/*
* Executes an ALTER OBJECT / OWNER TO statement. Based on the object
* type, the function appropriate to that type is executed.
*/
void
ExecAlterOwnerStmt(AlterOwnerStmt *stmt)
{
Oid newowner = get_roleid_checked(stmt->newowner);
switch (stmt->objectType)
{
case OBJECT_AGGREGATE:
AlterAggregateOwner(stmt->object,
(TypeName *) linitial(stmt->objarg),
newowner);
break;
case OBJECT_CONVERSION:
AlterConversionOwner(stmt->object, newowner);
break;
case OBJECT_DATABASE:
AlterDatabaseOwner((char *) linitial(stmt->object), newowner);
break;
case OBJECT_FUNCTION:
AlterFunctionOwner(stmt->object, stmt->objarg, newowner);
break;
case OBJECT_OPERATOR:
AlterOperatorOwner(stmt->object,
(TypeName *) linitial(stmt->objarg),
(TypeName *) lsecond(stmt->objarg),
newowner);
break;
case OBJECT_OPCLASS:
AlterOpClassOwner(stmt->object, stmt->addname, newowner);
break;
case OBJECT_SCHEMA:
AlterSchemaOwner((char *) linitial(stmt->object), newowner);
break;
case OBJECT_TABLESPACE:
AlterTableSpaceOwner((char *) linitial(stmt->object), newowner);
break;
case OBJECT_TYPE:
case OBJECT_DOMAIN: /* same as TYPE */
AlterTypeOwner(stmt->object, newowner);
break;
default:
elog(ERROR, "unrecognized AlterOwnerStmt type: %d",
(int) stmt->objectType);
}
}
/*
* CREATE SCHEMA
*/
void
CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString)
{
const char *schemaName = stmt->schemaname;
const char *authId = stmt->authid;
const bool istemp = stmt->istemp;
Oid namespaceId = 0;
List *parsetree_list;
ListCell *parsetree_item;
Oid owner_uid;
Oid saved_uid;
AclResult aclresult;
bool saved_secdefcxt;
/* bool shouldDispatch = (Gp_role == GP_ROLE_DISPATCH &&
!IsBootstrapProcessingMode());*/
GetUserIdAndContext(&saved_uid, &saved_secdefcxt);
/*
* Who is supposed to own the new schema?
*/
if (authId)
owner_uid = get_roleid_checked(authId);
else
owner_uid = saved_uid;
/*
* If we are creating a temporary schema then we can skip a
* bunch of checks that we would otherwise make.
*/
if (istemp)
{
/*
* CDB: Delete old temp schema.
*
* Remove any vestigages of old temporary schema, if any. This can
* happen when an old session crashes and doesn't run normal session
* shutdown.
*
* In postgres they try to reuse existing schemas in this case,
* however that does not work well for us since the schemas may exist
* on a segment by segment basis and we want to keep them syncronized
* on oid. The best way of dealing with this is to just delete the
* old schemas.
*/
RemoveSchema_internal(schemaName, DROP_CASCADE, true, true);
}
else
{
/*
* To create a schema, must have schema-create privilege on the current
* database and must be able to become the target role (this does not
* imply that the target role itself must have create-schema privilege).
* The latter provision guards against "giveaway" attacks. Note that a
* superuser will always have both of these privileges a fortiori.
*/
aclresult = pg_database_aclcheck(MyDatabaseId, saved_uid, ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, ACL_KIND_DATABASE,
get_database_name(MyDatabaseId));
check_is_member_of_role(saved_uid, owner_uid);
/* Additional check to protect reserved schema names */
if (!allowSystemTableModsDDL &&
(IsReservedName(schemaName) || strcmp(schemaName, "madlib") == 0))
{
ereport(ERROR,
(errcode(ERRCODE_RESERVED_NAME),
errmsg("unacceptable schema name \"%s\"", schemaName),
errdetail("The prefix \"%s\" is reserved for system schemas.",
GetReservedPrefix(schemaName))));
}
}
/*
* If the requested authorization is different from the current user,
* temporarily set the current user so that the object(s) will be created
* with the correct ownership.
*
* (The setting will be restored at the end of this routine, or in case
* of error, transaction abort will clean things up.)
*/
if (saved_uid != owner_uid)
SetUserIdAndContext(owner_uid, true);
/*
* in hawq, should be only called on master except
* UPGRADE model.
