbackends,
3152 : notherbackends);
3153 : else
3154 0 : errdetail_plural("There is %d prepared transaction using the database.",
3155 : "There are %d prepared transactions using the database.",
3156 : npreparedxacts,
3157 : npreparedxacts);
3158 0 : return 0; /* just to keep ereport macro happy */
3159 : }
3160 :
3161 : /*
3162 : * get_database_oid - given a database name, look up the OID
3163 : *
3164 : * If missing_ok is false, throw an error if database name not found. If
3165 : * true, just return InvalidOid.
3166 : */
3167 : Oid
3168 3050 : get_database_oid(const char *dbname, bool missing_ok)
3169 : {
3170 : Relation pg_database;
3171 : ScanKeyData entry[1];
3172 : SysScanDesc scan;
3173 : HeapTuple dbtuple;
3174 : Oid oid;
3175 :
3176 : /*
3177 : * There's no syscache for pg_database indexed by name, so we must look
3178 : * the hard way.
3179 : */
3180 3050 : pg_database = table_open(DatabaseRelationId, AccessShareLock);
3181 3050 : ScanKeyInit(&entry[0],
3182 : Anum_pg_database_datname,
3183 : BTEqualStrategyNumber, F_NAMEEQ,
3184 : CStringGetDatum(dbname));
3185 3050 : scan = systable_beginscan(pg_database, DatabaseNameIndexId, true,
3186 : NULL, 1, entry);
3187 :
3188 3050 : dbtuple = systable_getnext(scan);
3189 :
3190 : /* We assume that there can be at most one matching tuple */
3191 3050 : if (HeapTupleIsValid(dbtuple))
3192 2224 : oid = ((Form_pg_database) GETSTRUCT(dbtuple))->oid;
3193 : else
3194 826 : oid = InvalidOid;
3195 :
3196 3050 : systable_endscan(scan);
3197 3050 : table_close(pg_database, AccessShareLock);
3198 :
3199 3050 : if (!OidIsValid(oid) && !missing_ok)
3200 6 : ereport(ERROR,
3201 : (errcode(ERRCODE_UNDEFINED_DATABASE),
3202 : errmsg("database \"%s\" does not exist",
3203 : dbname)));
3204 :
3205 3044 : return oid;
3206 : }
3207 :
3208 :
3209 : /*
3210 : * While dropping a database the pg_database row is marked invalid, but the
3211 : * catalog contents still exist. Connections to such a database are not
3212 : * allowed.
3213 : */
3214 : bool
3215 59478 : database_is_invalid_form(Form_pg_database datform)
3216 : {
3217 59478 : return datform->datconnlimit == DATCONNLIMIT_INVALID_DB;
3218 : }
3219 :
3220 :
3221 : /*
3222 : * Convenience wrapper around database_is_invalid_form()
3223 : */
3224 : bool
3225 804 : database_is_invalid_oid(Oid dboid)
3226 : {
3227 : HeapTuple dbtup;
3228 : Form_pg_database dbform;
3229 : bool invalid;
3230 :
3231 804 : dbtup = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(dboid));
3232 804 : if (!HeapTupleIsValid(dbtup))
3233 0 : elog(ERROR, "cache lookup failed for database %u", dboid);
3234 804 : dbform = (Form_pg_database) GETSTRUCT(dbtup);
3235 :
3236 804 : invalid = database_is_invalid_form(dbform);
3237 :
3238 804 : ReleaseSysCache(dbtup);
3239 :
3240 804 : return invalid;
3241 : }
3242 :
3243 :
3244 : /*
3245 : * recovery_create_dbdir()
3246 : *
3247 : * During recovery, there's a case where we validly need to recover a missing
3248 : * tablespace directory so that recovery can continue. This happens when
3249 : * recovery wants to create a database but the holding tablespace has been
3250 : * removed before the server stopped. Since we expect that the directory will
3251 : * be gone before reaching recovery consistency, and we have no knowledge about
3252 : * the tablespace other than its OID here, we create a real directory under
3253 : * pg_tblspc here instead of restoring the symlink.
