PostgreSQL Source Code  git master
variable.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * variable.c
4  * Routines for handling specialized SET variables.
5  *
6  *
7  * Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
8  * Portions Copyright (c) 1994, Regents of the University of California
9  *
10  *
11  * IDENTIFICATION
12  * src/backend/commands/variable.c
13  *
14  *-------------------------------------------------------------------------
15  */
16 
17 #include "postgres.h"
18 
19 #include <ctype.h>
20 
21 #include "access/htup_details.h"
22 #include "access/parallel.h"
23 #include "access/xact.h"
24 #include "access/xlog.h"
25 #include "access/xlogprefetcher.h"
26 #include "catalog/pg_authid.h"
27 #include "common/string.h"
28 #include "mb/pg_wchar.h"
29 #include "miscadmin.h"
30 #include "postmaster/postmaster.h"
31 #include "postmaster/syslogger.h"
32 #include "storage/bufmgr.h"
33 #include "utils/acl.h"
34 #include "utils/backend_status.h"
35 #include "utils/datetime.h"
36 #include "utils/fmgrprotos.h"
37 #include "utils/guc_hooks.h"
38 #include "utils/snapmgr.h"
39 #include "utils/syscache.h"
40 #include "utils/timestamp.h"
41 #include "utils/tzparser.h"
42 #include "utils/varlena.h"
43 
44 /*
45  * DATESTYLE
46  */
47 
48 /*
49  * check_datestyle: GUC check_hook for datestyle
50  */
51 bool
52 check_datestyle(char **newval, void **extra, GucSource source)
53 {
54  int newDateStyle = DateStyle;
55  int newDateOrder = DateOrder;
56  bool have_style = false;
57  bool have_order = false;
58  bool ok = true;
59  char *rawstring;
60  int *myextra;
61  char *result;
62  List *elemlist;
63  ListCell *l;
64 
65  /* Need a modifiable copy of string */
66  rawstring = pstrdup(*newval);
67 
68  /* Parse string into list of identifiers */
69  if (!SplitIdentifierString(rawstring, ',', &elemlist))
70  {
71  /* syntax error in list */
72  GUC_check_errdetail("List syntax is invalid.");
73  pfree(rawstring);
74  list_free(elemlist);
75  return false;
76  }
77 
78  foreach(l, elemlist)
79  {
80  char *tok = (char *) lfirst(l);
81 
82  /* Ugh. Somebody ought to write a table driven version -- mjl */
83 
84  if (pg_strcasecmp(tok, "ISO") == 0)
85  {
86  if (have_style && newDateStyle != USE_ISO_DATES)
87  ok = false; /* conflicting styles */
88  newDateStyle = USE_ISO_DATES;
89  have_style = true;
90  }
91  else if (pg_strcasecmp(tok, "SQL") == 0)
92  {
93  if (have_style && newDateStyle != USE_SQL_DATES)
94  ok = false; /* conflicting styles */
95  newDateStyle = USE_SQL_DATES;
96  have_style = true;
97  }
98  else if (pg_strncasecmp(tok, "POSTGRES", 8) == 0)
99  {
100  if (have_style && newDateStyle != USE_POSTGRES_DATES)
101  ok = false; /* conflicting styles */
102  newDateStyle = USE_POSTGRES_DATES;
103  have_style = true;
104  }
105  else if (pg_strcasecmp(tok, "GERMAN") == 0)
106  {
107  if (have_style && newDateStyle != USE_GERMAN_DATES)
108  ok = false; /* conflicting styles */
109  newDateStyle = USE_GERMAN_DATES;
110  have_style = true;
111  /* GERMAN also sets DMY, unless explicitly overridden */
112  if (!have_order)
113  newDateOrder = DATEORDER_DMY;
114  }
115  else if (pg_strcasecmp(tok, "YMD") == 0)
116  {
117  if (have_order && newDateOrder != DATEORDER_YMD)
118  ok = false; /* conflicting orders */
119  newDateOrder = DATEORDER_YMD;
120  have_order = true;
121  }
122  else if (pg_strcasecmp(tok, "DMY") == 0 ||
123  pg_strncasecmp(tok, "EURO", 4) == 0)
124  {
125  if (have_order && newDateOrder != DATEORDER_DMY)
126  ok = false; /* conflicting orders */
127  newDateOrder = DATEORDER_DMY;
128  have_order = true;
129  }
130  else if (pg_strcasecmp(tok, "MDY") == 0 ||
131  pg_strcasecmp(tok, "US") == 0 ||
132  pg_strncasecmp(tok, "NONEURO", 7) == 0)
133  {
134  if (have_order && newDateOrder != DATEORDER_MDY)
135  ok = false; /* conflicting orders */
136  newDateOrder = DATEORDER_MDY;
137  have_order = true;
138  }
139  else if (pg_strcasecmp(tok, "DEFAULT") == 0)
140  {
141  /*
142  * Easiest way to get the current DEFAULT state is to fetch the
143  * DEFAULT string from guc.c and recursively parse it.
144  *
145  * We can't simply "return check_datestyle(...)" because we need
146  * to handle constructs like "DEFAULT, ISO".
147  */
148  char *subval;
149  void *subextra = NULL;
150 
151  subval = guc_strdup(LOG, GetConfigOptionResetString("datestyle"));
152  if (!subval)
153  {
154  ok = false;
155  break;
156  }
157  if (!check_datestyle(&subval, &subextra, source))
158  {
159  guc_free(subval);
160  ok = false;
161  break;
162  }
163  myextra = (int *) subextra;
164  if (!have_style)
165  newDateStyle = myextra[0];
166  if (!have_order)
167  newDateOrder = myextra[1];
168  guc_free(subval);
169  guc_free(subextra);
170  }
171  else
172  {
173  GUC_check_errdetail("Unrecognized key word: \"%s\".", tok);
174  pfree(rawstring);
175  list_free(elemlist);
176  return false;
177  }
178  }
179 
180  pfree(rawstring);
181  list_free(elemlist);
182 
183  if (!ok)
184  {
185  GUC_check_errdetail("Conflicting \"datestyle\" specifications.");
186  return false;
187  }
188 
189  /*
190  * Prepare the canonical string to return. GUC wants it guc_malloc'd.
