1 /*-------------------------------------------------------------------------
2 *
3 * catalog.c
4 * routines concerned with catalog naming conventions and other
5 * bits of hard-wired knowledge
6 *
7 *
8 * Portions Copyright (c) 1996-2016, PostgreSQL Global Development Group
9 * Portions Copyright (c) 1994, Regents of the University of California
10 *
11 *
12 * IDENTIFICATION
13 * src/backend/catalog/catalog.c
14 *
15 *-------------------------------------------------------------------------
16 */
17
18 #include "postgres.h"
19
20 #include <fcntl.h>
21 #include <unistd.h>
22
23 #include "access/genam.h"
24 #include "access/sysattr.h"
25 #include "access/transam.h"
26 #include "catalog/catalog.h"
27 #include "catalog/indexing.h"
28 #include "catalog/namespace.h"
29 #include "catalog/pg_auth_members.h"
30 #include "catalog/pg_authid.h"
31 #include "catalog/pg_database.h"
32 #include "catalog/pg_namespace.h"
33 #include "catalog/pg_pltemplate.h"
34 #include "catalog/pg_db_role_setting.h"
35 #include "catalog/pg_replication_origin.h"
36 #include "catalog/pg_shdepend.h"
37 #include "catalog/pg_shdescription.h"
38 #include "catalog/pg_shseclabel.h"
39 #include "catalog/pg_tablespace.h"
40 #include "catalog/pg_type.h"
41 #include "catalog/toasting.h"
42 #include "miscadmin.h"
43 #include "storage/fd.h"
44 #include "utils/fmgroids.h"
45 #include "utils/rel.h"
46 #include "utils/tqual.h"
47
48
49 /*
50 * IsSystemRelation
51 * True iff the relation is either a system catalog or toast table.
52 * By a system catalog, we mean one that created in the pg_catalog schema
53 * during initdb. User-created relations in pg_catalog don't count as
54 * system catalogs.
55 *
56 * NB: TOAST relations are considered system relations by this test
57 * for compatibility with the old IsSystemRelationName function.
58 * This is appropriate in many places but not all. Where it's not,
59 * also check IsToastRelation or use IsCatalogRelation().
60 */
61 bool
IsSystemRelation(Relation relation)62 IsSystemRelation(Relation relation)
63 {
64 return IsSystemClass(RelationGetRelid(relation), relation->rd_rel);
65 }
66
67 /*
68 * IsSystemClass
69 * Like the above, but takes a Form_pg_class as argument.
70 * Used when we do not want to open the relation and have to
71 * search pg_class directly.
72 */
73 bool
IsSystemClass(Oid relid,Form_pg_class reltuple)74 IsSystemClass(Oid relid, Form_pg_class reltuple)
75 {
76 return IsToastClass(reltuple) || IsCatalogClass(relid, reltuple);
77 }
78
79 /*
80 * IsCatalogRelation
81 * True iff the relation is a system catalog, or the toast table for
82 * a system catalog. By a system catalog, we mean one that created
83 * in the pg_catalog schema during initdb. As with IsSystemRelation(),
84 * user-created relations in pg_catalog don't count as system catalogs.
85 *
86 * Note that IsSystemRelation() returns true for ALL toast relations,
87 * but this function returns true only for toast relations of system
88 * catalogs.
89 */
90 bool
IsCatalogRelation(Relation relation)91 IsCatalogRelation(Relation relation)
92 {
93 return IsCatalogClass(RelationGetRelid(relation), relation->rd_rel);
94 }
95
96 /*
97 * IsCatalogClass
98 * True iff the relation is a system catalog relation.
99 *
100 * Check IsCatalogRelation() for details.
101 */
102 bool
IsCatalogClass(Oid relid,Form_pg_class reltuple)103 IsCatalogClass(Oid relid, Form_pg_class reltuple)
104 {
105 Oid relnamespace = reltuple->relnamespace;
106
107 /*
108 * Never consider relations outside pg_catalog/pg_toast to be catalog
109 * relations.
110 */
111 if (!IsSystemNamespace(relnamespace) && !IsToastNamespace(relnamespace))
112 return false;
113
114 /* ----
115 * Check whether the oid was assigned during initdb, when creating the
116 * initial template database. Minus the relations in information_schema
117 * excluded above, these are integral part of the system.
118 * We could instead check whether the relation is pinned in pg_depend, but
119 * this is noticeably cheaper and doesn't require catalog access.