3254 : *
3255 : * If only_tblspc is true, then the requested directory must be in pg_tblspc/
3256 : */
3257 : static void
3258 46 : recovery_create_dbdir(char *path, bool only_tblspc)
3259 : {
3260 : struct stat st;
3261 :
3262 : Assert(RecoveryInProgress());
3263 :
3264 46 : if (stat(path, &st) == 0)
3265 46 : return;
3266 :
3267 0 : if (only_tblspc && strstr(path, PG_TBLSPC_DIR_SLASH) == NULL)
3268 0 : elog(PANIC, "requested to created invalid directory: %s", path);
3269 :
3270 0 : if (reachedConsistency && !allow_in_place_tablespaces)
3271 0 : ereport(PANIC,
3272 : errmsg("missing directory \"%s\"", path));
3273 :
3274 0 : elog(reachedConsistency ? WARNING : DEBUG1,
3275 : "creating missing directory: %s", path);
3276 :
3277 0 : if (pg_mkdir_p(path, pg_dir_create_mode) != 0)
3278 0 : ereport(PANIC,
3279 : errmsg("could not create missing directory \"%s\": %m", path));
3280 : }
3281 :
3282 :
3283 : /*
3284 : * DATABASE resource manager's routines
3285 : */
3286 : void
3287 84 : dbase_redo(XLogReaderState *record)
3288 : {
3289 84 : uint8 info = XLogRecGetInfo(record) & ~XLR_INFO_MASK;
3290 :
3291 : /* Backup blocks are not used in dbase records */
3292 : Assert(!XLogRecHasAnyBlockRefs(record));
3293 :
3294 84 : if (info == XLOG_DBASE_CREATE_FILE_COPY)
3295 : {
3296 10 : xl_dbase_create_file_copy_rec *xlrec =
3297 10 : (xl_dbase_create_file_copy_rec *) XLogRecGetData(record);
3298 : char *src_path;
3299 : char *dst_path;
3300 : char *parent_path;
3301 : struct stat st;
3302 :
3303 10 : src_path = GetDatabasePath(xlrec->src_db_id, xlrec->src_tablespace_id);
3304 10 : dst_path = GetDatabasePath(xlrec->db_id, xlrec->tablespace_id);
3305 :
3306 : /*
3307 : * Our theory for replaying a CREATE is to forcibly drop the target
3308 : * subdirectory if present, then re-copy the source data. This may be
3309 : * more work than needed, but it is simple to implement.
3310 : */
3311 10 : if (stat(dst_path, &st) == 0 && S_ISDIR(st.st_mode))
3312 : {
3313 0 : if (!rmtree(dst_path, true))
3314 : /* If this failed, copydir() below is going to error. */
3315 0 : ereport(WARNING,
3316 : (errmsg("some useless files may be left behind in old database directory \"%s\"",
3317 : dst_path)));
3318 : }
3319 :
3320 : /*
3321 : * If the parent of the target path doesn't exist, create it now. This
3322 : * enables us to create the target underneath later.
3323 : */
3324 10 : parent_path = pstrdup(dst_path);
3325 10 : get_parent_directory(parent_path);
3326 10 : if (stat(parent_path, &st) < 0)
3327 : {
3328 0 : if (errno != ENOENT)
3329 0 : ereport(FATAL,
3330 : errmsg("could not stat directory \"%s\": %m",
3331 : dst_path));
3332 :
3333 : /* create the parent directory if needed and valid */
3334 0 : recovery_create_dbdir(parent_path, true);
3335 : }
3336 10 : pfree(parent_path);
3337 :
3338 : /*
3339 : * There's a case where the copy source directory is missing for the
3340 : * same reason above. Create the empty source directory so that
3341 : * copydir below doesn't fail. The directory will be dropped soon by
3342 : * recovery.
3343 : */
3344 10 : if (stat(src_path, &st) < 0 && errno == ENOENT)
3345 0 : recovery_create_dbdir(src_path, false);
3346 :
3347 : /*
3348 : * Force dirty buffers out to disk, to ensure source database is
3349 : * up-to-date for the copy.
