1 /*-------------------------------------------------------------------------
2 *
3 * catalog.c
4 * routines concerned with catalog naming conventions and other
5 * bits of hard-wired knowledge
6 *
7 *
8 * Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
9 * Portions Copyright (c) 1994, Regents of the University of California
10 *
11 *
12 * IDENTIFICATION
13 * src/backend/catalog/catalog.c
14 *
15 *-------------------------------------------------------------------------
16 */
17
18 #include "postgres.h"
19
20 #include <fcntl.h>
21 #include <unistd.h>
22
23 #include "access/genam.h"
24 #include "access/sysattr.h"
25 #include "access/transam.h"
26 #include "catalog/catalog.h"
27 #include "catalog/indexing.h"
28 #include "catalog/namespace.h"
29 #include "catalog/pg_auth_members.h"
30 #include "catalog/pg_authid.h"
31 #include "catalog/pg_database.h"
32 #include "catalog/pg_namespace.h"
33 #include "catalog/pg_pltemplate.h"
34 #include "catalog/pg_db_role_setting.h"
35 #include "catalog/pg_replication_origin.h"
36 #include "catalog/pg_shdepend.h"
37 #include "catalog/pg_shdescription.h"
38 #include "catalog/pg_shseclabel.h"
39 #include "catalog/pg_subscription.h"
40 #include "catalog/pg_tablespace.h"
41 #include "catalog/pg_type.h"
42 #include "catalog/toasting.h"
43 #include "miscadmin.h"
44 #include "storage/fd.h"
45 #include "utils/fmgroids.h"
46 #include "utils/rel.h"
47 #include "utils/tqual.h"
48
49
50 /*
51 * IsSystemRelation
52 * True iff the relation is either a system catalog or toast table.
53 * By a system catalog, we mean one that created in the pg_catalog schema
54 * during initdb. User-created relations in pg_catalog don't count as
55 * system catalogs.
56 *
57 * NB: TOAST relations are considered system relations by this test
58 * for compatibility with the old IsSystemRelationName function.
59 * This is appropriate in many places but not all. Where it's not,
60 * also check IsToastRelation or use IsCatalogRelation().
61 */
62 bool
IsSystemRelation(Relation relation)63 IsSystemRelation(Relation relation)
64 {
65 return IsSystemClass(RelationGetRelid(relation), relation->rd_rel);
66 }
67
68 /*
69 * IsSystemClass
70 * Like the above, but takes a Form_pg_class as argument.
71 * Used when we do not want to open the relation and have to
72 * search pg_class directly.
73 */
74 bool
IsSystemClass(Oid relid,Form_pg_class reltuple)75 IsSystemClass(Oid relid, Form_pg_class reltuple)
76 {
77 return IsToastClass(reltuple) || IsCatalogClass(relid, reltuple);
78 }
79
80 /*
81 * IsCatalogRelation
82 * True iff the relation is a system catalog, or the toast table for
83 * a system catalog. By a system catalog, we mean one that created
84 * in the pg_catalog schema during initdb. As with IsSystemRelation(),
85 * user-created relations in pg_catalog don't count as system catalogs.
86 *
87 * Note that IsSystemRelation() returns true for ALL toast relations,
88 * but this function returns true only for toast relations of system
89 * catalogs.
90 */
91 bool
IsCatalogRelation(Relation relation)92 IsCatalogRelation(Relation relation)
93 {
94 return IsCatalogClass(RelationGetRelid(relation), relation->rd_rel);
95 }
96
97 /*
98 * IsCatalogClass
99 * True iff the relation is a system catalog relation.
100 *
101 * Check IsCatalogRelation() for details.
102 */
103 bool
IsCatalogClass(Oid relid,Form_pg_class reltuple)104 IsCatalogClass(Oid relid, Form_pg_class reltuple)
105 {
106 Oid relnamespace = reltuple->relnamespace;
107
108 /*
109 * Never consider relations outside pg_catalog/pg_toast to be catalog
110 * relations.
111 */
112 if (!IsSystemNamespace(relnamespace) && !IsToastNamespace(relnamespace))
113 return false;
114
115 /* ----
116 * Check whether the oid was assigned during initdb, when creating the
117 * initial template database. Minus the relations in information_schema
118 * excluded above, these are integral part of the system.
119 * We could instead check whether the relation is pinned in pg_depend, but
120 * this is noticeably cheaper and doesn't require catalog access.
121 *
122 * This test is safe since even an oid wraparound will preserve this
123 * property (cf. GetNewObjectId()) and it has the advantage that it works
124 * correctly even if a user decides to create a relation in the pg_catalog
125 * namespace.