191  */
192  result = (char *) guc_malloc(LOG, 32);
193  if (!result)
194  return false;
195 
196  switch (newDateStyle)
197  {
198  case USE_ISO_DATES:
199  strcpy(result, "ISO");
200  break;
201  case USE_SQL_DATES:
202  strcpy(result, "SQL");
203  break;
204  case USE_GERMAN_DATES:
205  strcpy(result, "German");
206  break;
207  default:
208  strcpy(result, "Postgres");
209  break;
210  }
211  switch (newDateOrder)
212  {
213  case DATEORDER_YMD:
214  strcat(result, ", YMD");
215  break;
216  case DATEORDER_DMY:
217  strcat(result, ", DMY");
218  break;
219  default:
220  strcat(result, ", MDY");
221  break;
222  }
223 
224  guc_free(*newval);
225  *newval = result;
226 
227  /*
228  * Set up the "extra" struct actually used by assign_datestyle.
229  */
230  myextra = (int *) guc_malloc(LOG, 2 * sizeof(int));
231  if (!myextra)
232  return false;
233  myextra[0] = newDateStyle;
234  myextra[1] = newDateOrder;
235  *extra = (void *) myextra;
236 
237  return true;
238 }
239 
240 /*
241  * assign_datestyle: GUC assign_hook for datestyle
242  */
243 void
244 assign_datestyle(const char *newval, void *extra)
245 {
246  int *myextra = (int *) extra;
247 
248  DateStyle = myextra[0];
249  DateOrder = myextra[1];
250 }
251 
252 
253 /*
254  * TIMEZONE
255  */
256 
257 /*
258  * check_timezone: GUC check_hook for timezone
259  */
260 bool
261 check_timezone(char **newval, void **extra, GucSource source)
262 {
263  pg_tz *new_tz;
264  long gmtoffset;
265  char *endptr;
266  double hours;
267 
268  if (pg_strncasecmp(*newval, "interval", 8) == 0)
269  {
270  /*
271  * Support INTERVAL 'foo'. This is for SQL spec compliance, not
272  * because it has any actual real-world usefulness.
273  */
274  const char *valueptr = *newval;
275  char *val;
277 
278  valueptr += 8;
279  while (isspace((unsigned char) *valueptr))
280  valueptr++;
281  if (*valueptr++ != '\'')
282  return false;
283  val = pstrdup(valueptr);
284  /* Check and remove trailing quote */
285  endptr = strchr(val, '\'');
286  if (!endptr || endptr[1] != '\0')
287  {
288  pfree(val);
289  return false;
290  }
291  *endptr = '\0';
292 
293  /*
294  * Try to parse it. XXX an invalid interval format will result in
295  * ereport(ERROR), which is not desirable for GUC. We did what we
296  * could to guard against this in flatten_set_variable_args, but a
297  * string coming in from postgresql.conf might contain anything.
298  */
302  Int32GetDatum(-1)));
303 
304  pfree(val);
305  if (interval->month != 0)
306  {
307  GUC_check_errdetail("Cannot specify months in time zone interval.");
308  pfree(interval);
309  return false;
310  }
311  if (interval->day != 0)
312  {
313  GUC_check_errdetail("Cannot specify days in time zone interval.");
314  pfree(interval);
315  return false;
316  }
317 
318  /* Here we change from SQL to Unix sign convention */
319  gmtoffset = -(interval->time / USECS_PER_SEC);
320  new_tz = pg_tzset_offset(gmtoffset);
321 
322  pfree(interval);
323  }
324  else
325  {
326  /*
327  * Try it as a numeric number of hours (possibly fractional).
328  */
329  hours = strtod(*newval, &endptr);
330  if (endptr != *newval && *endptr == '\0')
331  {
332  /* Here we change from SQL to Unix sign convention */
333  gmtoffset = -hours * SECS_PER_HOUR;
334  new_tz = pg_tzset_offset(gmtoffset);
335  }
336  else
337  {
338  /*
339  * Otherwise assume it is a timezone name, and try to load it.
340  */
341  new_tz = pg_tzset(*newval);
342 
343  if (!new_tz)
344  {
345  /* Doesn't seem to be any great value in errdetail here */
346  return false;
347  }
348 
349  if (!pg_tz_acceptable(new_tz))
350  {
351  GUC_check_errmsg("time zone \"%s\" appears to use leap seconds",
352  *newval);
353  GUC_check_errdetail("PostgreSQL does not support leap seconds.");
354  return false;
355  }
356  }
357  }
358 
359  /* Test for failure in pg_tzset_offset, which we assume is out-of-range */
360  if (!new_tz)
361  {
362  GUC_check_errdetail("UTC timezone offset is out of range.");
363  return false;
364  }
365 
366  /*
367  * Pass back data for assign_timezone to use
368  */
369  *extra = guc_malloc(LOG, sizeof(pg_tz *));
370  if (!*extra)
371  return false;
372  *((pg_tz **) *extra) = new_tz;
373 
374  return true;
375 }
376 
377 /*
378  * assign_timezone: GUC assign_hook for timezone
379  */
380 void
381 assign_timezone(const char *newval, void *extra)
382 {
383  session_timezone = *((pg_tz **) extra);
384 }
385 
386 /*
387  * show_timezone: GUC show_hook for timezone
388  */
389 const char *
391 {
392  const char *tzn;
393 
394  /* Always show the zone's canonical name */
396 
397  if (tzn != NULL)
398  return tzn;
399 
400  return "unknown";
401 }
402 
403 
404 /*
405  * LOG_TIMEZONE
406  *
407  * For log_timezone, we don't support the interval-based methods of setting a
408  * zone, which are only there for SQL spec compliance not because they're
409  * actually useful.
