PostgreSQL Source Code  git master
tablespace.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * tablespace.c
4  * Commands to manipulate table spaces
5  *
6  * Tablespaces in PostgreSQL are designed to allow users to determine
7  * where the data file(s) for a given database object reside on the file
8  * system.
9  *
10  * A tablespace represents a directory on the file system. At tablespace
11  * creation time, the directory must be empty. To simplify things and
12  * remove the possibility of having file name conflicts, we isolate
13  * files within a tablespace into database-specific subdirectories.
14  *
15  * To support file access via the information given in RelFileNode, we
16  * maintain a symbolic-link map in $PGDATA/pg_tblspc. The symlinks are
17  * named by tablespace OIDs and point to the actual tablespace directories.
18  * There is also a per-cluster version directory in each tablespace.
19  * Thus the full path to an arbitrary file is
20  * $PGDATA/pg_tblspc/spcoid/PG_MAJORVER_CATVER/dboid/relfilenode
21  * e.g.
22  * $PGDATA/pg_tblspc/20981/PG_9.0_201002161/719849/83292814
23  *
24  * There are two tablespaces created at initdb time: pg_global (for shared
25  * tables) and pg_default (for everything else). For backwards compatibility
26  * and to remain functional on platforms without symlinks, these tablespaces
27  * are accessed specially: they are respectively
28  * $PGDATA/global/relfilenode
29  * $PGDATA/base/dboid/relfilenode
30  *
31  * To allow CREATE DATABASE to give a new database a default tablespace
32  * that's different from the template database's default, we make the
33  * provision that a zero in pg_class.reltablespace means the database's
34  * default tablespace. Without this, CREATE DATABASE would have to go in
35  * and munge the system catalogs of the new database.
36  *
37  *
38  * Portions Copyright (c) 1996-2022, PostgreSQL Global Development Group
39  * Portions Copyright (c) 1994, Regents of the University of California
40  *
41  *
42  * IDENTIFICATION
43  * src/backend/commands/tablespace.c
44  *
45  *-------------------------------------------------------------------------
46  */
47 #include "postgres.h"
48 
49 #include <unistd.h>
50 #include <dirent.h>
51 #include <sys/stat.h>
52 
53 #include "access/heapam.h"
54 #include "access/htup_details.h"
55 #include "access/reloptions.h"
56 #include "access/sysattr.h"
57 #include "access/tableam.h"
58 #include "access/xact.h"
59 #include "access/xloginsert.h"
60 #include "access/xlogutils.h"
61 #include "catalog/binary_upgrade.h"
62 #include "catalog/catalog.h"
63 #include "catalog/dependency.h"
64 #include "catalog/indexing.h"
65 #include "catalog/namespace.h"
66 #include "catalog/objectaccess.h"
67 #include "catalog/pg_namespace.h"
68 #include "catalog/pg_tablespace.h"
69 #include "commands/comment.h"
70 #include "commands/seclabel.h"
71 #include "commands/tablecmds.h"
72 #include "commands/tablespace.h"
73 #include "common/file_perm.h"
74 #include "miscadmin.h"
75 #include "postmaster/bgwriter.h"
76 #include "storage/fd.h"
77 #include "storage/lmgr.h"
78 #include "storage/standby.h"
79 #include "utils/acl.h"
80 #include "utils/builtins.h"
81 #include "utils/fmgroids.h"
82 #include "utils/guc.h"
83 #include "utils/lsyscache.h"
84 #include "utils/memutils.h"
85 #include "utils/rel.h"
86 #include "utils/varlena.h"
87 
88 /* GUC variables */
89 char *default_tablespace = NULL;
90 char *temp_tablespaces = NULL;
92 
94 
95 static void create_tablespace_directories(const char *location,
96  const Oid tablespaceoid);
97 static bool destroy_tablespace_directories(Oid tablespaceoid, bool redo);
98 
99 
100 /*
101  * Each database using a table space is isolated into its own name space
102  * by a subdirectory named for the database OID. On first creation of an
103  * object in the tablespace, create the subdirectory. If the subdirectory
104  * already exists, fall through quietly.
105  *
106  * isRedo indicates that we are creating an object during WAL replay.
107  * In this case we will cope with the possibility of the tablespace
108  * directory not being there either --- this could happen if we are
109  * replaying an operation on a table in a subsequently-dropped tablespace.
110  * We handle this by making a directory in the place where the tablespace
111  * symlink would normally be. This isn't an exact replay of course, but
112  * it's the best we can do given the available information.
113  *
114  * If tablespaces are not supported, we still need it in case we have to
115  * re-create a database subdirectory (of $PGDATA/base) during WAL replay.
116  */
117 void
118 TablespaceCreateDbspace(Oid spcNode, Oid dbNode, bool isRedo)
119 {
120  struct stat st;
121  char *dir;
122 
123  /*
124  * The global tablespace doesn't have per-database subdirectories, so
125  * nothing to do for it.
126  */
127  if (spcNode == GLOBALTABLESPACE_OID)
128  return;
129 
130  Assert(OidIsValid(spcNode));
131  Assert(OidIsValid(dbNode));
132 
133  dir = GetDatabasePath(dbNode, spcNode);
134 
135  if (stat(dir, &st) < 0)
136  {
137  /* Directory does not exist? */
138  if (errno == ENOENT)
139  {
140  /*
141  * Acquire TablespaceCreateLock to ensure that no DROP TABLESPACE
142  * or TablespaceCreateDbspace is running concurrently.
143  */
144  LWLockAcquire(TablespaceCreateLock, LW_EXCLUSIVE);
145 
146  /*
147  * Recheck to see if someone created the directory while we were
148  * waiting for lock.
149  */
150  if (stat(dir, &st) == 0 && S_ISDIR(st.st_mode))
151  {
152  /* Directory was created */
153  }
154  else
155  {
156  /* Directory creation failed? */
157  if (MakePGDirectory(dir) < 0)
158  {
159  char *parentdir;
160 
161  /* Failure other than not exists or not in WAL replay? */
162  if (errno != ENOENT || !isRedo)
163  ereport(ERROR,
165  errmsg("could not create directory \"%s\": %m",
166  dir)));
167 
168  /*
169  * Parent directories are missing during WAL replay, so
170  * continue by creating simple parent directories rather
171  * than a symlink.
172  */
173 
174  /* create two parents up if not exist */
175  parentdir = pstrdup(dir);
176  get_parent_directory(parentdir);
177  get_parent_directory(parentdir);
178  /* Can't create parent and it doesn't already exist? */
179  if (MakePGDirectory(parentdir) < 0 && errno != EEXIST)
180  ereport(ERROR,
182  errmsg("could not create directory \"%s\": %m",
183  parentdir)));
184  pfree(parentdir);
185 
186  /* create one parent up if not exist */
187  parentdir = pstrdup(dir);
188  get_parent_directory(parentdir);
189  /* Can't create parent and it doesn't already exist? */
190  if (MakePGDirectory(parentdir) < 0 && errno != EEXIST)
191  ereport(ERROR,
193  errmsg("could not create directory \"%s\": %m",
194  parentdir)));
195  pfree(parentdir);
196 
197  /* Create database directory */
198  if (MakePGDirectory(dir) < 0)
199  ereport(ERROR,
201  errmsg("could not create directory \"%s\": %m",
202  dir)));
203  }
204  }
205 
206  LWLockRelease(TablespaceCreateLock);
207  }
208  else
209  {
210  ereport(ERROR,
212  errmsg("could not stat directory \"%s\": %m", dir)));
213  }
214  }
215  else
216  {
217  /* Is it not a directory? */
218  if (!S_ISDIR(st.st_mode))
219  ereport(ERROR,
220  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
221  errmsg("\"%s\" exists but is not a directory",
222  dir)));
223  }
224 
225  pfree(dir);
226 }
227 
228 /*
229  * Create a table space
230  *
231  * Only superusers can create a tablespace. This seems a reasonable restriction
232  * since we're determining the system layout and, anyway, we probably have
233  * root if we're doing this kind of activity
234  */
235 Oid
237 {
238 #ifdef HAVE_SYMLINK
239  Relation rel;
240  Datum values[Natts_pg_tablespace];
241  bool nulls[Natts_pg_tablespace];
242  HeapTuple tuple;
243  Oid tablespaceoid;
244  char *location;
245  Oid ownerId;
246  Datum newOptions;
247  bool in_place;
248 
249  /* Must be superuser */
250  if (!superuser())
251  ereport(ERROR,
252  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
253  errmsg("permission denied to create tablespace \"%s\"",
254  stmt->tablespacename),
255  errhint("Must be superuser to create a tablespace.")));
256 
257  /* However, the eventual owner of the tablespace need not be */
258  if (stmt->owner)
259  ownerId = get_rolespec_oid(stmt->owner, false);
260  else
261  ownerId = GetUserId();
262 
263  /* Unix-ify the offered path, and strip any trailing slashes */
264  location = pstrdup(stmt->location);
265  canonicalize_path(location);
266 
267  /* disallow quotes, else CREATE DATABASE would be at risk */
268  if (strchr(location, '\''))
269  ereport(ERROR,
270  (errcode(ERRCODE_INVALID_NAME),
271  errmsg("tablespace location cannot contain single quotes")));
272 
273  in_place = allow_in_place_tablespaces && strlen(location) == 0;
274 
275  /*
276  * Allowing relative paths seems risky
277  *
278  * This also helps us ensure that location is not empty or whitespace,
279  * unless specifying a developer-only in-place tablespace.