126 * ----
127 */
128 return relid < FirstNormalObjectId;
129 }
130
131 /*
132 * IsToastRelation
133 * True iff relation is a TOAST support relation (or index).
134 */
135 bool
IsToastRelation(Relation relation)136 IsToastRelation(Relation relation)
137 {
138 return IsToastNamespace(RelationGetNamespace(relation));
139 }
140
141 /*
142 * IsToastClass
143 * Like the above, but takes a Form_pg_class as argument.
144 * Used when we do not want to open the relation and have to
145 * search pg_class directly.
146 */
147 bool
IsToastClass(Form_pg_class reltuple)148 IsToastClass(Form_pg_class reltuple)
149 {
150 Oid relnamespace = reltuple->relnamespace;
151
152 return IsToastNamespace(relnamespace);
153 }
154
155 /*
156 * IsSystemNamespace
157 * True iff namespace is pg_catalog.
158 *
159 * NOTE: the reason this isn't a macro is to avoid having to include
160 * catalog/pg_namespace.h in a lot of places.
161 */
162 bool
IsSystemNamespace(Oid namespaceId)163 IsSystemNamespace(Oid namespaceId)
164 {
165 return namespaceId == PG_CATALOG_NAMESPACE;
166 }
167
168 /*
169 * IsToastNamespace
170 * True iff namespace is pg_toast or my temporary-toast-table namespace.
171 *
172 * Note: this will return false for temporary-toast-table namespaces belonging
173 * to other backends. Those are treated the same as other backends' regular
174 * temp table namespaces, and access is prevented where appropriate.
175 */
176 bool
IsToastNamespace(Oid namespaceId)177 IsToastNamespace(Oid namespaceId)
178 {
179 return (namespaceId == PG_TOAST_NAMESPACE) ||
180 isTempToastNamespace(namespaceId);
181 }
182
183
184 /*
185 * IsReservedName
186 * True iff name starts with the pg_ prefix.
187 *
188 * For some classes of objects, the prefix pg_ is reserved for
189 * system objects only. As of 8.0, this was only true for
190 * schema and tablespace names. With 9.6, this is also true
191 * for roles.
192 */
193 bool
IsReservedName(const char * name)194 IsReservedName(const char *name)
195 {
196 /* ugly coding for speed */
197 return (name[0] == 'p' &&
198 name[1] == 'g' &&
199 name[2] == '_');
200 }
201
202
203 /*
204 * IsSharedRelation
205 * Given the OID of a relation, determine whether it's supposed to be
206 * shared across an entire database cluster.
207 *
208 * In older releases, this had to be hard-wired so that we could compute the
209 * locktag for a relation and lock it before examining its catalog entry.
210 * Since we now have MVCC catalog access, the race conditions that made that
211 * a hard requirement are gone, so we could look at relaxing this restriction.
212 * However, if we scanned the pg_class entry to find relisshared, and only
213 * then locked the relation, pg_class could get updated in the meantime,
214 * forcing us to scan the relation again, which would definitely be complex
215 * and might have undesirable performance consequences. Fortunately, the set
216 * of shared relations is fairly static, so a hand-maintained list of their
217 * OIDs isn't completely impractical.
218 */
219 bool
IsSharedRelation(Oid relationId)220 IsSharedRelation(Oid relationId)
221 {
222 /* These are the shared catalogs (look for BKI_SHARED_RELATION) */
223 if (relationId == AuthIdRelationId ||
224 relationId == AuthMemRelationId ||
225 relationId == DatabaseRelationId ||
226 relationId == PLTemplateRelationId ||
227 relationId == SharedDescriptionRelationId ||
228 relationId == SharedDependRelationId ||
229 relationId == SharedSecLabelRelationId ||
230 relationId == TableSpaceRelationId ||
231 relationId == DbRoleSettingRelationId ||
232 relationId == ReplicationOriginRelationId ||
233 relationId == SubscriptionRelationId)
234 return true;
235 /* These are their indexes (see indexing.h) */
236 if (relationId == AuthIdRolnameIndexId ||
237 relationId == AuthIdOidIndexId ||
238 relationId == AuthMemRoleMemIndexId ||
239 relationId == AuthMemMemRoleIndexId ||
240 relationId == DatabaseNameIndexId ||
241 relationId == DatabaseOidIndexId ||
242 relationId == PLTemplateNameIndexId ||
243 relationId == SharedDescriptionObjIndexId ||
244 relationId == SharedDependDependerIndexId ||
245 relationId == SharedDependReferenceIndexId ||
246 relationId == SharedSecLabelObjectIndexId ||
247 relationId == TablespaceOidIndexId ||
248 relationId == TablespaceNameIndexId ||
249 relationId == DbRoleSettingDatidRolidIndexId ||
250 relationId == ReplicationOriginIdentIndex ||
251 relationId == ReplicationOriginNameIndex ||
252 relationId == SubscriptionObjectIndexId ||
253 relationId == SubscriptionNameIndexId)
254 return true;
255 /* These are their toast tables and toast indexes (see toasting.h) */
256 if (relationId == PgShdescriptionToastTable ||
257 relationId == PgShdescriptionToastIndex ||
258 relationId == PgDbRoleSettingToastTable ||
259 relationId == PgDbRoleSettingToastIndex ||
260 relationId == PgShseclabelToastTable ||
261 relationId == PgShseclabelToastIndex)
262 return true;
263 return false;
264 }
265
266
267 /*
268 * GetNewOid
269 * Generate a new OID that is unique within the given relation.