410  */
411 
412 /*
413  * check_log_timezone: GUC check_hook for log_timezone
414  */
415 bool
417 {
418  pg_tz *new_tz;
419 
420  /*
421  * Assume it is a timezone name, and try to load it.
422  */
423  new_tz = pg_tzset(*newval);
424 
425  if (!new_tz)
426  {
427  /* Doesn't seem to be any great value in errdetail here */
428  return false;
429  }
430 
431  if (!pg_tz_acceptable(new_tz))
432  {
433  GUC_check_errmsg("time zone \"%s\" appears to use leap seconds",
434  *newval);
435  GUC_check_errdetail("PostgreSQL does not support leap seconds.");
436  return false;
437  }
438 
439  /*
440  * Pass back data for assign_log_timezone to use
441  */
442  *extra = guc_malloc(LOG, sizeof(pg_tz *));
443  if (!*extra)
444  return false;
445  *((pg_tz **) *extra) = new_tz;
446 
447  return true;
448 }
449 
450 /*
451  * assign_log_timezone: GUC assign_hook for log_timezone
452  */
453 void
454 assign_log_timezone(const char *newval, void *extra)
455 {
456  log_timezone = *((pg_tz **) extra);
457 }
458 
459 /*
460  * show_log_timezone: GUC show_hook for log_timezone
461  */
462 const char *
464 {
465  const char *tzn;
466 
467  /* Always show the zone's canonical name */
469 
470  if (tzn != NULL)
471  return tzn;
472 
473  return "unknown";
474 }
475 
476 
477 /*
478  * TIMEZONE_ABBREVIATIONS
479  */
480 
481 /*
482  * GUC check_hook for assign_timezone_abbreviations
483  */
484 bool
486 {
487  /*
488  * The boot_val for timezone_abbreviations is NULL. When we see that we
489  * just do nothing. If the value isn't overridden from the config file
490  * then pg_timezone_abbrev_initialize() will eventually replace it with
491  * "Default". This hack has two purposes: to avoid wasting cycles loading
492  * values that might soon be overridden from the config file, and to avoid
493  * trying to read the timezone abbrev files during InitializeGUCOptions().
494  * The latter doesn't work in an EXEC_BACKEND subprocess because
495  * my_exec_path hasn't been set yet and so we can't locate PGSHAREDIR.
496  */
497  if (*newval == NULL)
498  {
500  return true;
501  }
502 
503  /* OK, load the file and produce a guc_malloc'd TimeZoneAbbrevTable */
504  *extra = load_tzoffsets(*newval);
505 
506  /* tzparser.c returns NULL on failure, reporting via GUC_check_errmsg */
507  if (!*extra)
508  return false;
509 
510  return true;
511 }
512 
513 /*
514  * GUC assign_hook for assign_timezone_abbreviations
515  */
516 void
517 assign_timezone_abbreviations(const char *newval, void *extra)
518 {
519  /* Do nothing for the boot_val default of NULL */
520  if (!extra)
521  return;
522 
524 }
525 
526 
527 /*
528  * SET TRANSACTION READ ONLY and SET TRANSACTION READ WRITE
529  *
530  * We allow idempotent changes (r/w -> r/w and r/o -> r/o) at any time, and
531  * we also always allow changes from read-write to read-only. However,
532  * read-only may be changed to read-write only when in a top-level transaction
533  * that has not yet taken an initial snapshot. Can't do it in a hot standby,
534  * either.
535  *
536  * If we are not in a transaction at all, just allow the change; it means
537  * nothing since XactReadOnly will be reset by the next StartTransaction().
538  * The IsTransactionState() test protects us against trying to check
539  * RecoveryInProgress() in contexts where shared memory is not accessible.
540  * (Similarly, if we're restoring state in a parallel worker, just allow
541  * the change.)
542  */
543 bool
545 {
547  {
548  /* Can't go to r/w mode inside a r/o transaction */
549  if (IsSubTransaction())
550  {
551  GUC_check_errcode(ERRCODE_ACTIVE_SQL_TRANSACTION);
552  GUC_check_errmsg("cannot set transaction read-write mode inside a read-only transaction");
553  return false;
554  }
555  /* Top level transaction can't change to r/w after first snapshot. */
556  if (FirstSnapshotSet)
557  {
558  GUC_check_errcode(ERRCODE_ACTIVE_SQL_TRANSACTION);
559  GUC_check_errmsg("transaction read-write mode must be set before any query");
560  return false;
561  }
562  /* Can't go to r/w mode while recovery is still active */
563  if (RecoveryInProgress())
564  {
565  GUC_check_errcode(ERRCODE_FEATURE_NOT_SUPPORTED);
566  GUC_check_errmsg("cannot set transaction read-write mode during recovery");
567  return false;
568  }
569  }
570 
571  return true;
572 }
573 
574 /*
575  * SET TRANSACTION ISOLATION LEVEL
576  *
577  * We allow idempotent changes at any time, but otherwise this can only be
578  * changed in a toplevel transaction that has not yet taken a snapshot.
579  *
580  * As in check_transaction_read_only, allow it if not inside a transaction.