280  */
281  if (!in_place && !is_absolute_path(location))
282  ereport(ERROR,
283  (errcode(ERRCODE_INVALID_OBJECT_DEFINITION),
284  errmsg("tablespace location must be an absolute path")));
285 
286  /*
287  * Check that location isn't too long. Remember that we're going to append
288  * 'PG_XXX/<dboid>/<relid>_<fork>.<nnn>'. FYI, we never actually
289  * reference the whole path here, but MakePGDirectory() uses the first two
290  * parts.
291  */
292  if (strlen(location) + 1 + strlen(TABLESPACE_VERSION_DIRECTORY) + 1 +
293  OIDCHARS + 1 + OIDCHARS + 1 + FORKNAMECHARS + 1 + OIDCHARS > MAXPGPATH)
294  ereport(ERROR,
295  (errcode(ERRCODE_INVALID_OBJECT_DEFINITION),
296  errmsg("tablespace location \"%s\" is too long",
297  location)));
298 
299  /* Warn if the tablespace is in the data directory. */
300  if (path_is_prefix_of_path(DataDir, location))
302  (errcode(ERRCODE_INVALID_OBJECT_DEFINITION),
303  errmsg("tablespace location should not be inside the data directory")));
304 
305  /*
306  * Disallow creation of tablespaces named "pg_xxx"; we reserve this
307  * namespace for system purposes.
308  */
310  ereport(ERROR,
311  (errcode(ERRCODE_RESERVED_NAME),
312  errmsg("unacceptable tablespace name \"%s\"",
313  stmt->tablespacename),
314  errdetail("The prefix \"pg_\" is reserved for system tablespaces.")));
315 
316  /*
317  * If built with appropriate switch, whine when regression-testing
318  * conventions for tablespace names are violated.
319  */
320 #ifdef ENFORCE_REGRESSION_TEST_NAME_RESTRICTIONS
321  if (strncmp(stmt->tablespacename, "regress_", 8) != 0)
322  elog(WARNING, "tablespaces created by regression test cases should have names starting with \"regress_\"");
323 #endif
324 
325  /*
326  * Check that there is no other tablespace by this name. (The unique
327  * index would catch this anyway, but might as well give a friendlier
328  * message.)
329  */
330  if (OidIsValid(get_tablespace_oid(stmt->tablespacename, true)))
331  ereport(ERROR,
333  errmsg("tablespace \"%s\" already exists",
334  stmt->tablespacename)));
335 
336  /*
337  * Insert tuple into pg_tablespace. The purpose of doing this first is to
338  * lock the proposed tablename against other would-be creators. The
339  * insertion will roll back if we find problems below.
340  */
341  rel = table_open(TableSpaceRelationId, RowExclusiveLock);
342 
343  MemSet(nulls, false, sizeof(nulls));
344 
345  if (IsBinaryUpgrade)
346  {
347  /* Use binary-upgrade override for tablespace oid */
349  ereport(ERROR,
350  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
351  errmsg("pg_tablespace OID value not set when in binary upgrade mode")));
352 
355  }
356  else
357  tablespaceoid = GetNewOidWithIndex(rel, TablespaceOidIndexId,
358  Anum_pg_tablespace_oid);
359  values[Anum_pg_tablespace_oid - 1] = ObjectIdGetDatum(tablespaceoid);
360  values[Anum_pg_tablespace_spcname - 1] =
362  values[Anum_pg_tablespace_spcowner - 1] =
363  ObjectIdGetDatum(ownerId);
364  nulls[Anum_pg_tablespace_spcacl - 1] = true;
365 
366  /* Generate new proposed spcoptions (text array) */
367  newOptions = transformRelOptions((Datum) 0,
368  stmt->options,
369  NULL, NULL, false, false);
370  (void) tablespace_reloptions(newOptions, true);
371  if (newOptions != (Datum) 0)
372  values[Anum_pg_tablespace_spcoptions - 1] = newOptions;
373  else
374  nulls[Anum_pg_tablespace_spcoptions - 1] = true;
375 
376  tuple = heap_form_tuple(rel->rd_att, values, nulls);
377 
378  CatalogTupleInsert(rel, tuple);
379 
380  heap_freetuple(tuple);
381 
382  /* Record dependency on owner */
383  recordDependencyOnOwner(TableSpaceRelationId, tablespaceoid, ownerId);
384 
385  /* Post creation hook for new tablespace */
386  InvokeObjectPostCreateHook(TableSpaceRelationId, tablespaceoid, 0);
387 
388  create_tablespace_directories(location, tablespaceoid);
389 
390  /* Record the filesystem change in XLOG */
391  {
392  xl_tblspc_create_rec xlrec;
393 
394  xlrec.ts_id = tablespaceoid;
395 
396  XLogBeginInsert();
397  XLogRegisterData((char *) &xlrec,
398  offsetof(xl_tblspc_create_rec, ts_path));
399  XLogRegisterData((char *) location, strlen(location) + 1);
400 
401  (void) XLogInsert(RM_TBLSPC_ID, XLOG_TBLSPC_CREATE);
402  }
403 
404  /*
405  * Force synchronous commit, to minimize the window between creating the
406  * symlink on-disk and marking the transaction committed. It's not great
407  * that there is any window at all, but definitely we don't want to make
408  * it larger than necessary.
409  */
410  ForceSyncCommit();
411 
412  pfree(location);
413 
414  /* We keep the lock on pg_tablespace until commit */
415  table_close(rel, NoLock);
416 
417  return tablespaceoid;
418 #else /* !HAVE_SYMLINK */
419  ereport(ERROR,
420  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
421  errmsg("tablespaces are not supported on this platform")));
422  return InvalidOid; /* keep compiler quiet */
423 #endif /* HAVE_SYMLINK */
424 }
425 
426 /*
427  * Drop a table space
428  *
429  * Be careful to check that the tablespace is empty.
430  */
431 void
433 {
434 #ifdef HAVE_SYMLINK
435  char *tablespacename = stmt->tablespacename;
436  TableScanDesc scandesc;
437  Relation rel;
438  HeapTuple tuple;
439  Form_pg_tablespace spcform;
440  ScanKeyData entry[1];
441  Oid tablespaceoid;
442  char *detail;
443  char *detail_log;
444 
445  /*
446  * Find the target tuple
447  */
448  rel = table_open(TableSpaceRelationId, RowExclusiveLock);
449 
450  ScanKeyInit(&entry[0],
451  Anum_pg_tablespace_spcname,
452  BTEqualStrategyNumber, F_NAMEEQ,
453  CStringGetDatum(tablespacename));
454  scandesc = table_beginscan_catalog(rel, 1, entry);
455  tuple = heap_getnext(scandesc, ForwardScanDirection);
456 
457  if (!HeapTupleIsValid(tuple))
458  {
459  if (!stmt->missing_ok)
460  {
461  ereport(ERROR,
462  (errcode(ERRCODE_UNDEFINED_OBJECT),
463  errmsg("tablespace \"%s\" does not exist",
464  tablespacename)));
465  }
466  else
467  {
468  ereport(NOTICE,
469  (errmsg("tablespace \"%s\" does not exist, skipping",
470  tablespacename)));
471  table_endscan(scandesc);
472  table_close(rel, NoLock);
473  }
474  return;
475  }
476 
477  spcform = (Form_pg_tablespace) GETSTRUCT(tuple);
478  tablespaceoid = spcform->oid;
479 
480  /* Must be tablespace owner */
481  if (!pg_tablespace_ownercheck(tablespaceoid, GetUserId()))
483  tablespacename);
484 
485  /* Disallow drop of the standard tablespaces, even by superuser */
486  if (IsPinnedObject(TableSpaceRelationId, tablespaceoid))
488  tablespacename);
489 
490  /* Check for pg_shdepend entries depending on this tablespace */
491  if (checkSharedDependencies(TableSpaceRelationId, tablespaceoid,
492  &detail, &detail_log))
493  ereport(ERROR,
494  (errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
495  errmsg("tablespace \"%s\" cannot be dropped because some objects depend on it",
496  tablespacename),
497  errdetail_internal("%s", detail),
498  errdetail_log("%s", detail_log)));
499 
500  /* DROP hook for the tablespace being removed */
501  InvokeObjectDropHook(TableSpaceRelationId, tablespaceoid, 0);
502 
503  /*
504  * Remove the pg_tablespace tuple (this will roll back if we fail below)
505  */
506  CatalogTupleDelete(rel, &tuple->t_self);
507 
508  table_endscan(scandesc);
509 
510  /*
511  * Remove any comments or security labels on this tablespace.