*/
Assert(gp_upgrade_mode || (Gp_role != GP_ROLE_EXECUTE));
/* Create the schema's namespace */
namespaceId = NamespaceCreate(schemaName, owner_uid, 0);
/* MPP-6929: metadata tracking */
if (Gp_role == GP_ROLE_DISPATCH && !istemp)
MetaTrackAddObject(NamespaceRelationId,
namespaceId,
saved_uid,
"CREATE", "SCHEMA"
);
/* Advance cmd counter to make the namespace visible */
CommandCounterIncrement();
/* If this is the temporary namespace we must mark it specially */
if (istemp)
SetTempNamespace(namespaceId);
/*
* Temporarily make the new namespace be the front of the search path, as
* well as the default creation target namespace. This will be undone at
* the end of this routine, or upon error.
*/
PushSpecialNamespace(namespaceId);
/*
* Examine the list of commands embedded in the CREATE SCHEMA command, and
* reorganize them into a sequentially executable order with no forward
* references. Note that the result is still a list of raw parsetrees in
* need of parse analysis --- we cannot, in general, run analyze.c on one
* statement until we have actually executed the prior ones.
*/
parsetree_list = analyzeCreateSchemaStmt(stmt);
/*
* Analyze and execute each command contained in the CREATE SCHEMA
*/
foreach(parsetree_item, parsetree_list)
{
Node *parsetree = (Node *) lfirst(parsetree_item);
List *querytree_list;
ListCell *querytree_item;
querytree_list = parse_analyze(parsetree, NULL, NULL, 0);
foreach(querytree_item, querytree_list)
{
Query *querytree = (Query *) lfirst(querytree_item);
/* schemas should contain only utility stmts */
Assert(querytree->commandType == CMD_UTILITY);
/* do this step */
ProcessUtility(querytree->utilityStmt,
queryString,
NULL,
false, /* not top level */
None_Receiver,
NULL);
/* make sure later steps can see the object created here */
CommandCounterIncrement();
}
/*
* CREATE SCHEMA
*/
void
CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString)
{
const char *schemaName = stmt->schemaname;
const char *authId = stmt->authid;
Oid namespaceId;
OverrideSearchPath *overridePath;
List *parsetree_list;
ListCell *parsetree_item;
Oid owner_uid;
Oid saved_uid;
int save_sec_context;
AclResult aclresult;
bool shouldDispatch = (Gp_role == GP_ROLE_DISPATCH &&
!IsBootstrapProcessingMode());
/*
* GPDB: Creation of temporary namespaces is a special case. This statement
* is dispatched by the dispatcher node the first time a temporary table is
* created. It bypasses all the normal checks and logic of schema creation,
* and is routed to the internal routine for creating temporary namespaces,
* instead.
*/
if (stmt->istemp)
{
Assert(Gp_role == GP_ROLE_EXECUTE);
Assert(stmt->schemaname == InvalidOid);
Assert(stmt->authid == NULL);
Assert(stmt->schemaElts == NIL);
Assert(stmt->schemaOid != InvalidOid);
Assert(stmt->toastSchemaOid != InvalidOid);
InitTempTableNamespaceWithOids(stmt->schemaOid,
stmt->toastSchemaOid);
return;
}
GetUserIdAndSecContext(&saved_uid, &save_sec_context);
/*
* Who is supposed to own the new schema?
*/
if (authId)
owner_uid = get_roleid_checked(authId);
else
owner_uid = saved_uid;
/*
* To create a schema, must have schema-create privilege on the current
* database and must be able to become the target role (this does not
* imply that the target role itself must have create-schema privilege).
* The latter provision guards against "giveaway" attacks. Note that a
* superuser will always have both of these privileges a fortiori.
*/
aclresult = pg_database_aclcheck(MyDatabaseId, saved_uid, ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, ACL_KIND_DATABASE,
get_database_name(MyDatabaseId));
check_is_member_of_role(saved_uid, owner_uid);
/* Additional check to protect reserved schema names */
if (!allowSystemTableModsDDL && IsReservedName(schemaName))
{
ereport(ERROR,
(errcode(ERRCODE_RESERVED_NAME),
errmsg("unacceptable schema name \"%s\"", schemaName),
errdetail("The prefix \"%s\" is reserved for system schemas.",
GetReservedPrefix(schemaName))));
}
/*
* If the requested authorization is different from the current user,
* temporarily set the current user so that the object(s) will be created
* with the correct ownership.