581  */
582 bool
584 {
585  int newXactIsoLevel = *newval;
586 
587  if (newXactIsoLevel != XactIsoLevel && IsTransactionState())
588  {
589  if (FirstSnapshotSet)
590  {
591  GUC_check_errcode(ERRCODE_ACTIVE_SQL_TRANSACTION);
592  GUC_check_errmsg("SET TRANSACTION ISOLATION LEVEL must be called before any query");
593  return false;
594  }
595  /* We ignore a subtransaction setting it to the existing value. */
596  if (IsSubTransaction())
597  {
598  GUC_check_errcode(ERRCODE_ACTIVE_SQL_TRANSACTION);
599  GUC_check_errmsg("SET TRANSACTION ISOLATION LEVEL must not be called in a subtransaction");
600  return false;
601  }
602  /* Can't go to serializable mode while recovery is still active */
603  if (newXactIsoLevel == XACT_SERIALIZABLE && RecoveryInProgress())
604  {
605  GUC_check_errcode(ERRCODE_FEATURE_NOT_SUPPORTED);
606  GUC_check_errmsg("cannot use serializable mode in a hot standby");
607  GUC_check_errhint("You can use REPEATABLE READ instead.");
608  return false;
609  }
610  }
611 
612  return true;
613 }
614 
615 /*
616  * SET TRANSACTION [NOT] DEFERRABLE
617  */
618 
619 bool
621 {
622  if (IsSubTransaction())
623  {
624  GUC_check_errcode(ERRCODE_ACTIVE_SQL_TRANSACTION);
625  GUC_check_errmsg("SET TRANSACTION [NOT] DEFERRABLE cannot be called within a subtransaction");
626  return false;
627  }
628  if (FirstSnapshotSet)
629  {
630  GUC_check_errcode(ERRCODE_ACTIVE_SQL_TRANSACTION);
631  GUC_check_errmsg("SET TRANSACTION [NOT] DEFERRABLE must be called before any query");
632  return false;
633  }
634 
635  return true;
636 }
637 
638 /*
639  * Random number seed
640  *
641  * We can't roll back the random sequence on error, and we don't want
642  * config file reloads to affect it, so we only want interactive SET SEED
643  * commands to set it. We use the "extra" storage to ensure that rollbacks
644  * don't try to do the operation again.
645  */
646 
647 bool
648 check_random_seed(double *newval, void **extra, GucSource source)
649 {
650  *extra = guc_malloc(LOG, sizeof(int));
651  if (!*extra)
652  return false;
653  /* Arm the assign only if source of value is an interactive SET */
654  *((int *) *extra) = (source >= PGC_S_INTERACTIVE);
655 
656  return true;
657 }
658 
659 void
660 assign_random_seed(double newval, void *extra)
661 {
662  /* We'll do this at most once for any setting of the GUC variable */
663  if (*((int *) extra))
665  *((int *) extra) = 0;
666 }
667 
668 const char *
670 {
671  return "unavailable";
672 }
673 
674 
675 /*
676  * SET CLIENT_ENCODING
677  */
678 
679 bool
681 {
682  int encoding;
683  const char *canonical_name;
684 
685  /* Look up the encoding by name */
687  if (encoding < 0)
688  return false;
689 
690  /* Get the canonical name (no aliases, uniform case) */
691  canonical_name = pg_encoding_to_char(encoding);
692 
693  /*
694  * If we are not within a transaction then PrepareClientEncoding will not
695  * be able to look up the necessary conversion procs. If we are still
696  * starting up, it will return "OK" anyway, and InitializeClientEncoding
697  * will fix things once initialization is far enough along. After
698  * startup, we'll fail. This would only happen if someone tries to change
699  * client_encoding in postgresql.conf and then SIGHUP existing sessions.
700  * It seems like a bad idea for client_encoding to change that way anyhow,
701  * so we don't go out of our way to support it.
702  *
703  * Note: in the postmaster, or any other process that never calls
704  * InitializeClientEncoding, PrepareClientEncoding will always succeed,
705  * and so will SetClientEncoding; but they won't do anything, which is OK.
706  */
708  {
709  if (IsTransactionState())
710  {
711  /* Must be a genuine no-such-conversion problem */
712  GUC_check_errcode(ERRCODE_FEATURE_NOT_SUPPORTED);
713  GUC_check_errdetail("Conversion between %s and %s is not supported.",
714  canonical_name,
716  }
717  else
718  {
719  /* Provide a useful complaint */
720  GUC_check_errdetail("Cannot change client_encoding now.");
721  }
722  return false;
723  }
724 
725  /*
726  * Replace the user-supplied string with the encoding's canonical name.
727  * This gets rid of aliases and case-folding variations.
728  *
729  * XXX Although canonicalizing seems like a good idea in the abstract, it
730  * breaks pre-9.1 JDBC drivers, which expect that if they send "UNICODE"
731  * as the client_encoding setting then it will read back the same way. As
732  * a workaround, don't replace the string if it's "UNICODE". Remove that
733  * hack when pre-9.1 JDBC drivers are no longer in use.
734  */
735  if (strcmp(*newval, canonical_name) != 0 &&
736  strcmp(*newval, "UNICODE") != 0)
737  {
738  guc_free(*newval);
739  *newval = guc_strdup(LOG, canonical_name);
740  if (!*newval)
741  return false;
742  }
743 
744  /*
745  * Save the encoding's ID in *extra, for use by assign_client_encoding.
746  */
747  *extra = guc_malloc(LOG, sizeof(int));
748  if (!*extra)
749  return false;
750  *((int *) *extra) = encoding;
751 
752  return true;
753 }
754 
755 void
756 assign_client_encoding(const char *newval, void *extra)
757 {
758  int encoding = *((int *) extra);
759 
760  /*
761  * Parallel workers send data to the leader, not the client. They always
762  * send data using the database encoding.