512  */
513  DeleteSharedComments(tablespaceoid, TableSpaceRelationId);
514  DeleteSharedSecurityLabel(tablespaceoid, TableSpaceRelationId);
515 
516  /*
517  * Remove dependency on owner.
518  */
519  deleteSharedDependencyRecordsFor(TableSpaceRelationId, tablespaceoid, 0);
520 
521  /*
522  * Acquire TablespaceCreateLock to ensure that no TablespaceCreateDbspace
523  * is running concurrently.
524  */
525  LWLockAcquire(TablespaceCreateLock, LW_EXCLUSIVE);
526 
527  /*
528  * Try to remove the physical infrastructure.
529  */
530  if (!destroy_tablespace_directories(tablespaceoid, false))
531  {
532  /*
533  * Not all files deleted? However, there can be lingering empty files
534  * in the directories, left behind by for example DROP TABLE, that
535  * have been scheduled for deletion at next checkpoint (see comments
536  * in mdunlink() for details). We could just delete them immediately,
537  * but we can't tell them apart from important data files that we
538  * mustn't delete. So instead, we force a checkpoint which will clean
539  * out any lingering files, and try again.
540  */
542 
543  /*
544  * On Windows, an unlinked file persists in the directory listing
545  * until no process retains an open handle for the file. The DDL
546  * commands that schedule files for unlink send invalidation messages
547  * directing other PostgreSQL processes to close the files, but
548  * nothing guarantees they'll be processed in time. So, we'll also
549  * use a global barrier to ask all backends to close all files, and
550  * wait until they're finished.
551  */
552  LWLockRelease(TablespaceCreateLock);
554  LWLockAcquire(TablespaceCreateLock, LW_EXCLUSIVE);
555 
556  /* And now try again. */
557  if (!destroy_tablespace_directories(tablespaceoid, false))
558  {
559  /* Still not empty, the files must be important then */
560  ereport(ERROR,
561  (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
562  errmsg("tablespace \"%s\" is not empty",
563  tablespacename)));
564  }
565  }
566 
567  /* Record the filesystem change in XLOG */
568  {
569  xl_tblspc_drop_rec xlrec;
570 
571  xlrec.ts_id = tablespaceoid;
572 
573  XLogBeginInsert();
574  XLogRegisterData((char *) &xlrec, sizeof(xl_tblspc_drop_rec));
575 
576  (void) XLogInsert(RM_TBLSPC_ID, XLOG_TBLSPC_DROP);
577  }
578 
579  /*
580  * Note: because we checked that the tablespace was empty, there should be
581  * no need to worry about flushing shared buffers or free space map
582  * entries for relations in the tablespace.
583  */
584 
585  /*
586  * Force synchronous commit, to minimize the window between removing the
587  * files on-disk and marking the transaction committed. It's not great
588  * that there is any window at all, but definitely we don't want to make
589  * it larger than necessary.
590  */
591  ForceSyncCommit();
592 
593  /*
594  * Allow TablespaceCreateDbspace again.
595  */
596  LWLockRelease(TablespaceCreateLock);
597 
598  /* We keep the lock on pg_tablespace until commit */
599  table_close(rel, NoLock);
600 #else /* !HAVE_SYMLINK */
601  ereport(ERROR,
602  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
603  errmsg("tablespaces are not supported on this platform")));
604 #endif /* HAVE_SYMLINK */
605 }
606 
607 
608 /*
609  * create_tablespace_directories
610  *
611  * Attempt to create filesystem infrastructure linking $PGDATA/pg_tblspc/
612  * to the specified directory
613  */
614 static void
615 create_tablespace_directories(const char *location, const Oid tablespaceoid)
616 {
617  char *linkloc;
618  char *location_with_version_dir;
619  struct stat st;
620  bool in_place;
621 
622  linkloc = psprintf("pg_tblspc/%u", tablespaceoid);
623 
624  /*
625  * If we're asked to make an 'in place' tablespace, create the directory
626  * directly where the symlink would normally go. This is a developer-only
627  * option for now, to facilitate regression testing.
628  */
629  in_place = strlen(location) == 0;
630 
631  if (in_place)
632  {
633  if (MakePGDirectory(linkloc) < 0 && errno != EEXIST)
634  ereport(ERROR,
636  errmsg("could not create directory \"%s\": %m",
637  linkloc)));
638  }
639 
640  location_with_version_dir = psprintf("%s/%s", in_place ? linkloc : location,
642 
643  /*
644  * Attempt to coerce target directory to safe permissions. If this fails,
645  * it doesn't exist or has the wrong owner. Not needed for in-place mode,
646  * because in that case we created the directory with the desired
647  * permissions.
648  */
649  if (!in_place && chmod(location, pg_dir_create_mode) != 0)
650  {
651  if (errno == ENOENT)
652  ereport(ERROR,
653  (errcode(ERRCODE_UNDEFINED_FILE),
654  errmsg("directory \"%s\" does not exist", location),
655  InRecovery ? errhint("Create this directory for the tablespace before "
656  "restarting the server.") : 0));
657  else
658  ereport(ERROR,
660  errmsg("could not set permissions on directory \"%s\": %m",
661  location)));
662  }
663 
664  /*
665  * The creation of the version directory prevents more than one tablespace
666  * in a single location. This imitates TablespaceCreateDbspace(), but it
667  * ignores concurrency and missing parent directories. The chmod() would
668  * have failed in the absence of a parent. pg_tablespace_spcname_index
669  * prevents concurrency.
670  */
671  if (stat(location_with_version_dir, &st) < 0)
672  {
673  if (errno != ENOENT)
674  ereport(ERROR,
676  errmsg("could not stat directory \"%s\": %m",
677  location_with_version_dir)));
678  else if (MakePGDirectory(location_with_version_dir) < 0)
679  ereport(ERROR,
681  errmsg("could not create directory \"%s\": %m",
682  location_with_version_dir)));
683  }
684  else if (!S_ISDIR(st.st_mode))
685  ereport(ERROR,
686  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
687  errmsg("\"%s\" exists but is not a directory",
688  location_with_version_dir)));
689  else if (!InRecovery)
690  ereport(ERROR,
691  (errcode(ERRCODE_OBJECT_IN_USE),
692  errmsg("directory \"%s\" already in use as a tablespace",
693  location_with_version_dir)));
694 
695  /*
696  * In recovery, remove old symlink, in case it points to the wrong place.
697  */
698  if (!in_place && InRecovery)
699  remove_tablespace_symlink(linkloc);
700 
701  /*
702  * Create the symlink under PGDATA
703  */
704  if (!in_place && symlink(location, linkloc) < 0)
705  ereport(ERROR,
707  errmsg("could not create symbolic link \"%s\": %m",
708  linkloc)));
709 
710  pfree(linkloc);
711  pfree(location_with_version_dir);
712 }
713 
714 
715 /*
716  * destroy_tablespace_directories
717  *
718  * Attempt to remove filesystem infrastructure for the tablespace.
719  *
720  * 'redo' indicates we are redoing a drop from XLOG; in that case we should
721  * not throw an ERROR for problems, just LOG them. The worst consequence of
722  * not removing files here would be failure to release some disk space, which
723  * does not justify throwing an error that would require manual intervention
724  * to get the database running again.