*
* (The setting will be restored at the end of this routine, or in case
* of error, transaction abort will clean things up.)
*/
if (saved_uid != owner_uid)
SetUserIdAndSecContext(owner_uid,
save_sec_context | SECURITY_LOCAL_USERID_CHANGE);
/* Create the schema's namespace */
if (shouldDispatch || Gp_role != GP_ROLE_EXECUTE)
{
namespaceId = NamespaceCreate(schemaName, owner_uid, 0);
if (shouldDispatch)
{
elog(DEBUG5, "shouldDispatch = true, namespaceOid = %d", namespaceId);
Assert(stmt->schemaOid == 0);
stmt->schemaOid = namespaceId;
/*
* Dispatch the command to all primary and mirror segment dbs.
* Starts a global transaction and reconfigures cluster if needed.
* Waits for QEs to finish. Exits via ereport(ERROR,...) if error.
*/
CdbDispatchUtilityStatement((Node *) stmt,
DF_CANCEL_ON_ERROR |
DF_WITH_SNAPSHOT |
DF_NEED_TWO_PHASE,
NULL);
}
/* MPP-6929: metadata tracking */
if (Gp_role == GP_ROLE_DISPATCH)
MetaTrackAddObject(NamespaceRelationId,
namespaceId,
saved_uid,
"CREATE", "SCHEMA"
);
}
else
{
namespaceId = NamespaceCreate(schemaName, owner_uid, stmt->schemaOid);
}
/* Advance cmd counter to make the namespace visible */
CommandCounterIncrement();
/*
* Temporarily make the new namespace be the front of the search path, as
* well as the default creation target namespace. This will be undone at
* the end of this routine, or upon error.
*/
overridePath = GetOverrideSearchPath(CurrentMemoryContext);
overridePath->schemas = lcons_oid(namespaceId, overridePath->schemas);
/* XXX should we clear overridePath->useTemp? */
PushOverrideSearchPath(overridePath);
/*
* Examine the list of commands embedded in the CREATE SCHEMA command, and
* reorganize them into a sequentially executable order with no forward
* references. Note that the result is still a list of raw parsetrees ---
* we cannot, in general, run parse analysis on one statement until we
* have actually executed the prior ones.
*/
parsetree_list = transformCreateSchemaStmt(stmt);
/*
* Execute each command contained in the CREATE SCHEMA. Since the grammar
* allows only utility commands in CREATE SCHEMA, there is no need to pass
* them through parse_analyze() or the rewriter; we can just hand them
* straight to ProcessUtility.
*/
foreach(parsetree_item, parsetree_list)
{
Node *stmt = (Node *) lfirst(parsetree_item);
/* do this step */
ProcessUtility(stmt,
queryString,
NULL,
false, /* not top level */
None_Receiver,
NULL);
/* make sure later steps can see the object created here */
CommandCounterIncrement();
}
/*
* Executes an ALTER OBJECT / OWNER TO statement. Based on the object
* type, the function appropriate to that type is executed.