763  */
764  if (IsParallelWorker())
765  {
766  /*
767  * During parallel worker startup, we want to accept the leader's
768  * client_encoding setting so that anyone who looks at the value in
769  * the worker sees the same value that they would see in the leader.
770  */
772  return;
773 
774  /*
775  * A change other than during startup, for example due to a SET clause
776  * attached to a function definition, should be rejected, as there is
777  * nothing we can do inside the worker to make it take effect.
778  */
779  ereport(ERROR,
780  (errcode(ERRCODE_INVALID_TRANSACTION_STATE),
781  errmsg("cannot change client_encoding during a parallel operation")));
782  }
783 
784  /* We do not expect an error if PrepareClientEncoding succeeded */
785  if (SetClientEncoding(encoding) < 0)
786  elog(LOG, "SetClientEncoding(%d) failed", encoding);
787 }
788 
789 
790 /*
791  * SET SESSION AUTHORIZATION
792  */
793 
794 typedef struct
795 {
796  /* This is the "extra" state for both SESSION AUTHORIZATION and ROLE */
800 
801 bool
803 {
804  HeapTuple roleTup;
805  Form_pg_authid roleform;
806  Oid roleid;
807  bool is_superuser;
808  role_auth_extra *myextra;
809 
810  /* Do nothing for the boot_val default of NULL */
811  if (*newval == NULL)
812  return true;
813 
814  if (!IsTransactionState())
815  {
816  /*
817  * Can't do catalog lookups, so fail. The result of this is that
818  * session_authorization cannot be set in postgresql.conf, which seems
819  * like a good thing anyway, so we don't work hard to avoid it.
820  */
821  return false;
822  }
823 
824  /*
825  * When source == PGC_S_TEST, we don't throw a hard error for a
826  * nonexistent user name or insufficient privileges, only a NOTICE. See
827  * comments in guc.h.
828  */
829 
830  /* Look up the username */
831  roleTup = SearchSysCache1(AUTHNAME, PointerGetDatum(*newval));
832  if (!HeapTupleIsValid(roleTup))
833  {
834  if (source == PGC_S_TEST)
835  {
836  ereport(NOTICE,
837  (errcode(ERRCODE_UNDEFINED_OBJECT),
838  errmsg("role \"%s\" does not exist", *newval)));
839  return true;
840  }
841  GUC_check_errmsg("role \"%s\" does not exist", *newval);
842  return false;
843  }
844 
845  roleform = (Form_pg_authid) GETSTRUCT(roleTup);
846  roleid = roleform->oid;
847  is_superuser = roleform->rolsuper;
848 
849  ReleaseSysCache(roleTup);
850 
851  /*
852  * Only superusers may SET SESSION AUTHORIZATION a role other than itself.
853  * Note that in case of multiple SETs in a single session, the original
854  * authenticated user's superuserness is what matters.
855  */
856  if (roleid != GetAuthenticatedUserId() &&
858  {
859  if (source == PGC_S_TEST)
860  {
861  ereport(NOTICE,
862  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
863  errmsg("permission will be denied to set session authorization \"%s\"",
864  *newval)));
865  return true;
866  }
867  GUC_check_errcode(ERRCODE_INSUFFICIENT_PRIVILEGE);
868  GUC_check_errmsg("permission denied to set session authorization \"%s\"",
869  *newval);
870  return false;
871  }
872 
873  /* Set up "extra" struct for assign_session_authorization to use */
874  myextra = (role_auth_extra *) guc_malloc(LOG, sizeof(role_auth_extra));
875  if (!myextra)
876  return false;
877  myextra->roleid = roleid;
878  myextra->is_superuser = is_superuser;
879  *extra = (void *) myextra;
880 
881  return true;
882 }
883 
884 void
885 assign_session_authorization(const char *newval, void *extra)
886 {
887  role_auth_extra *myextra = (role_auth_extra *) extra;
888 
889  /* Do nothing for the boot_val default of NULL */
890  if (!myextra)
891  return;
892 
893  SetSessionAuthorization(myextra->roleid, myextra->is_superuser);
894 }
895 
896 
897 /*
898  * SET ROLE
899  *
900  * The SQL spec requires "SET ROLE NONE" to unset the role, so we hardwire
901  * a translation of "none" to InvalidOid. Otherwise this is much like
902  * SET SESSION AUTHORIZATION.
903  */
904 extern char *role_string; /* in guc_tables.c */
905 
906 bool
907 check_role(char **newval, void **extra, GucSource source)
908 {
909  HeapTuple roleTup;
910  Oid roleid;
911  bool is_superuser;
912  role_auth_extra *myextra;
913  Form_pg_authid roleform;
914 
915  if (strcmp(*newval, "none") == 0)
916  {
917  /* hardwired translation */
918  roleid = InvalidOid;
919  is_superuser = false;
920  }
921  else
922  {
923  if (!IsTransactionState())
924  {
925  /*
926  * Can't do catalog lookups, so fail. The result of this is that
927  * role cannot be set in postgresql.conf, which seems like a good
928  * thing anyway, so we don't work hard to avoid it.
929  */
930  return false;
931  }
932 
933  /*
934  * When source == PGC_S_TEST, we don't throw a hard error for a
935  * nonexistent user name or insufficient privileges, only a NOTICE.
936  * See comments in guc.h.
937  */
938 
939  /* Look up the username */
940  roleTup = SearchSysCache1(AUTHNAME, PointerGetDatum(*newval));
941  if (!HeapTupleIsValid(roleTup))
942  {
943  if (source == PGC_S_TEST)
944  {
945  ereport(NOTICE,
946  (errcode(ERRCODE_UNDEFINED_OBJECT),
947  errmsg("role \"%s\" does not exist", *newval)));
948  return true;
949  }
950  GUC_check_errmsg("role \"%s\" does not exist", *newval);
951  return false;
952  }
953 
954  roleform = (Form_pg_authid) GETSTRUCT(roleTup);
955  roleid = roleform->oid;
956  is_superuser = roleform->rolsuper;
957 
958  ReleaseSysCache(roleTup);
959 
960  /*
961  * Verify that session user is allowed to become this role, but skip
962  * this in parallel mode, where we must blindly recreate the parallel
963  * leader's state.
