1. 26 Apr, 2010 6 commits
  2. 24 Apr, 2010 2 commits
  3. 23 Apr, 2010 4 commits
  4. 22 Apr, 2010 4 commits
  5. 21 Apr, 2010 6 commits
    • Tom Lane's avatar
      Enforce superuser permissions checks during ALTER ROLE/DATABASE SET, rather · a6dcd19a
      Tom Lane authored
      than during define_custom_variable().  This entails rejecting an ALTER
      command if the target variable doesn't have a known (non-placeholder)
      definition, unless the calling user is superuser.  When the variable *is*
      known, we can correctly apply the rule that only superusers can issue ALTER
      for SUSET parameters.  This allows define_custom_variable to apply ALTER's
      values for SUSET parameters at module load time, secure in the knowledge
      that only a superuser could have set the ALTER value.  This change fixes a
      longstanding gotcha in the usage of SUSET-level custom parameters; which
      is a good thing to fix now that plpgsql defines such a parameter.
      a6dcd19a
    • Simon Riggs's avatar
      Only send cleanup_info messages if VACUUM removes any tuples. · f6e09270
      Simon Riggs authored
      There is no other purpose for this message type than to report
      the latestRemovedXid of removed tuples, prior to index scans.
      Removes overlooked path for sending invalid latestRemovedXid.
      Fixes buildfarm failure on centaur.
      f6e09270
    • Simon Riggs's avatar
      Relax locking during GetCurrentVirtualXIDs(). Earlier improvements · 0192abc4
      Simon Riggs authored
      to handling of btree delete records mean that all snapshot
      conflicts on standby now have a valid, useful latestRemovedXid.
      Our earlier approach using LW_EXCLUSIVE was useful when we didnt
      always have a valid value, though is no longer useful or necessary.
      Asserts added to code path to prove and ensure this is the case.
      This will reduce contention and improve performance of larger Hot
      Standby servers.
      0192abc4
    • Simon Riggs's avatar
      Fix oversight in collecting values for cleanup_info records. · bc2b85d9
      Simon Riggs authored
      vacuum_log_cleanup_info() now generates log records with a valid
      latestRemovedXid set in all cases. Also be careful not to zero the
      value when we do a round of vacuuming part-way through lazy_scan_heap().
      Incidentally, this reduces frequency of conflicts in Hot Standby.
      bc2b85d9
    • Tom Lane's avatar
      Fix pg_hba.conf matching so that replication connections only match records · a2c3931a
      Tom Lane authored
      with database = replication.  The previous coding would allow them to match
      ordinary records too, but that seems like a recipe for security breaches.
      Improve the messages associated with no-such-pg_hba.conf entry to report
      replication connections as such, since that's now a critical aspect of
      whether the connection matches.  Make some cursory improvements in the related
      documentation, too.
      a2c3931a
    • Tom Lane's avatar
      Move the check for whether walreceiver has authenticated as a superuser · a3c6d105
      Tom Lane authored
      from walsender.c, where it didn't really belong, to postinit.c where it does
      belong (and is essentially free, too).
      a3c6d105
  6. 20 Apr, 2010 5 commits
    • Tom Lane's avatar
      Arrange for client authentication to occur before we select a specific · ea46000a
      Tom Lane authored
      database to connect to. This is necessary for the walsender code to work
      properly (it was previously using an untenable assumption that template1 would
      always be available to connect to).  This also gets rid of a small security
      shortcoming that was introduced in the original patch to eliminate the flat
      authentication files: before, you could find out whether or not the requested
      database existed even if you couldn't pass the authentication checks.
      
      The changes needed to support this are mainly just to treat pg_authid and
      pg_auth_members as nailed relations, so that we can read them without having
      to be able to locate real pg_class entries for them.  This mechanism was
      already debugged for pg_database, but we hadn't recognized the value of
      applying it to those catalogs too.
      
      Since the current code doesn't have support for accessing toast tables before
      we've brought up all of the relcache, remove pg_authid's toast table to ensure
      that no one can store an out-of-line toasted value of rolpassword.  The case
      seems quite unlikely to occur in practice, and was effectively unsupported
      anyway in the old "flatfiles" implementation.
      
      Update genbki.pl to actually implement the same rules as bootstrap.c does for
      not-nullability of catalog columns.  The previous coding was a bit cheesy but
      worked all right for the previous set of bootstrap catalogs.  It does not work
      for pg_authid, where rolvaliduntil needs to be nullable.
      
      Initdb forced due to minor catalog changes (mainly the toast table removal).
      ea46000a
    • Tom Lane's avatar
      Fix code that doesn't work on machines with strict alignment requirements: · 7de2dfcc
      Tom Lane authored
      must use memcpy here rather than struct assignment.
      
      In passing, rearrange some randomly-ordered declarations to be a tad less
      random.
      7de2dfcc
    • Robert Haas's avatar
      Rename standby_keep_segments to wal_keep_segments. · 481cb5d9
      Robert Haas authored
      Also, make the name of the GUC and the name of the backing variable match.
      Alnong the way, clean up a couple of slight typographical errors in the
      related docs.
      481cb5d9
    • Tom Lane's avatar
      Move the responsibility for calling StartupXLOG into InitPostgres, for · c670410e
      Tom Lane authored
      those process types that go through InitPostgres; in particular, bootstrap
      and standalone-backend cases.  This ensures that we have set up a PGPROC
      and done some other basic initialization steps (corresponding to the
      if (IsUnderPostmaster) block in AuxiliaryProcessMain) before we attempt to
      run WAL recovery in a standalone backend.  As was discovered last September,
      this is necessary for some corner-case code paths during WAL recovery,
      particularly end-of-WAL cleanup.
      
      Moving the bootstrap case here too is not necessary for correctness, but it
      seems like a good idea since it reduces the number of distinct code paths.
      c670410e
    • Robert Haas's avatar
      Update docs as to when WAL logging can be skipped. · ee7769bb
      Robert Haas authored
      In 8.4 and prior, WAL-logging could potentially be skipped whenever
      archive_mode=off.  With streaming replication, this is now true only
      if max_wal_senders=0.
      
      Fujii Masao, with light copyediting by me
      ee7769bb
  7. 19 Apr, 2010 5 commits
  8. 18 Apr, 2010 4 commits
  9. 16 Apr, 2010 4 commits