*/
void
ExecAlterOwnerStmt(AlterOwnerStmt *stmt)
{
Oid newowner = get_roleid_checked(stmt->newowner);
switch (stmt->objectType)
{
case OBJECT_AGGREGATE:
AlterAggregateOwner(stmt->object, stmt->objarg, newowner);
break;
case OBJECT_CONVERSION:
AlterConversionOwner(stmt->object, newowner);
break;
case OBJECT_DATABASE:
AlterDatabaseOwner(strVal(linitial(stmt->object)), newowner);
break;
case OBJECT_FUNCTION:
AlterFunctionOwner(stmt->object, stmt->objarg, newowner);
break;
case OBJECT_OPERATOR:
Assert(list_length(stmt->objarg) == 2);
AlterOperatorOwner(stmt->object,
(TypeName *) linitial(stmt->objarg),
(TypeName *) lsecond(stmt->objarg),
newowner);
break;
case OBJECT_OPCLASS:
AlterOpClassOwner(stmt->object, stmt->addname, newowner);
break;
case OBJECT_OPFAMILY:
AlterOpFamilyOwner(stmt->object, stmt->addname, newowner);
break;
case OBJECT_SCHEMA:
AlterSchemaOwner(strVal(linitial(stmt->object)), newowner);
break;
case OBJECT_TABLESPACE:
AlterTableSpaceOwner(strVal(linitial(stmt->object)), newowner);
break;
case OBJECT_FILESPACE:
AlterFileSpaceOwner(stmt->object, newowner);
break;
case OBJECT_TYPE:
case OBJECT_DOMAIN: /* same as TYPE */
AlterTypeOwner(stmt->object, newowner);
break;
case OBJECT_EXTPROTOCOL:
AlterExtProtocolOwner(strVal(linitial(stmt->object)), newowner);
break;
default:
elog(ERROR, "unrecognized AlterOwnerStmt type: %d",
(int) stmt->objectType);
}
if (Gp_role == GP_ROLE_DISPATCH)
{
CdbDispatchUtilityStatement((Node *) stmt, "ExecAlterOwnerStmt");
}
}
/*
* CREATE SCHEMA
*/
void
CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString)
{
const char *schemaName = stmt->schemaname;
const char *authId = stmt->authid;
Oid namespaceId;
OverrideSearchPath *overridePath;
List *parsetree_list;
ListCell *parsetree_item;
Oid owner_uid;
Oid saved_uid;
bool saved_secdefcxt;
AclResult aclresult;
GetUserIdAndContext(&saved_uid, &saved_secdefcxt);
/*
* Who is supposed to own the new schema?
*/
if (authId)
owner_uid = get_roleid_checked(authId);
else
owner_uid = saved_uid;
/*
* To create a schema, must have schema-create privilege on the current
* database and must be able to become the target role (this does not
* imply that the target role itself must have create-schema privilege).
* The latter provision guards against "giveaway" attacks. Note that a
* superuser will always have both of these privileges a fortiori.
*/
aclresult = pg_database_aclcheck(MyDatabaseId, saved_uid, ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, ACL_KIND_DATABASE,
get_database_name(MyDatabaseId));
check_is_member_of_role(saved_uid, owner_uid);
/* Additional check to protect reserved schema names */
if (!allowSystemTableMods && IsReservedName(schemaName))
ereport(ERROR,
(errcode(ERRCODE_RESERVED_NAME),
errmsg("unacceptable schema name \"%s\"", schemaName),
errdetail("The prefix \"pg_\" is reserved for system schemas.")));
/*
* If the requested authorization is different from the current user,
* temporarily set the current user so that the object(s) will be created
* with the correct ownership.
*
* (The setting will be restored at the end of this routine, or in case of
* error, transaction abort will clean things up.)
*/
if (saved_uid != owner_uid)
SetUserIdAndContext(owner_uid, true);
/* Create the schema's namespace */
namespaceId = NamespaceCreate(schemaName, owner_uid);
/* Advance cmd counter to make the namespace visible */
CommandCounterIncrement();
/*
* Temporarily make the new namespace be the front of the search path, as
* well as the default creation target namespace. This will be undone at
* the end of this routine, or upon error.
*/
overridePath = GetOverrideSearchPath(CurrentMemoryContext);
overridePath->schemas = lcons_oid(namespaceId, overridePath->schemas);
/* XXX should we clear overridePath->useTemp? */
PushOverrideSearchPath(overridePath);
/*
* Examine the list of commands embedded in the CREATE SCHEMA command, and
* reorganize them into a sequentially executable order with no forward
* references. Note that the result is still a list of raw parsetrees ---
* we cannot, in general, run parse analysis on one statement until we
* have actually executed the prior ones.
*/
parsetree_list = transformCreateSchemaStmt(stmt);
/*
* Execute each command contained in the CREATE SCHEMA. Since the grammar
* allows only utility commands in CREATE SCHEMA, there is no need to pass
* them through parse_analyze() or the rewriter; we can just hand them
* straight to ProcessUtility.