725  *
726  * Returns true if successful, false if some subdirectory is not empty
727  */
728 static bool
729 destroy_tablespace_directories(Oid tablespaceoid, bool redo)
730 {
731  char *linkloc;
732  char *linkloc_with_version_dir;
733  DIR *dirdesc;
734  struct dirent *de;
735  char *subfile;
736  struct stat st;
737 
738  linkloc_with_version_dir = psprintf("pg_tblspc/%u/%s", tablespaceoid,
740 
741  /*
742  * Check if the tablespace still contains any files. We try to rmdir each
743  * per-database directory we find in it. rmdir failure implies there are
744  * still files in that subdirectory, so give up. (We do not have to worry
745  * about undoing any already completed rmdirs, since the next attempt to
746  * use the tablespace from that database will simply recreate the
747  * subdirectory via TablespaceCreateDbspace.)
748  *
749  * Since we hold TablespaceCreateLock, no one else should be creating any
750  * fresh subdirectories in parallel. It is possible that new files are
751  * being created within subdirectories, though, so the rmdir call could
752  * fail. Worst consequence is a less friendly error message.
753  *
754  * If redo is true then ENOENT is a likely outcome here, and we allow it
755  * to pass without comment. In normal operation we still allow it, but
756  * with a warning. This is because even though ProcessUtility disallows
757  * DROP TABLESPACE in a transaction block, it's possible that a previous
758  * DROP failed and rolled back after removing the tablespace directories
759  * and/or symlink. We want to allow a new DROP attempt to succeed at
760  * removing the catalog entries (and symlink if still present), so we
761  * should not give a hard error here.
762  */
763  dirdesc = AllocateDir(linkloc_with_version_dir);
764  if (dirdesc == NULL)
765  {
766  if (errno == ENOENT)
767  {
768  if (!redo)
771  errmsg("could not open directory \"%s\": %m",
772  linkloc_with_version_dir)));
773  /* The symlink might still exist, so go try to remove it */
774  goto remove_symlink;
775  }
776  else if (redo)
777  {
778  /* in redo, just log other types of error */
779  ereport(LOG,
781  errmsg("could not open directory \"%s\": %m",
782  linkloc_with_version_dir)));
783  pfree(linkloc_with_version_dir);
784  return false;
785  }
786  /* else let ReadDir report the error */
787  }
788 
789  while ((de = ReadDir(dirdesc, linkloc_with_version_dir)) != NULL)
790  {
791  if (strcmp(de->d_name, ".") == 0 ||
792  strcmp(de->d_name, "..") == 0)
793  continue;
794 
795  subfile = psprintf("%s/%s", linkloc_with_version_dir, de->d_name);
796 
797  /* This check is just to deliver a friendlier error message */
798  if (!redo && !directory_is_empty(subfile))
799  {
800  FreeDir(dirdesc);
801  pfree(subfile);
802  pfree(linkloc_with_version_dir);
803  return false;
804  }
805 
806  /* remove empty directory */
807  if (rmdir(subfile) < 0)
808  ereport(redo ? LOG : ERROR,
810  errmsg("could not remove directory \"%s\": %m",
811  subfile)));
812 
813  pfree(subfile);
814  }
815 
816  FreeDir(dirdesc);
817 
818  /* remove version directory */
819  if (rmdir(linkloc_with_version_dir) < 0)
820  {
821  ereport(redo ? LOG : ERROR,
823  errmsg("could not remove directory \"%s\": %m",
824  linkloc_with_version_dir)));
825  pfree(linkloc_with_version_dir);
826  return false;
827  }
828 
829  /*
830  * Try to remove the symlink. We must however deal with the possibility
831  * that it's a directory instead of a symlink --- this could happen during
832  * WAL replay (see TablespaceCreateDbspace), and it is also the case on
833  * Windows where junction points lstat() as directories.
834  *
835  * Note: in the redo case, we'll return true if this final step fails;
836  * there's no point in retrying it. Also, ENOENT should provoke no more
837  * than a warning.
838  */
839 remove_symlink:
840  linkloc = pstrdup(linkloc_with_version_dir);
841  get_parent_directory(linkloc);
842  if (lstat(linkloc, &st) < 0)
843  {
844  int saved_errno = errno;
845 
846  ereport(redo ? LOG : (saved_errno == ENOENT ? WARNING : ERROR),
848  errmsg("could not stat file \"%s\": %m",
849  linkloc)));
850  }
851  else if (S_ISDIR(st.st_mode))
852  {
853  if (rmdir(linkloc) < 0)
854  {
855  int saved_errno = errno;
856 
857  ereport(redo ? LOG : (saved_errno == ENOENT ? WARNING : ERROR),
859  errmsg("could not remove directory \"%s\": %m",
860  linkloc)));
861  }
862  }
863 #ifdef S_ISLNK
864  else if (S_ISLNK(st.st_mode))
865  {
866  if (unlink(linkloc) < 0)
867  {
868  int saved_errno = errno;
869 
870  ereport(redo ? LOG : (saved_errno == ENOENT ? WARNING : ERROR),
872  errmsg("could not remove symbolic link \"%s\": %m",
873  linkloc)));
874  }
875  }
876 #endif
877  else
878  {
879  /* Refuse to remove anything that's not a directory or symlink */
880  ereport(redo ? LOG : ERROR,
881  (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
882  errmsg("\"%s\" is not a directory or symbolic link",
883  linkloc)));
884  }
885 
886  pfree(linkloc_with_version_dir);
887  pfree(linkloc);
888 
889  return true;
890 }
891 
892 
893 /*
894  * Check if a directory is empty.
895  *
896  * This probably belongs somewhere else, but not sure where...
897  */
898 bool
899 directory_is_empty(const char *path)
900 {
901  DIR *dirdesc;
902  struct dirent *de;
903 
904  dirdesc = AllocateDir(path);
905 
906  while ((de = ReadDir(dirdesc, path)) != NULL)
907  {
908  if (strcmp(de->d_name, ".") == 0 ||
909  strcmp(de->d_name, "..") == 0)
910  continue;
911  FreeDir(dirdesc);
912  return false;
913  }
914 
915  FreeDir(dirdesc);
916  return true;
917 }
918 
919 /*
920  * remove_tablespace_symlink
921  *
922  * This function removes symlinks in pg_tblspc. On Windows, junction points
923  * act like directories so we must be able to apply rmdir. This function
924  * works like the symlink removal code in destroy_tablespace_directories,
925  * except that failure to remove is always an ERROR. But if the file doesn't
926  * exist at all, that's OK.
927  */
928 void
929 remove_tablespace_symlink(const char *linkloc)
930 {
931  struct stat st;
932 
933  if (lstat(linkloc, &st) < 0)
934  {
935  if (errno == ENOENT)
936  return;
937  ereport(ERROR,
939  errmsg("could not stat file \"%s\": %m", linkloc)));
940  }
941 
942  if (S_ISDIR(st.st_mode))
943  {
944  /*
945  * This will fail if the directory isn't empty, but not if it's a
946  * junction point.
947  */
948  if (rmdir(linkloc) < 0 && errno != ENOENT)
949  ereport(ERROR,
951  errmsg("could not remove directory \"%s\": %m",
952  linkloc)));
953  }
954 #ifdef S_ISLNK
955  else if (S_ISLNK(st.st_mode))
956  {
957  if (unlink(linkloc) < 0 && errno != ENOENT)
958  ereport(ERROR,
960  errmsg("could not remove symbolic link \"%s\": %m",
961  linkloc)));
962  }
963 #endif
964  else
965  {
966  /* Refuse to remove anything that's not a directory or symlink */
967  ereport(ERROR,
968  (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
969  errmsg("\"%s\" is not a directory or symbolic link",
970  linkloc)));
971  }
972 }
973 
974 /*
975  * Rename a tablespace
976  */
978 RenameTableSpace(const char *oldname, const char *newname)
979 {
980  Oid tspId;
981  Relation rel;
982  ScanKeyData entry[1];
983  TableScanDesc scan;
984  HeapTuple tup;
985  HeapTuple newtuple;
986  Form_pg_tablespace newform;
987  ObjectAddress address;
988 
989  /* Search pg_tablespace */
990  rel = table_open(TableSpaceRelationId, RowExclusiveLock);
991 
992  ScanKeyInit(&entry[0],
993  Anum_pg_tablespace_spcname,
994  BTEqualStrategyNumber, F_NAMEEQ,
995  CStringGetDatum(oldname));
996  scan = table_beginscan_catalog(rel, 1, entry);
997  tup = heap_getnext(scan, ForwardScanDirection);
998  if (!HeapTupleIsValid(tup))
999  ereport(ERROR,
1000  (errcode(ERRCODE_UNDEFINED_OBJECT),
1001  errmsg("tablespace \"%s\" does not exist",
1002  oldname)));
1003 
1004  newtuple = heap_copytuple(tup);
1005  newform = (Form_pg_tablespace) GETSTRUCT(newtuple);
1006  tspId = newform->oid;
1007 
1008  table_endscan(scan);
1009 
1010  /* Must be owner */
1011  if (!pg_tablespace_ownercheck(tspId, GetUserId()))
1013 
1014  /* Validate new name */
1015  if (!allowSystemTableMods && IsReservedName(newname))
1016  ereport(ERROR,
1017  (errcode(ERRCODE_RESERVED_NAME),
1018  errmsg("unacceptable tablespace name \"%s\"", newname),
1019  errdetail("The prefix \"pg_\" is reserved for system tablespaces.")));
1020 
1021  /*
1022  * If built with appropriate switch, whine when regression-testing
1023  * conventions for tablespace names are violated.