270 *
271 * Caller must have a suitable lock on the relation.
272 *
273 * Uniqueness is promised only if the relation has a unique index on OID.
274 * This is true for all system catalogs that have OIDs, but might not be
275 * true for user tables. Note that we are effectively assuming that the
276 * table has a relatively small number of entries (much less than 2^32)
277 * and there aren't very long runs of consecutive existing OIDs. Again,
278 * this is reasonable for system catalogs but less so for user tables.
279 *
280 * Since the OID is not immediately inserted into the table, there is a
281 * race condition here; but a problem could occur only if someone else
282 * managed to cycle through 2^32 OIDs and generate the same OID before we
283 * finish inserting our row. This seems unlikely to be a problem. Note
284 * that if we had to *commit* the row to end the race condition, the risk
285 * would be rather higher; therefore we use SnapshotAny in the test, so that
286 * we will see uncommitted rows. (We used to use SnapshotDirty, but that has
287 * the disadvantage that it ignores recently-deleted rows, creating a risk
288 * of transient conflicts for as long as our own MVCC snapshots think a
289 * recently-deleted row is live. The risk is far higher when selecting TOAST
290 * OIDs, because SnapshotToast considers dead rows as active indefinitely.)
291 */
292 Oid
GetNewOid(Relation relation)293 GetNewOid(Relation relation)
294 {
295 Oid oidIndex;
296
297 /* If relation doesn't have OIDs at all, caller is confused */
298 Assert(relation->rd_rel->relhasoids);
299
300 /* In bootstrap mode, we don't have any indexes to use */
301 if (IsBootstrapProcessingMode())
302 return GetNewObjectId();
303
304 /* The relcache will cache the identity of the OID index for us */
305 oidIndex = RelationGetOidIndex(relation);
306
307 /* If no OID index, just hand back the next OID counter value */
308 if (!OidIsValid(oidIndex))
309 {
310 /*
311 * System catalogs that have OIDs should *always* have a unique OID
312 * index; we should only take this path for user tables. Give a
313 * warning if it looks like somebody forgot an index.
314 */
315 if (IsSystemRelation(relation))
316 elog(WARNING, "generating possibly-non-unique OID for \"%s\"",
317 RelationGetRelationName(relation));
318
319 return GetNewObjectId();
320 }
321
322 /* Otherwise, use the index to find a nonconflicting OID */
323 return GetNewOidWithIndex(relation, oidIndex, ObjectIdAttributeNumber);
324 }
325
326 /*
327 * GetNewOidWithIndex
328 * Guts of GetNewOid: use the supplied index
329 *
330 * This is exported separately because there are cases where we want to use
331 * an index that will not be recognized by RelationGetOidIndex: TOAST tables
332 * have indexes that are usable, but have multiple columns and are on
333 * ordinary columns rather than a true OID column. This code will work
334 * anyway, so long as the OID is the index's first column. The caller must
335 * pass in the actual heap attnum of the OID column, however.
336 *
337 * Caller must have a suitable lock on the relation.
338 */
339 Oid
GetNewOidWithIndex(Relation relation,Oid indexId,AttrNumber oidcolumn)340 GetNewOidWithIndex(Relation relation, Oid indexId, AttrNumber oidcolumn)
341 {
342 Oid newOid;
343 SysScanDesc scan;
344 ScanKeyData key;
345 bool collides;
346
347 /*
348 * We should never be asked to generate a new pg_type OID during
349 * pg_upgrade; doing so would risk collisions with the OIDs it wants to
350 * assign. Hitting this assert means there's some path where we failed to
351 * ensure that a type OID is determined by commands in the dump script.