*/
foreach(parsetree_item, parsetree_list)
{
Node *stmt = (Node *) lfirst(parsetree_item);
/* do this step */
ProcessUtility(stmt,
queryString,
NULL,
false, /* not top level */
None_Receiver,
NULL);
/* make sure later steps can see the object created here */
CommandCounterIncrement();
}
/*
* Create a table space
*
* Only superusers can create a tablespace. This seems a reasonable restriction
* since we're determining the system layout and, anyway, we probably have
* root if we're doing this kind of activity
*/
void
CreateTableSpace(CreateTableSpaceStmt *stmt)
{
Relation rel;
Relation filespaceRel;
Datum values[Natts_pg_tablespace];
bool nulls[Natts_pg_tablespace];
HeapTuple tuple;
Oid tablespaceoid;
Oid filespaceoid;
Oid ownerId;
TablespaceDirNode tablespaceDirNode;
ItemPointerData persistentTid;
int64 persistentSerialNum;
cqContext cqc;
cqContext *pcqCtx;
/* Must be super user */
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to create tablespace \"%s\"",
stmt->tablespacename),
errhint("Must be superuser to create a tablespace.")));
/* However, the eventual owner of the tablespace need not be */
if (stmt->owner)
ownerId = get_roleid_checked(stmt->owner);
else
ownerId = GetUserId();
/*
* Disallow creation of tablespaces named "pg_xxx"; we reserve this
* namespace for system purposes.
*/
if (!allowSystemTableModsDDL && IsReservedName(stmt->tablespacename))
{
ereport(ERROR,
(errcode(ERRCODE_RESERVED_NAME),
errmsg("unacceptable tablespace name \"%s\"",
stmt->tablespacename),
errdetail("The prefix \"%s\" is reserved for system tablespaces.",
GetReservedPrefix(stmt->tablespacename))));
}
/*
* Check the specified filespace
*/
filespaceRel = heap_open(FileSpaceRelationId, RowShareLock);
filespaceoid = get_filespace_oid(filespaceRel, stmt->filespacename);
heap_close(filespaceRel, NoLock); /* hold lock until commit/abort */
if (!OidIsValid(filespaceoid))
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("filespace \"%s\" does not exist",
stmt->filespacename)));
/*
* Filespace pg_system is reserved for system use:
* - Used for pg_global and pg_default tablespaces only
*
* Directory layout is slightly different for the system filespace.
* Instead of having subdirectories for individual tablespaces instead
* the two system tablespaces have specific locations within it:
* pg_global : $PG_SYSTEM/global/relfilenode
* pg_default : $PG_SYSTEM/base/dboid/relfilenode
*
* In other words PG_SYSTEM points to the segments "datadir", or in
* postgres vocabulary $PGDATA.
*
*/
if (filespaceoid == SYSTEMFILESPACE_OID && !IsBootstrapProcessingMode())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to create tablespace \"%s\"",
stmt->tablespacename),
errhint("filespace %s is reserved for system use",
stmt->filespacename)));
/*
* Check that there is no other tablespace by this name. (The unique
* index would catch this anyway, but might as well give a friendlier
* message.)
*/
if (OidIsValid(get_tablespace_oid(stmt->tablespacename)))
ereport(ERROR,
(errcode(ERRCODE_DUPLICATE_OBJECT),
errmsg("tablespace \"%s\" already exists",
stmt->tablespacename)));
/*
* Insert tuple into pg_tablespace. The purpose of doing this first is to
* lock the proposed tablename against other would-be creators. The
* insertion will roll back if we find problems below.
*/
rel = heap_open(TableSpaceRelationId, RowExclusiveLock);
pcqCtx = caql_beginscan(
caql_addrel(cqclr(&cqc), rel),
cql("INSERT INTO pg_tablespace",
NULL));
MemSet(nulls, true, sizeof(nulls));
values[Anum_pg_tablespace_spcname - 1] =
DirectFunctionCall1(namein, CStringGetDatum(stmt->tablespacename));
values[Anum_pg_tablespace_spcowner - 1] =
ObjectIdGetDatum(ownerId);
values[Anum_pg_tablespace_spcfsoid - 1] =
ObjectIdGetDatum(filespaceoid);
nulls[Anum_pg_tablespace_spcname - 1] = false;
nulls[Anum_pg_tablespace_spcowner - 1] = false;
nulls[Anum_pg_tablespace_spcfsoid - 1] = false;
tuple = caql_form_tuple(pcqCtx, values, nulls);
/* Keep oids synchonized between master and segments */
if (OidIsValid(stmt->tsoid))
HeapTupleSetOid(tuple, stmt->tsoid);
tablespaceoid = caql_insert(pcqCtx, tuple);
/* and Update indexes (implicit) */
heap_freetuple(tuple);
/* We keep the lock on pg_tablespace until commit */
caql_endscan(pcqCtx);
heap_close(rel, NoLock);
/* Create the persistent directory for the tablespace */
tablespaceDirNode.tablespace = tablespaceoid;
tablespaceDirNode.filespace = filespaceoid;
MirroredFileSysObj_TransactionCreateTablespaceDir(
&tablespaceDirNode,
&persistentTid,
&persistentSerialNum);
/*
* Record dependency on owner
*
* We do not record the dependency on pg_filespace because we do not track
* dependencies between shared objects. Additionally the pg_tablespace
* table itself contains the foreign key back to pg_filespace and can be
* used to fulfill the same purpose that an entry in pg_shdepend would.