1024  */
1025 #ifdef ENFORCE_REGRESSION_TEST_NAME_RESTRICTIONS
1026  if (strncmp(newname, "regress_", 8) != 0)
1027  elog(WARNING, "tablespaces created by regression test cases should have names starting with \"regress_\"");
1028 #endif
1029 
1030  /* Make sure the new name doesn't exist */
1031  ScanKeyInit(&entry[0],
1032  Anum_pg_tablespace_spcname,
1033  BTEqualStrategyNumber, F_NAMEEQ,
1034  CStringGetDatum(newname));
1035  scan = table_beginscan_catalog(rel, 1, entry);
1036  tup = heap_getnext(scan, ForwardScanDirection);
1037  if (HeapTupleIsValid(tup))
1038  ereport(ERROR,
1040  errmsg("tablespace \"%s\" already exists",
1041  newname)));
1042 
1043  table_endscan(scan);
1044 
1045  /* OK, update the entry */
1046  namestrcpy(&(newform->spcname), newname);
1047 
1048  CatalogTupleUpdate(rel, &newtuple->t_self, newtuple);
1049 
1050  InvokeObjectPostAlterHook(TableSpaceRelationId, tspId, 0);
1051 
1052  ObjectAddressSet(address, TableSpaceRelationId, tspId);
1053 
1054  table_close(rel, NoLock);
1055 
1056  return address;
1057 }
1058 
1059 /*
1060  * Alter table space options
1061  */
1062 Oid
1064 {
1065  Relation rel;
1066  ScanKeyData entry[1];
1067  TableScanDesc scandesc;
1068  HeapTuple tup;
1069  Oid tablespaceoid;
1070  Datum datum;
1071  Datum newOptions;
1072  Datum repl_val[Natts_pg_tablespace];
1073  bool isnull;
1074  bool repl_null[Natts_pg_tablespace];
1075  bool repl_repl[Natts_pg_tablespace];
1076  HeapTuple newtuple;
1077 
1078  /* Search pg_tablespace */
1079  rel = table_open(TableSpaceRelationId, RowExclusiveLock);
1080 
1081  ScanKeyInit(&entry[0],
1082  Anum_pg_tablespace_spcname,
1083  BTEqualStrategyNumber, F_NAMEEQ,
1085  scandesc = table_beginscan_catalog(rel, 1, entry);
1086  tup = heap_getnext(scandesc, ForwardScanDirection);
1087  if (!HeapTupleIsValid(tup))
1088  ereport(ERROR,
1089  (errcode(ERRCODE_UNDEFINED_OBJECT),
1090  errmsg("tablespace \"%s\" does not exist",
1091  stmt->tablespacename)));
1092 
1093  tablespaceoid = ((Form_pg_tablespace) GETSTRUCT(tup))->oid;
1094 
1095  /* Must be owner of the existing object */
1096  if (!pg_tablespace_ownercheck(tablespaceoid, GetUserId()))
1098  stmt->tablespacename);
1099 
1100  /* Generate new proposed spcoptions (text array) */
1101  datum = heap_getattr(tup, Anum_pg_tablespace_spcoptions,
1102  RelationGetDescr(rel), &isnull);
1103  newOptions = transformRelOptions(isnull ? (Datum) 0 : datum,
1104  stmt->options, NULL, NULL, false,
1105  stmt->isReset);
1106  (void) tablespace_reloptions(newOptions, true);
1107 
1108  /* Build new tuple. */
1109  memset(repl_null, false, sizeof(repl_null));
1110  memset(repl_repl, false, sizeof(repl_repl));
1111  if (newOptions != (Datum) 0)
1112  repl_val[Anum_pg_tablespace_spcoptions - 1] = newOptions;
1113  else
1114  repl_null[Anum_pg_tablespace_spcoptions - 1] = true;
1115  repl_repl[Anum_pg_tablespace_spcoptions - 1] = true;
1116  newtuple = heap_modify_tuple(tup, RelationGetDescr(rel), repl_val,
1117  repl_null, repl_repl);
1118 
1119  /* Update system catalog. */
1120  CatalogTupleUpdate(rel, &newtuple->t_self, newtuple);
1121 
1122  InvokeObjectPostAlterHook(TableSpaceRelationId, tablespaceoid, 0);
1123 
1124  heap_freetuple(newtuple);
1125 
1126  /* Conclude heap scan. */
1127  table_endscan(scandesc);
1128  table_close(rel, NoLock);
1129 
1130  return tablespaceoid;
1131 }
1132 
1133 /*
1134  * Routines for handling the GUC variable 'default_tablespace'.
1135  */
1136 
1137 /* check_hook: validate new default_tablespace */
1138 bool
1140 {
1141  /*
1142  * If we aren't inside a transaction, or connected to a database, we
1143  * cannot do the catalog accesses necessary to verify the name. Must
1144  * accept the value on faith.
1145  */
1147  {
1148  if (**newval != '\0' &&
1150  {
1151  /*
1152  * When source == PGC_S_TEST, don't throw a hard error for a
1153  * nonexistent tablespace, only a NOTICE. See comments in guc.h.
1154  */
1155  if (source == PGC_S_TEST)
1156  {
1157  ereport(NOTICE,
1158  (errcode(ERRCODE_UNDEFINED_OBJECT),
1159  errmsg("tablespace \"%s\" does not exist",
1160  *newval)));
1161  }
1162  else
1163  {
1164  GUC_check_errdetail("Tablespace \"%s\" does not exist.",
1165  *newval);
1166  return false;
1167  }
1168  }
1169  }
1170 
1171  return true;
1172 }
1173 
1174 /*
1175  * GetDefaultTablespace -- get the OID of the current default tablespace
1176  *
1177  * Temporary objects have different default tablespaces, hence the
1178  * relpersistence parameter must be specified. Also, for partitioned tables,
1179  * we disallow specifying the database default, so that needs to be specified
1180  * too.
1181  *
1182  * May return InvalidOid to indicate "use the database's default tablespace".
1183  *
1184  * Note that caller is expected to check appropriate permissions for any
1185  * result other than InvalidOid.
1186  *
1187  * This exists to hide (and possibly optimize the use of) the
1188  * default_tablespace GUC variable.
1189  */
1190 Oid
1191 GetDefaultTablespace(char relpersistence, bool partitioned)
1192 {
1193  Oid result;
1194 
1195  /* The temp-table case is handled elsewhere */
1196  if (relpersistence == RELPERSISTENCE_TEMP)
1197  {
1199  return GetNextTempTableSpace();
1200  }
1201 
1202  /* Fast path for default_tablespace == "" */
1203  if (default_tablespace == NULL || default_tablespace[0] == '\0')
1204  return InvalidOid;
1205 
1206  /*
1207  * It is tempting to cache this lookup for more speed, but then we would
1208  * fail to detect the case where the tablespace was dropped since the GUC
1209  * variable was set. Note also that we don't complain if the value fails
1210  * to refer to an existing tablespace; we just silently return InvalidOid,
1211  * causing the new object to be created in the database's tablespace.
1212  */
1213  result = get_tablespace_oid(default_tablespace, true);
1214 
1215  /*
1216  * Allow explicit specification of database's default tablespace in
1217  * default_tablespace without triggering permissions checks. Don't allow
1218  * specifying that when creating a partitioned table, however, since the
1219  * result is confusing.
1220  */
1221  if (result == MyDatabaseTableSpace)
1222  {
1223  if (partitioned)
1224  ereport(ERROR,
1225  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1226  errmsg("cannot specify default tablespace for partitioned relations")));
1227  result = InvalidOid;
1228  }
1229  return result;
1230 }
1231 
1232 
1233 /*
1234  * Routines for handling the GUC variable 'temp_tablespaces'.