120 *
121 * This test is safe since even an oid wraparound will preserve this
122 * property (c.f. GetNewObjectId()) and it has the advantage that it works
123 * correctly even if a user decides to create a relation in the pg_catalog
124 * namespace.
125 * ----
126 */
127 return relid < FirstNormalObjectId;
128 }
129
130 /*
131 * IsToastRelation
132 * True iff relation is a TOAST support relation (or index).
133 */
134 bool
IsToastRelation(Relation relation)135 IsToastRelation(Relation relation)
136 {
137 return IsToastNamespace(RelationGetNamespace(relation));
138 }
139
140 /*
141 * IsToastClass
142 * Like the above, but takes a Form_pg_class as argument.
143 * Used when we do not want to open the relation and have to
144 * search pg_class directly.
145 */
146 bool
IsToastClass(Form_pg_class reltuple)147 IsToastClass(Form_pg_class reltuple)
148 {
149 Oid relnamespace = reltuple->relnamespace;
150
151 return IsToastNamespace(relnamespace);
152 }
153
154 /*
155 * IsSystemNamespace
156 * True iff namespace is pg_catalog.
157 *
158 * NOTE: the reason this isn't a macro is to avoid having to include
159 * catalog/pg_namespace.h in a lot of places.
160 */
161 bool
IsSystemNamespace(Oid namespaceId)162 IsSystemNamespace(Oid namespaceId)
163 {
164 return namespaceId == PG_CATALOG_NAMESPACE;
165 }
166
167 /*
168 * IsToastNamespace
169 * True iff namespace is pg_toast or my temporary-toast-table namespace.
170 *
171 * Note: this will return false for temporary-toast-table namespaces belonging
172 * to other backends. Those are treated the same as other backends' regular
173 * temp table namespaces, and access is prevented where appropriate.
174 */
175 bool
IsToastNamespace(Oid namespaceId)176 IsToastNamespace(Oid namespaceId)
177 {
178 return (namespaceId == PG_TOAST_NAMESPACE) ||
179 isTempToastNamespace(namespaceId);
180 }
181
182
183 /*
184 * IsReservedName
185 * True iff name starts with the pg_ prefix.
186 *
187 * For some classes of objects, the prefix pg_ is reserved for
188 * system objects only. As of 8.0, this was only true for
189 * schema and tablespace names. With 9.6, this is also true
190 * for roles.
191 */
192 bool
IsReservedName(const char * name)193 IsReservedName(const char *name)
194 {
195 /* ugly coding for speed */
196 return (name[0] == 'p' &&
197 name[1] == 'g' &&
198 name[2] == '_');
199 }
200
201
202 /*
203 * IsSharedRelation
204 * Given the OID of a relation, determine whether it's supposed to be
205 * shared across an entire database cluster.
206 *
207 * In older releases, this had to be hard-wired so that we could compute the
208 * locktag for a relation and lock it before examining its catalog entry.
209 * Since we now have MVCC catalog access, the race conditions that made that
210 * a hard requirement are gone, so we could look at relaxing this restriction.
211 * However, if we scanned the pg_class entry to find relisshared, and only
212 * then locked the relation, pg_class could get updated in the meantime,
213 * forcing us to scan the relation again, which would definitely be complex
214 * and might have undesirable performance consequences. Fortunately, the set
215 * of shared relations is fairly static, so a hand-maintained list of their
216 * OIDs isn't completely impractical.
217 */
218 bool
IsSharedRelation(Oid relationId)219 IsSharedRelation(Oid relationId)
220 {
221 /* These are the shared catalogs (look for BKI_SHARED_RELATION) */
222 if (relationId == AuthIdRelationId ||
223 relationId == AuthMemRelationId ||
224 relationId == DatabaseRelationId ||
225 relationId == PLTemplateRelationId ||
226 relationId == SharedDescriptionRelationId ||
227 relationId == SharedDependRelationId ||
228 relationId == SharedSecLabelRelationId ||
229 relationId == TableSpaceRelationId ||
230 relationId == DbRoleSettingRelationId ||
231 relationId == ReplicationOriginRelationId)
232 return true;
233 /* These are their indexes (see indexing.h) */
234 if (relationId == AuthIdRolnameIndexId ||
235 relationId == AuthIdOidIndexId ||
236 relationId == AuthMemRoleMemIndexId ||
237 relationId == AuthMemMemRoleIndexId ||
238 relationId == DatabaseNameIndexId ||
239 relationId == DatabaseOidIndexId ||
240 relationId == PLTemplateNameIndexId ||
241 relationId == SharedDescriptionObjIndexId ||
242 relationId == SharedDependDependerIndexId ||
243 relationId == SharedDependReferenceIndexId ||
244 relationId == SharedSecLabelObjectIndexId ||
245 relationId == TablespaceOidIndexId ||
246 relationId == TablespaceNameIndexId ||
247 relationId == DbRoleSettingDatidRolidIndexId ||
248 relationId == ReplicationOriginIdentIndex ||
249 relationId == ReplicationOriginNameIndex)
250 return true;
251 /* These are their toast tables and toast indexes (see toasting.h) */
252 if (relationId == PgShdescriptionToastTable ||
253 relationId == PgShdescriptionToastIndex ||
254 relationId == PgDbRoleSettingToastTable ||
255 relationId == PgDbRoleSettingToastIndex ||
256 relationId == PgShseclabelToastTable ||
257 relationId == PgShseclabelToastIndex)
258 return true;
259 return false;
260 }
261
262
263 /*
264 * GetNewOid
265 * Generate a new OID that is unique within the given relation.