964  */
967  {
968  if (source == PGC_S_TEST)
969  {
970  ereport(NOTICE,
971  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
972  errmsg("permission will be denied to set role \"%s\"",
973  *newval)));
974  return true;
975  }
976  GUC_check_errcode(ERRCODE_INSUFFICIENT_PRIVILEGE);
977  GUC_check_errmsg("permission denied to set role \"%s\"",
978  *newval);
979  return false;
980  }
981  }
982 
983  /* Set up "extra" struct for assign_role to use */
984  myextra = (role_auth_extra *) guc_malloc(LOG, sizeof(role_auth_extra));
985  if (!myextra)
986  return false;
987  myextra->roleid = roleid;
988  myextra->is_superuser = is_superuser;
989  *extra = (void *) myextra;
990 
991  return true;
992 }
993 
994 void
995 assign_role(const char *newval, void *extra)
996 {
997  role_auth_extra *myextra = (role_auth_extra *) extra;
998 
999  SetCurrentRoleId(myextra->roleid, myextra->is_superuser);
1000 }
1001 
1002 const char *
1004 {
1005  /*
1006  * Check whether SET ROLE is active; if not return "none". This is a
1007  * kluge to deal with the fact that SET SESSION AUTHORIZATION logically
1008  * resets SET ROLE to NONE, but we cannot set the GUC role variable from
1009  * assign_session_authorization (because we haven't got enough info to
1010  * call set_config_option).
1011  */
1012  if (!OidIsValid(GetCurrentRoleId()))
1013  return "none";
1014 
1015  /* Otherwise we can just use the GUC string */
1016  return role_string ? role_string : "none";
1017 }
1018 
1019 
1020 /*
1021  * PATH VARIABLES
1022  *
1023  * check_canonical_path is used for log_directory and some other GUCs where
1024  * all we want to do is canonicalize the represented path name.
1025  */
1026 
1027 bool
1029 {
1030  /*
1031  * Since canonicalize_path never enlarges the string, we can just modify
1032  * newval in-place. But watch out for NULL, which is the default value
1033  * for external_pid_file.
1034  */
1035  if (*newval)
1037  return true;
1038 }
1039 
1040 
1041 /*
1042  * MISCELLANEOUS
1043  */
1044 
1045 /*
1046  * GUC check_hook for application_name
1047  */
1048 bool
1050 {
1051  char *clean;
1052  char *ret;
1053 
1054  /* Only allow clean ASCII chars in the application name */
1056  if (!clean)
1057  return false;
1058 
1059  ret = guc_strdup(WARNING, clean);
1060  if (!ret)
1061  {
1062  pfree(clean);
1063  return false;
1064  }
1065 
1066  pfree(clean);
1067  *newval = ret;
1068  return true;
1069 }
1070 
1071 /*
1072  * GUC assign_hook for application_name
1073  */
1074 void
1075 assign_application_name(const char *newval, void *extra)
1076 {
1077  /* Update the pg_stat_activity view */
1079 }
1080 
1081 /*
1082  * GUC check_hook for cluster_name
1083  */
1084 bool
1086 {
1087  char *clean;
1088  char *ret;
1089 
1090  /* Only allow clean ASCII chars in the cluster name */
1092  if (!clean)
1093  return false;
1094 
1095  ret = guc_strdup(WARNING, clean);
1096  if (!ret)
1097  {
1098  pfree(clean);
1099  return false;
1100  }
1101 
1102  pfree(clean);
1103  *newval = ret;
1104  return true;
1105 }
1106 
1107 /*
1108  * GUC assign_hook for maintenance_io_concurrency
1109  */
1110 void
1112 {
1113 #ifdef USE_PREFETCH
1114  /*
1115  * Reconfigure recovery prefetching, because a setting it depends on
1116  * changed.
1117  */
1119  if (AmStartupProcess())
1121 #endif
1122 }
1123 
1124 
1125 /*
1126  * These show hooks just exist because we want to show the values in octal.
1127  */
1128 
1129 /*
1130  * GUC show_hook for data_directory_mode
1131  */
1132 const char *
1134 {
1135  static char buf[12];
1136 
1137  snprintf(buf, sizeof(buf), "%04o", data_directory_mode);
1138  return buf;
1139 }
1140 
1141 /*
1142  * GUC show_hook for log_file_mode
1143  */
1144 const char *
1146 {
1147  static char buf[12];
1148 
1149  snprintf(buf, sizeof(buf), "%04o", Log_file_mode);
1150  return buf;
1151 }
1152 
1153 /*
1154  * GUC show_hook for unix_socket_permissions
1155  */
1156 const char *
1158 {
1159  static char buf[12];
1160 
1161  snprintf(buf, sizeof(buf), "%04o", Unix_socket_permissions);
1162  return buf;
1163 }
1164 
1165 
1166 /*
1167  * These check hooks do nothing more than reject non-default settings
1168  * in builds that don't support them.
