1. 30 Aug, 2009 2 commits
  2. 29 Aug, 2009 2 commits
    • Tom Lane's avatar
      Remove the use of the pg_auth flat file for client authentication. · e710b65c
      Tom Lane authored
      (That flat file is now completely useless, but removal will come later.)
      
      To do this, postpone client authentication into the startup transaction
      that's run by InitPostgres.  We still collect the startup packet and do
      SSL initialization (if needed) at the same time we did before.  The
      AuthenticationTimeout is applied separately to startup packet collection
      and the actual authentication cycle.  (This is a bit annoying, since it
      means a couple extra syscalls; but the signal handling requirements inside
      and outside a transaction are sufficiently different that it seems best
      to treat the timeouts as completely independent.)
      
      A small security disadvantage is that if the given database name is invalid,
      this will be reported to the client before any authentication happens.
      We could work around that by connecting to database "postgres" instead,
      but consensus seems to be that it's not worth introducing such surprising
      behavior.
      
      Processing of all command-line switches and GUC options received from the
      client is now postponed until after authentication.  This means that
      PostAuthDelay is much less useful than it used to be --- if you need to
      investigate problems during InitPostgres you'll have to set PreAuthDelay
      instead.  However, allowing an unauthenticated user to set any GUC options
      whatever seems a bit too risky, so we'll live with that.
      e710b65c
    • Bruce Momjian's avatar
  3. 28 Aug, 2009 3 commits
  4. 27 Aug, 2009 9 commits
    • Tom Lane's avatar
      Modify the definition of window-function PARTITION BY and ORDER BY clauses · bb16dc49
      Tom Lane authored
      so that their elements are always taken as simple expressions over the
      query's input columns.  It originally seemed like a good idea to make them
      act exactly like GROUP BY and ORDER BY, right down to the SQL92-era behavior
      of accepting output column names or numbers.  However, that was not such a
      great idea, for two reasons:
      
      1. It permits circular references, as exhibited in bug #5018: the output
      column could be the one containing the window function itself.  (We actually
      had a regression test case illustrating this, but nobody thought twice about
      how confusing that would be.)
      
      2. It doesn't seem like a good idea for, eg, "lead(foo) OVER (ORDER BY foo)"
      to potentially use two completely different meanings for "foo".
      
      Accordingly, narrow down the behavior of window clauses to use only the
      SQL99-compliant interpretation that the expressions are simple expressions.
      bb16dc49
    • Alvaro Herrera's avatar
      Fix broken markup · f065b17d
      Alvaro Herrera authored
      Jan Urbański
      f065b17d
    • Tom Lane's avatar
      Make the .DEF file generation rules safe against tabs in exports.txt. · 3d167209
      Tom Lane authored
      Per bug #5016, although I think the MSVC build scripts may need a similar fix.
      3d167209
    • Alvaro Herrera's avatar
      Fix handling of autovacuum reloptions. · 53af86c5
      Alvaro Herrera authored
      In the original coding, setting a single reloption would cause default
      values to be used for all the other reloptions.  This is a problem
      particularly for autovacuum reloptions.
      
      Itagaki Takahiro
      53af86c5
    • Tom Lane's avatar
      Make it reasonably safe to use pg_ctl to start the postmaster from a boot-time · 8f5500e6
      Tom Lane authored
      script.
      
      To do this, have pg_ctl pass down its parent shell's PID in an environment
      variable PG_GRANDPARENT_PID, and teach CreateLockFile() to disregard that PID
      as a false match if it finds it in postmaster.pid.  This allows us to cope
      with one level of postgres-owned shell process even with pg_ctl in the way,
      so it's just as safe as starting the postmaster directly.  You still have to
      be careful about how you write the initscript though.
      
      Adjust the comments in contrib/start-scripts/ to not deprecate use of
      pg_ctl.  Also, fix the ROTATELOGS option in the OSX script, which was
      indulging in exactly the sort of unsafe coding that renders this fix
      pointless :-(.  A pipe inside the "sudo" will probably result in more
      than one postgres-owned process hanging around.
      8f5500e6
    • Magnus Hagander's avatar
      0e3f0cbd
    • Tom Lane's avatar
      Remove some unnecessary variable assignments, per results of "clang" · aaa9f7d4
      Tom Lane authored
      static checker.  Paul Matthews
      aaa9f7d4
    • Heikki Linnakangas's avatar
      In the checkpoint written at the end of archive recovery, the WAL page header · 9cd6685f
      Heikki Linnakangas authored
      was incorrectly initialized with timeline ID 0. That rendered the WAL page
      unrecoverable, making a subsequent archive recovery stop at that point.
      ThisTimeLineID needs to be initialized before calling AdvanceXLInsertBuffer().
      