*/
recordDependencyOnOwner(TableSpaceRelationId, tablespaceoid, ownerId);
/*
* Create the PG_VERSION file in the target directory. This has several
* purposes: to make sure we can write in the directory, to prevent
* someone from creating another tablespace pointing at the same directory
* (the emptiness check above will fail), and to label tablespace
* directories by PG version.
*/
// set_short_version(sublocation);
if (Gp_role == GP_ROLE_DISPATCH)
{
stmt->tsoid = tablespaceoid;
CdbDispatchUtilityStatement((Node *) stmt,
DF_CANCEL_ON_ERROR|
DF_WITH_SNAPSHOT|
DF_NEED_TWO_PHASE,
NULL);
/* MPP-6929: metadata tracking */
MetaTrackAddObject(TableSpaceRelationId,
tablespaceoid,
GetUserId(),
"CREATE", "TABLESPACE"
);
}
/*
* Force synchronous commit, to minimize the window between creating the
* symlink on-disk and marking the transaction committed. It's not great
* that there is any window at all, but definitely we don't want to make
* it larger than necessary.
*/
ForceSyncCommit();
}
/*
* Create a table space
*
* Only superusers can create a tablespace. This seems a reasonable restriction
* since we're determining the system layout and, anyway, we probably have
* root if we're doing this kind of activity
*/
void
CreateTableSpace(CreateTableSpaceStmt *stmt)
{
#ifdef HAVE_SYMLINK
Relation rel;
Datum values[Natts_pg_tablespace];
char nulls[Natts_pg_tablespace];
HeapTuple tuple;
Oid tablespaceoid;
char *location;
char *linkloc;
Oid ownerId;
/* validate */
/* don't call this in a transaction block */
PreventTransactionChain((void *) stmt, "CREATE TABLESPACE");
/* Must be super user */
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to create tablespace \"%s\"",
stmt->tablespacename),
errhint("Must be superuser to create a tablespace.")));
/* However, the eventual owner of the tablespace need not be */
if (stmt->owner)
ownerId = get_roleid_checked(stmt->owner);
else
ownerId = GetUserId();
/* Unix-ify the offered path, and strip any trailing slashes */
location = pstrdup(stmt->location);
canonicalize_path(location);
/* disallow quotes, else CREATE DATABASE would be at risk */
if (strchr(location, '\''))
ereport(ERROR,
(errcode(ERRCODE_INVALID_NAME),
errmsg("tablespace location may not contain single quotes")));
/*
* Allowing relative paths seems risky
*
* this also helps us ensure that location is not empty or whitespace
*/
if (!is_absolute_path(location))
ereport(ERROR,
(errcode(ERRCODE_INVALID_OBJECT_DEFINITION),
errmsg("tablespace location must be an absolute path")));
/*
* Check that location isn't too long. Remember that we're going to append
* '/<dboid>/<relid>.<nnn>' (XXX but do we ever form the whole path
* explicitly? This may be overly conservative.)
*/
if (strlen(location) >= (MAXPGPATH - 1 - 10 - 1 - 10 - 1 - 10))
ereport(ERROR,
(errcode(ERRCODE_INVALID_OBJECT_DEFINITION),
errmsg("tablespace location \"%s\" is too long",
location)));
/*
* Disallow creation of tablespaces named "pg_xxx"; we reserve this
* namespace for system purposes.
*/
if (!allowSystemTableMods && IsReservedName(stmt->tablespacename))
ereport(ERROR,
(errcode(ERRCODE_RESERVED_NAME),
errmsg("unacceptable tablespace name \"%s\"",
stmt->tablespacename),
errdetail("The prefix \"pg_\" is reserved for system tablespaces.")));
/*
* Check that there is no other tablespace by this name. (The unique
* index would catch this anyway, but might as well give a friendlier
* message.)