1169  */
1170 
1171 bool
1172 check_bonjour(bool *newval, void **extra, GucSource source)
1173 {
1174 #ifndef USE_BONJOUR
1175  if (*newval)
1176  {
1177  GUC_check_errmsg("Bonjour is not supported by this build");
1178  return false;
1179  }
1180 #endif
1181  return true;
1182 }
1183 
1184 bool
1186 {
1187  if (*newval)
1188  {
1189  /* check the GUC's definition for an explanation */
1190  GUC_check_errcode(ERRCODE_FEATURE_NOT_SUPPORTED);
1191  GUC_check_errmsg("tables declared WITH OIDS are not supported");
1192 
1193  return false;
1194  }
1195 
1196  return true;
1197 }
1198 
1199 bool
1201 {
1202 #ifndef USE_PREFETCH
1203  if (*newval != 0)
1204  {
1205  GUC_check_errdetail("effective_io_concurrency must be set to 0 on platforms that lack posix_fadvise().");
1206  return false;
1207  }
1208 #endif /* USE_PREFETCH */
1209  return true;
1210 }
1211 
1212 bool
1214 {
1215 #ifndef USE_PREFETCH
1216  if (*newval != 0)
1217  {
1218  GUC_check_errdetail("maintenance_io_concurrency must be set to 0 on platforms that lack posix_fadvise().");
1219  return false;
1220  }
1221 #endif /* USE_PREFETCH */
1222  return true;
1223 }
1224 
1225 bool
1226 check_ssl(bool *newval, void **extra, GucSource source)
1227 {
1228 #ifndef USE_SSL
1229  if (*newval)
1230  {
1231  GUC_check_errmsg("SSL is not supported by this build");
1232  return false;
1233  }
1234 #endif
1235  return true;
1236 }
bool member_can_set_role(Oid member, Oid role)
Definition: acl.c:5162
bool InitializingParallelWorker
Definition: parallel.c:118
const char * show_unix_socket_permissions(void)
Definition: variable.c:1157
void assign_application_name(const char *newval, void *extra)
Definition: variable.c:1075
bool check_bonjour(bool *newval, void **extra, GucSource source)
Definition: variable.c:1172
bool check_maintenance_io_concurrency(int *newval, void **extra, GucSource source)
Definition: variable.c:1213
void assign_session_authorization(const char *newval, void *extra)
Definition: variable.c:885
bool check_transaction_deferrable(bool *newval, void **extra, GucSource source)
Definition: variable.c:620
bool check_canonical_path(char **newval, void **extra, GucSource source)
Definition: variable.c:1028
const char * show_timezone(void)
Definition: variable.c:390
bool check_transaction_isolation(int *newval, void **extra, GucSource source)
Definition: variable.c:583
bool check_default_with_oids(bool *newval, void **extra, GucSource source)
Definition: variable.c:1185
void assign_timezone_abbreviations(const char *newval, void *extra)
Definition: variable.c:517
bool check_effective_io_concurrency(int *newval, void **extra, GucSource source)
Definition: variable.c:1200
bool check_application_name(char **newval, void **extra, GucSource source)
Definition: variable.c:1049
void assign_timezone(const char *newval, void *extra)
Definition: variable.c:381
bool check_role(char **newval, void **extra, GucSource source)
Definition: variable.c:907
bool check_cluster_name(char **newval, void **extra, GucSource source)
Definition: variable.c:1085
const char * show_log_timezone(void)
Definition: variable.c:463
bool check_session_authorization(char **newval, void **extra, GucSource source)
Definition: variable.c:802
bool check_transaction_read_only(bool *newval, void **extra, GucSource source)
Definition: variable.c:544
void assign_maintenance_io_concurrency(int newval, void *extra)
Definition: variable.c:1111
char * role_string
Definition: guc_tables.c:618
bool check_timezone_abbreviations(char **newval, void **extra, GucSource source)
Definition: variable.c:485
void assign_client_encoding(const char *newval, void *extra)
Definition: variable.c:756
void assign_role(const char *newval, void *extra)
Definition: variable.c:995
bool check_timezone(char **newval, void **extra, GucSource source)
Definition: variable.c:261
const char * show_random_seed(void)
Definition: variable.c:669
bool check_ssl(bool *newval, void **extra, GucSource source)
Definition: variable.c:1226
void assign_datestyle(const char *newval, void *extra)
Definition: variable.c:244
void assign_random_seed(double newval, void *extra)
Definition: variable.c:660
bool check_log_timezone(char **newval, void **extra, GucSource source)
Definition: variable.c:416
bool check_random_seed(double *newval, void **extra, GucSource source)
Definition: variable.c:648
const char * show_role(void)
Definition: variable.c:1003
bool check_datestyle(char **newval, void **extra, GucSource source)
Definition: variable.c:52
bool check_client_encoding(char **newval, void **extra, GucSource source)
Definition: variable.c:680
const char * show_log_file_mode(void)
Definition: variable.c:1145
const char * show_data_directory_mode(void)
Definition: variable.c:1133
void assign_log_timezone(const char *newval, void *extra)
Definition: variable.c:454
void InstallTimeZoneAbbrevs(TimeZoneAbbrevTable *tbl)
Definition: datetime.c:4946
Datum interval_in(PG_FUNCTION_ARGS)
Definition: timestamp.c:900
void pgstat_report_appname(const char *appname)
int maintenance_io_concurrency
Definition: bufmgr.c:153
#define OidIsValid(objectId)
Definition: c.h:762
#define SECS_PER_HOUR
Definition: timestamp.h:127
#define USECS_PER_SEC
Definition: timestamp.h:134
int errcode(int sqlerrcode)
Definition: elog.c:859
int errmsg(const char *fmt,...)
Definition: elog.c:1072
#define LOG
Definition: elog.h:31
#define WARNING
Definition: elog.h:36
#define ERROR
Definition: elog.h:39
#define elog(elevel,...)
Definition: elog.h:224
#define NOTICE
Definition: elog.h:35
#define ereport(elevel,...)