352 */
353 Assert(!IsBinaryUpgrade || RelationGetRelid(relation) != TypeRelationId);
354
355 /* Generate new OIDs until we find one not in the table */
356 do
357 {
358 CHECK_FOR_INTERRUPTS();
359
360 newOid = GetNewObjectId();
361
362 ScanKeyInit(&key,
363 oidcolumn,
364 BTEqualStrategyNumber, F_OIDEQ,
365 ObjectIdGetDatum(newOid));
366
367 /* see notes above about using SnapshotAny */
368 scan = systable_beginscan(relation, indexId, true,
369 SnapshotAny, 1, &key);
370
371 collides = HeapTupleIsValid(systable_getnext(scan));
372
373 systable_endscan(scan);
374 } while (collides);
375
376 return newOid;
377 }
378
379 /*
380 * GetNewRelFileNode
381 * Generate a new relfilenode number that is unique within the
382 * database of the given tablespace.
383 *
384 * If the relfilenode will also be used as the relation's OID, pass the
385 * opened pg_class catalog, and this routine will guarantee that the result
386 * is also an unused OID within pg_class. If the result is to be used only
387 * as a relfilenode for an existing relation, pass NULL for pg_class.
388 *
389 * As with GetNewOid, there is some theoretical risk of a race condition,
390 * but it doesn't seem worth worrying about.
391 *
392 * Note: we don't support using this in bootstrap mode. All relations
393 * created by bootstrap have preassigned OIDs, so there's no need.
394 */
395 Oid
GetNewRelFileNode(Oid reltablespace,Relation pg_class,char relpersistence)396 GetNewRelFileNode(Oid reltablespace, Relation pg_class, char relpersistence)
397 {
398 RelFileNodeBackend rnode;
399 char *rpath;
400 int fd;
401 bool collides;
402 BackendId backend;
403
404 /*
405 * If we ever get here during pg_upgrade, there's something wrong; all
406 * relfilenode assignments during a binary-upgrade run should be
407 * determined by commands in the dump script.
408 */
409 Assert(!IsBinaryUpgrade);
410
411 switch (relpersistence)
412 {
413 case RELPERSISTENCE_TEMP:
414 backend = BackendIdForTempRelations();
415 break;
416 case RELPERSISTENCE_UNLOGGED:
417 case RELPERSISTENCE_PERMANENT:
418 backend = InvalidBackendId;
419 break;
420 default:
421 elog(ERROR, "invalid relpersistence: %c", relpersistence);
422 return InvalidOid; /* placate compiler */
423 }
424
425 /* This logic should match RelationInitPhysicalAddr */
426 rnode.node.spcNode = reltablespace ? reltablespace : MyDatabaseTableSpace;
427 rnode.node.dbNode = (rnode.node.spcNode == GLOBALTABLESPACE_OID) ? InvalidOid : MyDatabaseId;
428
429 /*
430 * The relpath will vary based on the backend ID, so we must initialize
431 * that properly here to make sure that any collisions based on filename
432 * are properly detected.
433 */
434 rnode.backend = backend;
435
436 do
437 {
438 CHECK_FOR_INTERRUPTS();
439
440 /* Generate the OID */
441 if (pg_class)
442 rnode.node.relNode = GetNewOid(pg_class);
443 else
444 rnode.node.relNode = GetNewObjectId();
445
446 /* Check for existing file of same name */
447 rpath = relpath(rnode, MAIN_FORKNUM);
448 fd = BasicOpenFile(rpath, O_RDONLY | PG_BINARY);
449
450 if (fd >= 0)
451 {
452 /* definite collision */
453 close(fd);
454 collides = true;
455 }
456 else
457 {
458 /*
459 * Here we have a little bit of a dilemma: if errno is something
460 * other than ENOENT, should we declare a collision and loop? In
461 * particular one might think this advisable for, say, EPERM.
462 * However there really shouldn't be any unreadable files in a
463 * tablespace directory, and if the EPERM is actually complaining
464 * that we can't read the directory itself, we'd be in an infinite
465 * loop. In practice it seems best to go ahead regardless of the
466 * errno. If there is a colliding file we will get an smgr
467 * failure when we attempt to create the new relation file.
468 */
469 collides = false;
470 }
471
472 pfree(rpath);
473 } while (collides);
474
475 return rnode.node.relNode;
476 }
477