*/
if (OidIsValid(get_tablespace_oid(stmt->tablespacename)))
ereport(ERROR,
(errcode(ERRCODE_DUPLICATE_OBJECT),
errmsg("tablespace \"%s\" already exists",
stmt->tablespacename)));
/*
* Insert tuple into pg_tablespace. The purpose of doing this first is to
* lock the proposed tablename against other would-be creators. The
* insertion will roll back if we find problems below.
*/
rel = heap_open(TableSpaceRelationId, RowExclusiveLock);
MemSet(nulls, ' ', Natts_pg_tablespace);
values[Anum_pg_tablespace_spcname - 1] =
DirectFunctionCall1(namein, CStringGetDatum(stmt->tablespacename));
values[Anum_pg_tablespace_spcowner - 1] =
ObjectIdGetDatum(ownerId);
values[Anum_pg_tablespace_spclocation - 1] =
DirectFunctionCall1(textin, CStringGetDatum(location));
nulls[Anum_pg_tablespace_spcacl - 1] = 'n';
tuple = heap_formtuple(rel->rd_att, values, nulls);
tablespaceoid = simple_heap_insert(rel, tuple);
CatalogUpdateIndexes(rel, tuple);
heap_freetuple(tuple);
/* Record dependency on owner */
recordDependencyOnOwner(TableSpaceRelationId, tablespaceoid, ownerId);
/*
* Attempt to coerce target directory to safe permissions. If this fails,
* it doesn't exist or has the wrong owner.
*/
if (chmod(location, 0700) != 0)
ereport(ERROR,
(errcode_for_file_access(),
errmsg("could not set permissions on directory \"%s\": %m",
location)));
/*
* Check the target directory is empty.
*/
if (!directory_is_empty(location))
ereport(ERROR,
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
errmsg("directory \"%s\" is not empty",
location)));
/*
* Create the PG_VERSION file in the target directory. This has several
* purposes: to make sure we can write in the directory, to prevent
* someone from creating another tablespace pointing at the same directory
* (the emptiness check above will fail), and to label tablespace
* directories by PG version.
*/
set_short_version(location);
/*
* All seems well, create the symlink
*/
linkloc = (char *) palloc(10 + 10 + 1);
sprintf(linkloc, "pg_tblspc/%u", tablespaceoid);
if (symlink(location, linkloc) < 0)
ereport(ERROR,
(errcode_for_file_access(),
errmsg("could not create symbolic link \"%s\": %m",
linkloc)));
/* Record the filesystem change in XLOG */
{
xl_tblspc_create_rec xlrec;
XLogRecData rdata[2];
xlrec.ts_id = tablespaceoid;
rdata[0].data = (char *) &xlrec;
rdata[0].len = offsetof(xl_tblspc_create_rec, ts_path);
rdata[0].buffer = InvalidBuffer;
rdata[0].next = &(rdata[1]);
rdata[1].data = (char *) location;
rdata[1].len = strlen(location) + 1;
rdata[1].buffer = InvalidBuffer;
rdata[1].next = NULL;
(void) XLogInsert(RM_TBLSPC_ID, XLOG_TBLSPC_CREATE, rdata);
}
pfree(linkloc);
pfree(location);
/* We keep the lock on pg_tablespace until commit */
heap_close(rel, NoLock);
#else /* !HAVE_SYMLINK */
ereport(ERROR,
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
errmsg("tablespaces are not supported on this platform")));
#endif /* HAVE_SYMLINK */
}
/*
* Create a table space
*
* Only superusers can create a tablespace. This seems a reasonable restriction
* since we're determining the system layout and, anyway, we probably have
* root if we're doing this kind of activity
*/
void
CreateTableSpace(CreateTableSpaceStmt *stmt)
{
#ifdef HAVE_SYMLINK
Relation rel;
Datum values[Natts_pg_tablespace];
bool nulls[Natts_pg_tablespace];
HeapTuple tuple;
Oid tablespaceoid;
char *location;
Oid ownerId;
/* Must be super user */
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to create tablespace \"%s\"",
stmt->tablespacename),
errhint("Must be superuser to create a tablespace.")));
/* However, the eventual owner of the tablespace need not be */
if (stmt->owner)
ownerId = get_roleid_checked(stmt->owner);
else
ownerId = GetUserId();
/* Unix-ify the offered path, and strip any trailing slashes */
location = pstrdup(stmt->location);
canonicalize_path(location);
/* disallow quotes, else CREATE DATABASE would be at risk */
if (strchr(location, '\''))
ereport(ERROR,
(errcode(ERRCODE_INVALID_NAME),
errmsg("tablespace location cannot contain single quotes")));
/*
* Allowing relative paths seems risky
*
* this also helps us ensure that location is not empty or whitespace
*/
if (!is_absolute_path(location))
ereport(ERROR,
(errcode(ERRCODE_INVALID_OBJECT_DEFINITION),
errmsg("tablespace location must be an absolute path")));
/*
* Check that location isn't too long. Remember that we're going to append
* 'PG_XXX/<dboid>/<relid>.<nnn>'. FYI, we never actually reference the
* whole path, but mkdir() uses the first two parts.