1235  */
1236 
1237 typedef struct
1238 {
1239  /* Array of OIDs to be passed to SetTempTablespaces() */
1240  int numSpcs;
1243 
1244 /* check_hook: validate new temp_tablespaces */
1245 bool
1247 {
1248  char *rawname;
1249  List *namelist;
1250 
1251  /* Need a modifiable copy of string */
1252  rawname = pstrdup(*newval);
1253 
1254  /* Parse string into list of identifiers */
1255  if (!SplitIdentifierString(rawname, ',', &namelist))
1256  {
1257  /* syntax error in name list */
1258  GUC_check_errdetail("List syntax is invalid.");
1259  pfree(rawname);
1260  list_free(namelist);
1261  return false;
1262  }
1263 
1264  /*
1265  * If we aren't inside a transaction, or connected to a database, we
1266  * cannot do the catalog accesses necessary to verify the name. Must
1267  * accept the value on faith. Fortunately, there's then also no need to
1268  * pass the data to fd.c.
1269  */
1271  {
1272  temp_tablespaces_extra *myextra;
1273  Oid *tblSpcs;
1274  int numSpcs;
1275  ListCell *l;
1276 
1277  /* temporary workspace until we are done verifying the list */
1278  tblSpcs = (Oid *) palloc(list_length(namelist) * sizeof(Oid));
1279  numSpcs = 0;
1280  foreach(l, namelist)
1281  {
1282  char *curname = (char *) lfirst(l);
1283  Oid curoid;
1284  AclResult aclresult;
1285 
1286  /* Allow an empty string (signifying database default) */
1287  if (curname[0] == '\0')
1288  {
1289  /* InvalidOid signifies database's default tablespace */
1290  tblSpcs[numSpcs++] = InvalidOid;
1291  continue;
1292  }
1293 
1294  /*
1295  * In an interactive SET command, we ereport for bad info. When
1296  * source == PGC_S_TEST, don't throw a hard error for a
1297  * nonexistent tablespace, only a NOTICE. See comments in guc.h.
1298  */
1299  curoid = get_tablespace_oid(curname, source <= PGC_S_TEST);
1300  if (curoid == InvalidOid)
1301  {
1302  if (source == PGC_S_TEST)
1303  ereport(NOTICE,
1304  (errcode(ERRCODE_UNDEFINED_OBJECT),
1305  errmsg("tablespace \"%s\" does not exist",
1306  curname)));
1307  continue;
1308  }
1309 
1310  /*
1311  * Allow explicit specification of database's default tablespace
1312  * in temp_tablespaces without triggering permissions checks.
1313  */
1314  if (curoid == MyDatabaseTableSpace)
1315  {
1316  /* InvalidOid signifies database's default tablespace */
1317  tblSpcs[numSpcs++] = InvalidOid;
1318  continue;
1319  }
1320 
1321  /* Check permissions, similarly complaining only if interactive */
1322  aclresult = pg_tablespace_aclcheck(curoid, GetUserId(),
1323  ACL_CREATE);
1324  if (aclresult != ACLCHECK_OK)
1325  {
1326  if (source >= PGC_S_INTERACTIVE)
1327  aclcheck_error(aclresult, OBJECT_TABLESPACE, curname);
1328  continue;
1329  }
1330 
1331  tblSpcs[numSpcs++] = curoid;
1332  }
1333 
1334  /* Now prepare an "extra" struct for assign_temp_tablespaces */
1335  myextra = malloc(offsetof(temp_tablespaces_extra, tblSpcs) +
1336  numSpcs * sizeof(Oid));
1337  if (!myextra)
1338  return false;
1339  myextra->numSpcs = numSpcs;
1340  memcpy(myextra->tblSpcs, tblSpcs, numSpcs * sizeof(Oid));
1341  *extra = (void *) myextra;
1342 
1343  pfree(tblSpcs);
1344  }
1345 
1346  pfree(rawname);
1347  list_free(namelist);
1348 
1349  return true;
1350 }
1351 
1352 /* assign_hook: do extra actions as needed */
1353 void
1354 assign_temp_tablespaces(const char *newval, void *extra)
1355 {
1356  temp_tablespaces_extra *myextra = (temp_tablespaces_extra *) extra;
1357 
1358  /*
1359  * If check_temp_tablespaces was executed inside a transaction, then pass
1360  * the list it made to fd.c. Otherwise, clear fd.c's list; we must be
1361  * still outside a transaction, or else restoring during transaction exit,
1362  * and in either case we can just let the next PrepareTempTablespaces call
1363  * make things sane.
1364  */
1365  if (myextra)
1366  SetTempTablespaces(myextra->tblSpcs, myextra->numSpcs);
1367  else
1368  SetTempTablespaces(NULL, 0);
1369 }
1370 
1371 /*
1372  * PrepareTempTablespaces -- prepare to use temp tablespaces
1373  *
1374  * If we have not already done so in the current transaction, parse the
1375  * temp_tablespaces GUC variable and tell fd.c which tablespace(s) to use
1376  * for temp files.
1377  */
1378 void
1380 {
1381  char *rawname;
1382  List *namelist;
1383  Oid *tblSpcs;
1384  int numSpcs;
1385  ListCell *l;
1386 
1387  /* No work if already done in current transaction */
1388  if (TempTablespacesAreSet())
1389  return;
1390 
1391  /*
1392  * Can't do catalog access unless within a transaction. This is just a
1393  * safety check in case this function is called by low-level code that
1394  * could conceivably execute outside a transaction. Note that in such a
1395  * scenario, fd.c will fall back to using the current database's default
1396  * tablespace, which should always be OK.
1397  */
1398  if (!IsTransactionState())
1399  return;
1400 
1401  /* Need a modifiable copy of string */
1402  rawname = pstrdup(temp_tablespaces);
1403 
1404  /* Parse string into list of identifiers */
1405  if (!SplitIdentifierString(rawname, ',', &namelist))
1406  {
1407  /* syntax error in name list */
1408  SetTempTablespaces(NULL, 0);
1409  pfree(rawname);
1410  list_free(namelist);
1411  return;
1412  }
1413 
1414  /* Store tablespace OIDs in an array in TopTransactionContext */
1416  list_length(namelist) * sizeof(Oid));
1417  numSpcs = 0;
1418  foreach(l, namelist)
1419  {
1420  char *curname = (char *) lfirst(l);
1421  Oid curoid;
1422  AclResult aclresult;
1423 
1424  /* Allow an empty string (signifying database default) */
1425  if (curname[0] == '\0')
1426  {
1427  /* InvalidOid signifies database's default tablespace */
1428  tblSpcs[numSpcs++] = InvalidOid;
1429  continue;
1430  }
1431 
1432  /* Else verify that name is a valid tablespace name */
1433  curoid = get_tablespace_oid(curname, true);
1434  if (curoid == InvalidOid)
1435  {
1436  /* Skip any bad list elements */
1437  continue;
1438  }
1439 
1440  /*
1441  * Allow explicit specification of database's default tablespace in
1442  * temp_tablespaces without triggering permissions checks.
1443  */
1444  if (curoid == MyDatabaseTableSpace)
1445  {
1446  /* InvalidOid signifies database's default tablespace */
1447  tblSpcs[numSpcs++] = InvalidOid;
1448  continue;
1449  }
1450 
1451  /* Check permissions similarly */
1452  aclresult = pg_tablespace_aclcheck(curoid, GetUserId(),
1453  ACL_CREATE);
1454  if (aclresult != ACLCHECK_OK)
1455  continue;
1456 
1457  tblSpcs[numSpcs++] = curoid;
1458  }
1459 
1460  SetTempTablespaces(tblSpcs, numSpcs);
1461 
1462  pfree(rawname);
1463  list_free(namelist);
1464 }
1465 
1466 
1467 /*
1468  * get_tablespace_oid - given a tablespace name, look up the OID
1469  *
1470  * If missing_ok is false, throw an error if tablespace name not found. If
1471  * true, just return InvalidOid.
1472  */
1473 Oid
1474 get_tablespace_oid(const char *tablespacename, bool missing_ok)
1475 {
1476  Oid result;
1477  Relation rel;
1478  TableScanDesc scandesc;
1479  HeapTuple tuple;
1480  ScanKeyData entry[1];
1481 
1482  /*
1483  * Search pg_tablespace. We use a heapscan here even though there is an
1484  * index on name, on the theory that pg_tablespace will usually have just
1485  * a few entries and so an indexed lookup is a waste of effort.