266 *
267 * Caller must have a suitable lock on the relation.
268 *
269 * Uniqueness is promised only if the relation has a unique index on OID.
270 * This is true for all system catalogs that have OIDs, but might not be
271 * true for user tables. Note that we are effectively assuming that the
272 * table has a relatively small number of entries (much less than 2^32)
273 * and there aren't very long runs of consecutive existing OIDs. Again,
274 * this is reasonable for system catalogs but less so for user tables.
275 *
276 * Since the OID is not immediately inserted into the table, there is a
277 * race condition here; but a problem could occur only if someone else
278 * managed to cycle through 2^32 OIDs and generate the same OID before we
279 * finish inserting our row. This seems unlikely to be a problem. Note
280 * that if we had to *commit* the row to end the race condition, the risk
281 * would be rather higher; therefore we use SnapshotAny in the test, so that
282 * we will see uncommitted rows. (We used to use SnapshotDirty, but that has
283 * the disadvantage that it ignores recently-deleted rows, creating a risk
284 * of transient conflicts for as long as our own MVCC snapshots think a
285 * recently-deleted row is live. The risk is far higher when selecting TOAST
286 * OIDs, because SnapshotToast considers dead rows as active indefinitely.)
287 */
288 Oid
GetNewOid(Relation relation)289 GetNewOid(Relation relation)
290 {
291 Oid oidIndex;
292
293 /* If relation doesn't have OIDs at all, caller is confused */
294 Assert(relation->rd_rel->relhasoids);
295
296 /* In bootstrap mode, we don't have any indexes to use */
297 if (IsBootstrapProcessingMode())
298 return GetNewObjectId();
299
300 /* The relcache will cache the identity of the OID index for us */
301 oidIndex = RelationGetOidIndex(relation);
302
303 /* If no OID index, just hand back the next OID counter value */
304 if (!OidIsValid(oidIndex))
305 {
306 /*
307 * System catalogs that have OIDs should *always* have a unique OID
308 * index; we should only take this path for user tables. Give a
309 * warning if it looks like somebody forgot an index.
310 */
311 if (IsSystemRelation(relation))
312 elog(WARNING, "generating possibly-non-unique OID for \"%s\"",
313 RelationGetRelationName(relation));
314
315 return GetNewObjectId();
316 }
317
318 /* Otherwise, use the index to find a nonconflicting OID */
319 return GetNewOidWithIndex(relation, oidIndex, ObjectIdAttributeNumber);
320 }
321
322 /*
323 * GetNewOidWithIndex
324 * Guts of GetNewOid: use the supplied index
325 *
326 * This is exported separately because there are cases where we want to use
327 * an index that will not be recognized by RelationGetOidIndex: TOAST tables
328 * have indexes that are usable, but have multiple columns and are on
329 * ordinary columns rather than a true OID column. This code will work
330 * anyway, so long as the OID is the index's first column. The caller must
331 * pass in the actual heap attnum of the OID column, however.
332 *
333 * Caller must have a suitable lock on the relation.
334 */
335 Oid
GetNewOidWithIndex(Relation relation,Oid indexId,AttrNumber oidcolumn)336 GetNewOidWithIndex(Relation relation, Oid indexId, AttrNumber oidcolumn)
337 {
338 Oid newOid;
339 SysScanDesc scan;
340 ScanKeyData key;
341 bool collides;
342
343 /*
344 * We should never be asked to generate a new pg_type OID during
345 * pg_upgrade; doing so would risk collisions with the OIDs it wants to
346 * assign. Hitting this assert means there's some path where we failed to
347 * ensure that a type OID is determined by commands in the dump script.