*/
if (strlen(location) + 1 + strlen(TABLESPACE_VERSION_DIRECTORY) + 1 +
OIDCHARS + 1 + OIDCHARS + 1 + OIDCHARS > MAXPGPATH)
ereport(ERROR,
(errcode(ERRCODE_INVALID_OBJECT_DEFINITION),
errmsg("tablespace location \"%s\" is too long",
location)));
/*
* Disallow creation of tablespaces named "pg_xxx"; we reserve this
* namespace for system purposes.
*/
if (!allowSystemTableMods && IsReservedName(stmt->tablespacename))
ereport(ERROR,
(errcode(ERRCODE_RESERVED_NAME),
errmsg("unacceptable tablespace name \"%s\"",
stmt->tablespacename),
errdetail("The prefix \"pg_\" is reserved for system tablespaces.")));
/*
* Check that there is no other tablespace by this name. (The unique
* index would catch this anyway, but might as well give a friendlier
* message.)
*/
if (OidIsValid(get_tablespace_oid(stmt->tablespacename)))
ereport(ERROR,
(errcode(ERRCODE_DUPLICATE_OBJECT),
errmsg("tablespace \"%s\" already exists",
stmt->tablespacename)));
/*
* Insert tuple into pg_tablespace. The purpose of doing this first is to
* lock the proposed tablename against other would-be creators. The
* insertion will roll back if we find problems below.
*/
rel = heap_open(TableSpaceRelationId, RowExclusiveLock);
MemSet(nulls, false, sizeof(nulls));
values[Anum_pg_tablespace_spcname - 1] =
DirectFunctionCall1(namein, CStringGetDatum(stmt->tablespacename));
values[Anum_pg_tablespace_spcowner - 1] =
ObjectIdGetDatum(ownerId);
values[Anum_pg_tablespace_spclocation - 1] =
CStringGetTextDatum(location);
nulls[Anum_pg_tablespace_spcacl - 1] = true;
nulls[Anum_pg_tablespace_spcoptions - 1] = true;
tuple = heap_form_tuple(rel->rd_att, values, nulls);
tablespaceoid = simple_heap_insert(rel, tuple);
CatalogUpdateIndexes(rel, tuple);
heap_freetuple(tuple);
/* Record dependency on owner */
recordDependencyOnOwner(TableSpaceRelationId, tablespaceoid, ownerId);
create_tablespace_directories(location, tablespaceoid);
/* Record the filesystem change in XLOG */
{
xl_tblspc_create_rec xlrec;
XLogRecData rdata[2];
xlrec.ts_id = tablespaceoid;
rdata[0].data = (char *) &xlrec;
rdata[0].len = offsetof(xl_tblspc_create_rec, ts_path);
rdata[0].buffer = InvalidBuffer;
rdata[0].next = &(rdata[1]);
rdata[1].data = (char *) location;
rdata[1].len = strlen(location) + 1;
rdata[1].buffer = InvalidBuffer;
rdata[1].next = NULL;
(void) XLogInsert(RM_TBLSPC_ID, XLOG_TBLSPC_CREATE, rdata);
}
/*
* Force synchronous commit, to minimize the window between creating the
* symlink on-disk and marking the transaction committed. It's not great
* that there is any window at all, but definitely we don't want to make
* it larger than necessary.
*/
ForceSyncCommit();
pfree(location);
/* We keep the lock on pg_tablespace until commit */
heap_close(rel, NoLock);
#else /* !HAVE_SYMLINK */
ereport(ERROR,
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
errmsg("tablespaces are not supported on this platform")));
#endif /* HAVE_SYMLINK */
}