1486  */
1487  rel = table_open(TableSpaceRelationId, AccessShareLock);
1488 
1489  ScanKeyInit(&entry[0],
1490  Anum_pg_tablespace_spcname,
1491  BTEqualStrategyNumber, F_NAMEEQ,
1492  CStringGetDatum(tablespacename));
1493  scandesc = table_beginscan_catalog(rel, 1, entry);
1494  tuple = heap_getnext(scandesc, ForwardScanDirection);
1495 
1496  /* We assume that there can be at most one matching tuple */
1497  if (HeapTupleIsValid(tuple))
1498  result = ((Form_pg_tablespace) GETSTRUCT(tuple))->oid;
1499  else
1500  result = InvalidOid;
1501 
1502  table_endscan(scandesc);
1504 
1505  if (!OidIsValid(result) && !missing_ok)
1506  ereport(ERROR,
1507  (errcode(ERRCODE_UNDEFINED_OBJECT),
1508  errmsg("tablespace \"%s\" does not exist",
1509  tablespacename)));
1510 
1511  return result;
1512 }
1513 
1514 /*
1515  * get_tablespace_name - given a tablespace OID, look up the name
1516  *
1517  * Returns a palloc'd string, or NULL if no such tablespace.
1518  */
1519 char *
1521 {
1522  char *result;
1523  Relation rel;
1524  TableScanDesc scandesc;
1525  HeapTuple tuple;
1526  ScanKeyData entry[1];
1527 
1528  /*
1529  * Search pg_tablespace. We use a heapscan here even though there is an
1530  * index on oid, on the theory that pg_tablespace will usually have just a
1531  * few entries and so an indexed lookup is a waste of effort.
1532  */
1533  rel = table_open(TableSpaceRelationId, AccessShareLock);
1534 
1535  ScanKeyInit(&entry[0],
1536  Anum_pg_tablespace_oid,
1537  BTEqualStrategyNumber, F_OIDEQ,
1538  ObjectIdGetDatum(spc_oid));
1539  scandesc = table_beginscan_catalog(rel, 1, entry);
1540  tuple = heap_getnext(scandesc, ForwardScanDirection);
1541 
1542  /* We assume that there can be at most one matching tuple */
1543  if (HeapTupleIsValid(tuple))
1544  result = pstrdup(NameStr(((Form_pg_tablespace) GETSTRUCT(tuple))->spcname));
1545  else
1546  result = NULL;
1547 
1548  table_endscan(scandesc);
1550 
1551  return result;
1552 }
1553 
1554 
1555 /*
1556  * TABLESPACE resource manager's routines
1557  */
1558 void
1560 {
1561  uint8 info = XLogRecGetInfo(record) & ~XLR_INFO_MASK;
1562 
1563  /* Backup blocks are not used in tblspc records */
1564  Assert(!XLogRecHasAnyBlockRefs(record));
1565 
1566  if (info == XLOG_TBLSPC_CREATE)
1567  {
1569  char *location = xlrec->ts_path;
1570 
1571  create_tablespace_directories(location, xlrec->ts_id);
1572  }
1573  else if (info == XLOG_TBLSPC_DROP)
1574  {
1576 
1577  /* Close all smgr fds in all backends. */
1579 
1580  /*
1581  * If we issued a WAL record for a drop tablespace it implies that
1582  * there were no files in it at all when the DROP was done. That means
1583  * that no permanent objects can exist in it at this point.
1584  *
1585  * It is possible for standby users to be using this tablespace as a
1586  * location for their temporary files, so if we fail to remove all
1587  * files then do conflict processing and try again, if currently
1588  * enabled.
1589  *
1590  * Other possible reasons for failure include bollixed file
1591  * permissions on a standby server when they were okay on the primary,
1592  * etc etc. There's not much we can do about that, so just remove what
1593  * we can and press on.
1594  */
1595  if (!destroy_tablespace_directories(xlrec->ts_id, true))
1596  {
1598 
1599  /*
1600  * If we did recovery processing then hopefully the backends who
1601  * wrote temp files should have cleaned up and exited by now. So
1602  * retry before complaining. If we fail again, this is just a LOG
1603  * condition, because it's not worth throwing an ERROR for (as
1604  * that would crash the database and require manual intervention
1605  * before we could get past this WAL record on restart).
1606  */
1607  if (!destroy_tablespace_directories(xlrec->ts_id, true))
1608  ereport(LOG,
1609  (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
1610  errmsg("directories for tablespace %u could not be removed",
1611  xlrec->ts_id),
1612  errhint("You can remove the directories manually if necessary.")));
1613  }
1614  }
1615  else
1616  elog(PANIC, "tblspc_redo: unknown op code %u", info);
1617 }
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
Definition: acl.c:5211
AclResult
Definition: acl.h:181
@ ACLCHECK_NO_PRIV
Definition: acl.h:183
@ ACLCHECK_OK
Definition: acl.h:182
@ ACLCHECK_NOT_OWNER
Definition: acl.h:184
AclResult pg_tablespace_aclcheck(Oid spc_oid, Oid roleid, AclMode mode)
Definition: aclchk.c:5121
bool pg_tablespace_ownercheck(Oid spc_oid, Oid roleid)
Definition: aclchk.c:5373
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
Definition: aclchk.c:3512
char * get_tablespace_name(Oid spc_oid)
Definition: tablespace.c:1520
Oid AlterTableSpaceOptions(AlterTableSpaceOptionsStmt *stmt)
Definition: tablespace.c:1063
Oid binary_upgrade_next_pg_tablespace_oid
Definition: tablespace.c:93
bool directory_is_empty(const char *path)
Definition: tablespace.c:899
void remove_tablespace_symlink(const char *linkloc)
Definition: tablespace.c:929
static bool destroy_tablespace_directories(Oid tablespaceoid, bool redo)
Definition: tablespace.c:729
bool check_default_tablespace(char **newval, void **extra, GucSource source)
Definition: tablespace.c:1139
void DropTableSpace(DropTableSpaceStmt *stmt)
Definition: tablespace.c:432
void PrepareTempTablespaces(void)
Definition: tablespace.c:1379
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
Definition: tablespace.c:1474
ObjectAddress RenameTableSpace(const char *oldname, const char *newname)
Definition: tablespace.c:978
char * temp_tablespaces
Definition: tablespace.c:90
void assign_temp_tablespaces(const char *newval, void *extra)
Definition: tablespace.c:1354
Oid GetDefaultTablespace(char relpersistence, bool partitioned)
Definition: tablespace.c:1191
void TablespaceCreateDbspace(Oid spcNode, Oid dbNode, bool isRedo)
Definition: tablespace.c:118
bool check_temp_tablespaces(char **newval, void **extra, GucSource source)
Definition: tablespace.c:1246
Oid CreateTableSpace(CreateTableSpaceStmt *stmt)
Definition: tablespace.c:236
char * default_tablespace
Definition: tablespace.c:89
static void create_tablespace_directories(const char *location, const Oid tablespaceoid)
Definition: tablespace.c:615
void tblspc_redo(XLogReaderState *record)
Definition: tablespace.c:1559
bool allow_in_place_tablespaces
Definition: tablespace.c:91
static Datum values[MAXATTR]
Definition: bootstrap.c:156
#define NameStr(name)
Definition: c.h:692
#define offsetof(type, field)
Definition: c.h:738
#define FLEXIBLE_ARRAY_MEMBER
Definition: c.h:361
unsigned char uint8
Definition: c.h:450
#define MemSet(start, val, len)
Definition: c.h:1019
#define OidIsValid(objectId)
Definition: c.h:721
Oid GetNewOidWithIndex(Relation relation, Oid indexId, AttrNumber oidcolumn)
Definition: catalog.c:391
bool IsPinnedObject(Oid classId, Oid objectId)
Definition: catalog.c:313
bool IsReservedName(const char *name)
Definition: catalog.c:219
void RequestCheckpoint(int flags)
Definition: checkpointer.c:931
void DeleteSharedComments(Oid oid, Oid classoid)
Definition: comment.c:374
int errdetail_internal(const char *fmt,...)
Definition: elog.c:1064
int errcode_for_file_access(void)
Definition: elog.c:716
int errdetail(const char *fmt,...)
Definition: elog.c:1037
int errhint(const char *fmt,...)
Definition: elog.c:1151
int errcode(int sqlerrcode)
Definition: elog.c:693
int errmsg(const char *fmt,...)
Definition: elog.c:904
int errdetail_log(const char *fmt,...)
Definition: elog.c:1085
#define LOG
Definition: elog.h:25
#define WARNING
Definition: elog.h:30
#define PANIC
Definition: elog.h:36
#define ERROR
Definition: elog.h:33
#define elog(elevel,...)
Definition: elog.h:218
#define NOTICE
Definition: elog.h:29
#define ereport(elevel,...)