3350 : */
3351 10 : FlushDatabaseBuffers(xlrec->src_db_id);
3352 :
3353 : /* Close all smgr fds in all backends. */
3354 10 : WaitForProcSignalBarrier(EmitProcSignalBarrier(PROCSIGNAL_BARRIER_SMGRRELEASE));
3355 :
3356 : /*
3357 : * Copy this subdirectory to the new location
3358 : *
3359 : * We don't need to copy subdirectories
3360 : */
3361 10 : copydir(src_path, dst_path, false);
3362 :
3363 10 : pfree(src_path);
3364 10 : pfree(dst_path);
3365 : }
3366 74 : else if (info == XLOG_DBASE_CREATE_WAL_LOG)
3367 : {
3368 46 : xl_dbase_create_wal_log_rec *xlrec =
3369 46 : (xl_dbase_create_wal_log_rec *) XLogRecGetData(record);
3370 : char *dbpath;
3371 : char *parent_path;
3372 :
3373 46 : dbpath = GetDatabasePath(xlrec->db_id, xlrec->tablespace_id);
3374 :
3375 : /* create the parent directory if needed and valid */
3376 46 : parent_path = pstrdup(dbpath);
3377 46 : get_parent_directory(parent_path);
3378 46 : recovery_create_dbdir(parent_path, true);
3379 46 : pfree(parent_path);
3380 :
3381 : /* Create the database directory with the version file. */
3382 46 : CreateDirAndVersionFile(dbpath, xlrec->db_id, xlrec->tablespace_id,
3383 : true);
3384 46 : pfree(dbpath);
3385 : }
3386 28 : else if (info == XLOG_DBASE_DROP)
3387 : {
3388 28 : xl_dbase_drop_rec *xlrec = (xl_dbase_drop_rec *) XLogRecGetData(record);
3389 : char *dst_path;
3390 : int i;
3391 :
3392 28 : if (InHotStandby)
3393 : {
3394 : /*
3395 : * Lock database while we resolve conflicts to ensure that
3396 : * InitPostgres() cannot fully re-execute concurrently. This
3397 : * avoids backends re-connecting automatically to same database,
3398 : * which can happen in some cases.
3399 : *
3400 : * This will lock out walsenders trying to connect to db-specific
3401 : * slots for logical decoding too, so it's safe for us to drop
3402 : * slots.
3403 : */
3404 28 : LockSharedObjectForSession(DatabaseRelationId, xlrec->db_id, 0, AccessExclusiveLock);
3405 28 : ResolveRecoveryConflictWithDatabase(xlrec->db_id);
3406 : }
3407 :
3408 : /* Drop any database-specific replication slots */
3409 28 : ReplicationSlotsDropDBSlots(xlrec->db_id);
3410 :
3411 : /* Drop pages for this database that are in the shared buffer cache */
3412 28 : DropDatabaseBuffers(xlrec->db_id);
3413 :
3414 : /* Also, clean out any fsync requests that might be pending in md.c */
3415 28 : ForgetDatabaseSyncRequests(xlrec->db_id);
3416 :
3417 : /* Clean out the xlog relcache too */
3418 28 : XLogDropDatabase(xlrec->db_id);
3419 :
3420 : /* Close all smgr fds in all backends. */
3421 28 : WaitForProcSignalBarrier(EmitProcSignalBarrier(PROCSIGNAL_BARRIER_SMGRRELEASE));
3422 :
3423 56 : for (i = 0; i < xlrec->ntablespaces; i++)
3424 : {
3425 28 : dst_path = GetDatabasePath(xlrec->db_id, xlrec->tablespace_ids[i]);
3426 :
3427 : /* And remove the physical files */
3428 28 : if (!rmtree(dst_path, true))
3429 0 : ereport(WARNING,
3430 : (errmsg("some useless files may be left behind in old database directory \"%s\"",
3431 : dst_path)));
3432 28 : pfree(dst_path);
3433 : }
3434 :
3435 28 : if (InHotStandby)
3436 : {
3437 : /*
3438 : * Release locks prior to commit. XXX There is a race condition
3439 : * here that may allow backends to reconnect, but the window for
3440 : * this is small because the gap between here and commit is mostly
3441 : * fairly small and it is unlikely that people will be dropping
3442 : * databases that we are trying to connect to anyway.
3443 : */
3444 28 : UnlockSharedObjectForSession(DatabaseRelationId, xlrec->db_id, 0, AccessExclusiveLock);
3445 : }
3446 : }
3447 : else
3448 0 : elog(PANIC, "dbase_redo: unknown op code %u", info);
3449 84 : }
|