Definition: elog.h:149
int pg_valid_client_encoding(const char *name)
Definition: encnames.c:485
#define MCXT_ALLOC_NO_OOM
Definition: fe_memutils.h:17
Datum Float8GetDatum(float8 X)
Definition: fmgr.c:1816
#define DirectFunctionCall1(func, arg1)
Definition: fmgr.h:642
#define DirectFunctionCall3(func, arg1, arg2, arg3)
Definition: fmgr.h:646
int DateStyle
Definition: globals.c:122
int data_directory_mode
Definition: globals.c:74
int DateOrder
Definition: globals.c:123
void GUC_check_errcode(int sqlerrcode)
Definition: guc.c:6729
void * guc_malloc(int elevel, size_t size)
Definition: guc.c:640
void guc_free(void *ptr)
Definition: guc.c:691
#define newval
const char * GetConfigOptionResetString(const char *name)
Definition: guc.c:4348
char * guc_strdup(int elevel, const char *src)
Definition: guc.c:679
#define GUC_check_errmsg
Definition: guc.h:443
#define GUC_check_errdetail
Definition: guc.h:447
GucSource
Definition: guc.h:108
@ PGC_S_DEFAULT
Definition: guc.h:109
@ PGC_S_TEST
Definition: guc.h:121
@ PGC_S_INTERACTIVE
Definition: guc.h:120
#define GUC_check_errhint
Definition: guc.h:451
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define GETSTRUCT(TUP)
Definition: htup_details.h:653
#define IsParallelWorker()
Definition: parallel.h:60
long val
Definition: informix.c:670
Assert(fmt[strlen(fmt) - 1] !='\n')
void list_free(List *list)
Definition: list.c:1546
int SetClientEncoding(int encoding)
Definition: mbutils.c:208
int PrepareClientEncoding(int encoding)
Definition: mbutils.c:110
const char * GetDatabaseEncodingName(void)
Definition: mbutils.c:1267
char * pstrdup(const char *in)
Definition: mcxt.c:1683
void pfree(void *pointer)
Definition: mcxt.c:1508
#define AmStartupProcess()
Definition: miscadmin.h:382
#define USE_SQL_DATES
Definition: miscadmin.h:236
#define USE_POSTGRES_DATES
Definition: miscadmin.h:234
#define USE_ISO_DATES
Definition: miscadmin.h:235
#define DATEORDER_DMY
Definition: miscadmin.h:242
#define DATEORDER_MDY
Definition: miscadmin.h:243
#define DATEORDER_YMD
Definition: miscadmin.h:241
#define USE_GERMAN_DATES
Definition: miscadmin.h:237
void SetSessionAuthorization(Oid userid, bool is_superuser)
Definition: miscinit.c:908
Oid GetSessionUserId(void)
Definition: miscinit.c:548
void SetCurrentRoleId(Oid roleid, bool is_superuser)
Definition: miscinit.c:945
Oid GetAuthenticatedUserId(void)
Definition: miscinit.c:583
Oid GetCurrentRoleId(void)
Definition: miscinit.c:924
FormData_pg_authid * Form_pg_authid
Definition: pg_authid.h:56
int32 encoding
Definition: pg_database.h:41
static bool is_superuser(Archive *fout)
Definition: pg_dump.c:4634
#define lfirst(lc)
Definition: pg_list.h:172
static rewind_source * source
Definition: pg_rewind.c:89
static char * buf
Definition: pg_test_fsync.c:73
#define pg_encoding_to_char
Definition: pg_wchar.h:630
bool pg_tz_acceptable(pg_tz *tz)
Definition: localtime.c:1890
pg_tz * pg_tzset_offset(long gmtoffset)
Definition: pgtz.c:320
const char * pg_get_timezone_name(pg_tz *tz)
Definition: localtime.c:1875
PGDLLIMPORT pg_tz * session_timezone
Definition: pgtz.c:28
pg_tz * pg_tzset(const char *tzname)
Definition: pgtz.c:234
PGDLLIMPORT pg_tz * log_timezone
Definition: pgtz.c:31
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
void canonicalize_path(char *path)
Definition: path.c:264
#define snprintf
Definition: port.h:238
int pg_strncasecmp(const char *s1, const char *s2, size_t n)
Definition: pgstrcasecmp.c:69
static Datum PointerGetDatum(const void *X)
Definition: postgres.h:322
static Datum ObjectIdGetDatum(Oid X)
Definition: postgres.h:252
static Datum CStringGetDatum(const char *X)
Definition: postgres.h:350
static Datum Int32GetDatum(int32 X)
Definition: postgres.h:212
#define InvalidOid
Definition: postgres_ext.h:36
unsigned int Oid
Definition: postgres_ext.h:31
int Unix_socket_permissions
Definition: pqcomm.c:105
Datum setseed(PG_FUNCTION_ARGS)
bool FirstSnapshotSet
Definition: snapmgr.c:135
char * pg_clean_ascii(const char *str, int alloc_flags)
Definition: string.c:86
Definition: pg_list.h:54
Definition: pgtz.h:66
bool is_superuser
Definition: variable.c:798
bool superuser_arg(Oid roleid)
Definition: superuser.c:56
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:266
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:218
int Log_file_mode
Definition: syslogger.c:76
TimeZoneAbbrevTable * load_tzoffsets(const char *filename)
Definition: tzparser.c:447
static Interval * DatumGetIntervalP(Datum X)
Definition: timestamp.h:40
bool SplitIdentifierString(char *rawstring, char separator, List **namelist)
Definition: varlena.c:3457
bool XactReadOnly
Definition: xact.c:80
bool IsTransactionState(void)
Definition: xact.c:384
int XactIsoLevel
Definition: xact.c:77
bool IsSubTransaction(void)
Definition: xact.c:5001
#define XACT_SERIALIZABLE
Definition: xact.h:39
bool RecoveryInProgress(void)
Definition: xlog.c:6201
void XLogPrefetchReconfigure(void)