Definition: elog.h:143
struct dirent * ReadDir(DIR *dir, const char *dirname)
Definition: fd.c:2788
int MakePGDirectory(const char *directoryName)
Definition: fd.c:3803
int FreeDir(DIR *dir)
Definition: fd.c:2840
bool TempTablespacesAreSet(void)
Definition: fd.c:2957
Oid GetNextTempTableSpace(void)
Definition: fd.c:2990
void SetTempTablespaces(Oid *tableSpaces, int numSpaces)
Definition: fd.c:2928
DIR * AllocateDir(const char *dirname)
Definition: fd.c:2722
int pg_dir_create_mode
Definition: file_perm.c:18
#define DirectFunctionCall1(func, arg1)
Definition: fmgr.h:631
bool IsBinaryUpgrade
Definition: globals.c:114
bool allowSystemTableMods
Definition: globals.c:124
Oid MyDatabaseTableSpace
Definition: globals.c:91
char * DataDir
Definition: globals.c:66
Oid MyDatabaseId
Definition: globals.c:89
#define newval
#define GUC_check_errdetail
Definition: guc.h:431
GucSource
Definition: guc.h:109
@ PGC_S_TEST
Definition: guc.h:122
@ PGC_S_INTERACTIVE
Definition: guc.h:121
#define malloc(a)
Definition: header.h:50
HeapTuple heap_getnext(TableScanDesc sscan, ScanDirection direction)
Definition: heapam.c:1296
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, Datum *values, bool *isnull)
Definition: heaptuple.c:1020
HeapTuple heap_copytuple(HeapTuple tuple)
Definition: heaptuple.c:680
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
void heap_freetuple(HeapTuple htup)
Definition: heaptuple.c:1338
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
Definition: htup_details.h:788
#define GETSTRUCT(TUP)
Definition: htup_details.h:649
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
Definition: indexing.c:221
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
Definition: indexing.c:350
Assert(fmt[strlen(fmt) - 1] !='\n')
void list_free(List *list)
Definition: list.c:1505
#define NoLock
Definition: lockdefs.h:34
#define AccessShareLock
Definition: lockdefs.h:36
#define RowExclusiveLock
Definition: lockdefs.h:38
bool LWLockAcquire(LWLock *lock, LWLockMode mode)
Definition: lwlock.c:1196
void LWLockRelease(LWLock *lock)
Definition: lwlock.c:1800
@ LW_EXCLUSIVE
Definition: lwlock.h:104
MemoryContext TopTransactionContext
Definition: mcxt.c:53
char * pstrdup(const char *in)
Definition: mcxt.c:1305
void pfree(void *pointer)
Definition: mcxt.c:1175
void * MemoryContextAlloc(MemoryContext context, Size size)
Definition: mcxt.c:863
void * palloc(Size size)
Definition: mcxt.c:1068
Oid GetUserId(void)
Definition: miscinit.c:492
void namestrcpy(Name name, const char *str)
Definition: name.c:233
Datum namein(PG_FUNCTION_ARGS)
Definition: name.c:48
#define InvokeObjectPostCreateHook(classId, objectId, subId)
Definition: objectaccess.h:171
#define InvokeObjectPostAlterHook(classId, objectId, subId)
Definition: objectaccess.h:195
#define InvokeObjectDropHook(classId, objectId, subId)
Definition: objectaccess.h:180
#define ObjectAddressSet(addr, class_id, object_id)
Definition: objectaddress.h:40
@ OBJECT_TABLESPACE
Definition: parsenodes.h:2176
#define ACL_CREATE
Definition: parsenodes.h:91
#define MAXPGPATH
#define lfirst(lc)
Definition: pg_list.h:169
static int list_length(const List *l)
Definition: pg_list.h:149
static rewind_source * source
Definition: pg_rewind.c:81
void deleteSharedDependencyRecordsFor(Oid classId, Oid objectId, int32 objectSubId)
Definition: pg_shdepend.c:1001
void recordDependencyOnOwner(Oid classId, Oid objectId, Oid owner)
Definition: pg_shdepend.c:164
bool checkSharedDependencies(Oid classId, Oid objectId, char **detail_msg, char **detail_log_msg)
Definition: pg_shdepend.c:630
FormData_pg_tablespace * Form_pg_tablespace
Definition: pg_tablespace.h:48
#define is_absolute_path(filename)
Definition: port.h:89
bool path_is_prefix_of_path(const char *path1, const char *path2)
Definition: path.c:559
void canonicalize_path(char *path)
Definition: path.c:264
void get_parent_directory(char *path)
Definition: path.c:977
#define CStringGetDatum(X)
Definition: postgres.h:622
uintptr_t Datum
Definition: postgres.h:411
#define ObjectIdGetDatum(X)
Definition: postgres.h:551
#define InvalidOid
Definition: postgres_ext.h:36
unsigned int Oid
Definition: postgres_ext.h:31
void WaitForProcSignalBarrier(uint64 generation)
Definition: procsignal.c:392
uint64 EmitProcSignalBarrier(ProcSignalBarrierType type)
Definition: procsignal.c:332
@ PROCSIGNAL_BARRIER_SMGRRELEASE
Definition: procsignal.h:52
char * psprintf(const char *fmt,...)
Definition: psprintf.c:46
#define RelationGetDescr(relation)
Definition: rel.h:514
bytea * tablespace_reloptions(Datum reloptions, bool validate)
Definition: reloptions.c:2088
Datum transformRelOptions(Datum oldOptions, List *defList, const char *namspace, char *validnsps[], bool acceptOidsOff, bool isReset)
Definition: reloptions.c:1158
char * GetDatabasePath(Oid dbNode, Oid spcNode)
Definition: relpath.c:110
#define OIDCHARS
Definition: relpath.h:30
#define FORKNAMECHARS
Definition: relpath.h:57
#define TABLESPACE_VERSION_DIRECTORY
Definition: relpath.h:26
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
@ ForwardScanDirection
Definition: sdir.h:26
void DeleteSharedSecurityLabel(Oid objectId, Oid classId)
Definition: seclabel.c:491
void ResolveRecoveryConflictWithTablespace(Oid tsid)
Definition: standby.c:501
#define BTEqualStrategyNumber
Definition: stratnum.h:31
#define ERRCODE_DUPLICATE_OBJECT
Definition: streamutil.c:32
Definition: dirent.c:26
ItemPointerData t_self
Definition: htup.h:65
Definition: pg_list.h:51
TupleDesc rd_att
Definition: rel.h:110
Definition: dirent.h:10
char d_name[MAX_PATH]
Definition: dirent.h:15
unsigned short st_mode
Definition: win32_port.h:268
Oid tblSpcs[FLEXIBLE_ARRAY_MEMBER]
Definition: tablespace.c:1241
char ts_path[FLEXIBLE_ARRAY_MEMBER]
Definition: tablespace.h:31
bool superuser(void)
Definition: superuser.c:46
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
TableScanDesc table_beginscan_catalog(Relation relation, int nkeys, struct ScanKeyData *key)
Definition: tableam.c:112
static void table_endscan(TableScanDesc scan)
Definition: tableam.h:993
#define XLOG_TBLSPC_DROP
Definition: tablespace.h:26
#define XLOG_TBLSPC_CREATE
Definition: tablespace.h:25
bool SplitIdentifierString(char *rawstring, char separator, List **namelist)
Definition: varlena.c:3715
#define stat
Definition: win32_port.h:283
#define lstat(path, sb)
Definition: win32_port.h:284
#define S_ISDIR(m)
Definition: win32_port.h:324
#define symlink(oldpath, newpath)
Definition: win32_port.h:235
bool IsTransactionState(void)
Definition: xact.c:374
void ForceSyncCommit(void)
Definition: xact.c:1124
#define CHECKPOINT_FORCE
Definition: xlog.h:137
#define CHECKPOINT_WAIT
Definition: xlog.h:140
#define CHECKPOINT_IMMEDIATE
Definition: xlog.h:136
XLogRecPtr XLogInsert(RmgrId rmid, uint8 info)
Definition: xloginsert.c:443
void XLogBeginInsert(void)
Definition: xloginsert.c:150
void XLogRegisterData(char *data, int len)
Definition: xloginsert.c:351
#define XLogRecGetInfo(decoder)
Definition: xlogreader.h:408
#define XLogRecGetData(decoder)
Definition: xlogreader.h:413
#define XLogRecHasAnyBlockRefs(decoder)
Definition: xlogreader.h:415
#define XLR_INFO_MASK
Definition: xlogrecord.h:62
bool InRecovery
Definition: xlogutils.c:53