348 */
349 Assert(!IsBinaryUpgrade || RelationGetRelid(relation) != TypeRelationId);
350
351 /* Generate new OIDs until we find one not in the table */
352 do
353 {
354 CHECK_FOR_INTERRUPTS();
355
356 newOid = GetNewObjectId();
357
358 ScanKeyInit(&key,
359 oidcolumn,
360 BTEqualStrategyNumber, F_OIDEQ,
361 ObjectIdGetDatum(newOid));
362
363 /* see notes above about using SnapshotAny */
364 scan = systable_beginscan(relation, indexId, true,
365 SnapshotAny, 1, &key);
366
367 collides = HeapTupleIsValid(systable_getnext(scan));
368
369 systable_endscan(scan);
370 } while (collides);
371
372 return newOid;
373 }
374
375 /*
376 * GetNewRelFileNode
377 * Generate a new relfilenode number that is unique within the
378 * database of the given tablespace.
379 *
380 * If the relfilenode will also be used as the relation's OID, pass the
381 * opened pg_class catalog, and this routine will guarantee that the result
382 * is also an unused OID within pg_class. If the result is to be used only
383 * as a relfilenode for an existing relation, pass NULL for pg_class.
384 *
385 * As with GetNewOid, there is some theoretical risk of a race condition,
386 * but it doesn't seem worth worrying about.
387 *
388 * Note: we don't support using this in bootstrap mode. All relations
389 * created by bootstrap have preassigned OIDs, so there's no need.
390 */
391 Oid
GetNewRelFileNode(Oid reltablespace,Relation pg_class,char relpersistence)392 GetNewRelFileNode(Oid reltablespace, Relation pg_class, char relpersistence)
393 {
394 RelFileNodeBackend rnode;
395 char *rpath;
396 int fd;
397 bool collides;
398 BackendId backend;
399
400 /*
401 * If we ever get here during pg_upgrade, there's something wrong; all
402 * relfilenode assignments during a binary-upgrade run should be
403 * determined by commands in the dump script.
404 */
405 Assert(!IsBinaryUpgrade);
406
407 switch (relpersistence)
408 {
409 case RELPERSISTENCE_TEMP:
410 backend = BackendIdForTempRelations();
411 break;
412 case RELPERSISTENCE_UNLOGGED:
413 case RELPERSISTENCE_PERMANENT:
414 backend = InvalidBackendId;
415 break;
416 default:
417 elog(ERROR, "invalid relpersistence: %c", relpersistence);
418 return InvalidOid; /* placate compiler */
419 }
420
421 /* This logic should match RelationInitPhysicalAddr */
422 rnode.node.spcNode = reltablespace ? reltablespace : MyDatabaseTableSpace;
423 rnode.node.dbNode = (rnode.node.spcNode == GLOBALTABLESPACE_OID) ? InvalidOid : MyDatabaseId;
424
425 /*
426 * The relpath will vary based on the backend ID, so we must initialize
427 * that properly here to make sure that any collisions based on filename
428 * are properly detected.
429 */
430 rnode.backend = backend;
431
432 do
433 {
434 CHECK_FOR_INTERRUPTS();
435
436 /* Generate the OID */
437 if (pg_class)
438 rnode.node.relNode = GetNewOid(pg_class);
439 else
440 rnode.node.relNode = GetNewObjectId();
441
442 /* Check for existing file of same name */
443 rpath = relpath(rnode, MAIN_FORKNUM);
444 fd = BasicOpenFile(rpath, O_RDONLY | PG_BINARY, 0);
445
446 if (fd >= 0)
447 {
448 /* definite collision */
449 close(fd);
450 collides = true;
451 }
452 else
453 {
454 /*
455 * Here we have a little bit of a dilemma: if errno is something
456 * other than ENOENT, should we declare a collision and loop? In
457 * particular one might think this advisable for, say, EPERM.
458 * However there really shouldn't be any unreadable files in a
459 * tablespace directory, and if the EPERM is actually complaining
460 * that we can't read the directory itself, we'd be in an infinite
461 * loop. In practice it seems best to go ahead regardless of the
462 * errno. If there is a colliding file we will get an smgr
463 * failure when we attempt to create the new relation file.
464 */
465 collides = false;
466 }
467
468 pfree(rpath);
469 } while (collides);
470
471 return rnode.node.relNode;
472 }
473