      This fixes bug #5011 reported by James Bardin. Backpatch to 8.4, as the bug
      was introduced by the changes to use of bgwriter for writing the
      end-of-archive-recovery checkpoint. Patch by Tom Lane.
      9cd6685f
    • Bruce Momjian's avatar
  5. 26 Aug, 2009 4 commits
  6. 25 Aug, 2009 2 commits
  7. 24 Aug, 2009 8 commits
    • Peter Eisentraut's avatar
      Make PL/Python tests more compatible with Python 3 · 5dff9363
      Peter Eisentraut authored
      This changes a bunch of incidentially used constructs in the PL/Python
      regression tests to equivalent constructs in cases where Python 3 no longer
      supports the old syntax.  Support for older Python versions is unchanged.
      5dff9363
    • Tom Lane's avatar
      Try to make silent_mode behave somewhat reasonably. · 8bed238c
      Tom Lane authored
      Instead of sending stdout/stderr to /dev/null after forking away from the
      terminal, send them to postmaster.log within the data directory.  Since
      this opens the door to indefinite logfile bloat, recommend even more
      strongly that log output be redirected when using silent_mode.
      
      Move the postmaster's initial calls of load_hba() and load_ident() down
      to after we have started the log collector, if we are going to.  This
      is so that errors reported by them will appear in the "usual" place.
      
      Reclassify silent_mode as a LOGGING_WHERE, not LOGGING_WHEN, parameter,
      since it's got absolutely nothing to do with the latter category.
      
      In passing, fix some obsolete references to -S ... this option hasn't
      had that switch letter for a long time.
      
      Back-patch to 8.4, since as of 8.4 load_hba() and load_ident() are more
      picky (and thus more likely to fail) than they used to be.  This entire
      change was driven by a complaint about those errors disappearing into
      the bit bucket.
      8bed238c
    • Tom Lane's avatar
      Small correction to previous patch: we shouldn't ReleasePostmasterChildSlot · 5a4f7638
      Tom Lane authored
      for a dead_end child, because we didn't AssignPostmasterChildSlot.
      5a4f7638
    • Alvaro Herrera's avatar
      Avoid calling kill() in a postmaster signal handler. · 45f9b464
      Alvaro Herrera authored
      This causes problems when the system load is high, per report from Zdenek
      Kotala in <1250860954.1239.114.camel@localhost>; instead of calling kill
      directly, have the signal handler set a flag which is checked in ServerLoop.
      This way, the handler can return before being called again by a subsequent
      signal sent from the autovacuum launcher.  Also, increase the sleep in the
      launcher in this failure path to 1 second.
      
      Backpatch to 8.3, which is when the signalling between autovacuum
      launcher/postmaster was introduced.
      
      Also, add a couple of ReleasePostmasterChildSlot calls in error paths; this
      part backpatched to 8.4 which is when the child slot stuff was introduced.
      45f9b464
    • Tom Lane's avatar
      Fix inclusions of readline/editline header files so that we only attempt to · 9b708f1f
      Tom Lane authored
      #include the version of history.h that is in the same directory as the
      readline.h we are using.  This avoids problems in some scenarios where both
      readline and editline are installed.  Report and patch by Zdenek Kotala.
      9b708f1f
    • Alvaro Herrera's avatar
      Remove unused variable. · 1e6bd556
      Alvaro Herrera authored
      Per Grzegorz Jaskiewicz report from LLVM static checker
      1e6bd556
    • Tom Lane's avatar
      Run the "tablespace" regression test first not last. The former placement · 3bee0a46
      Tom Lane authored
      renders useless one of the few test methodologies we have for WAL replay,
      which is to intentionally crash the system just after completing the
      regression tests and see if it recovers to the expected database state.
      The reason is that DROP TABLESPACE forces a checkpoint, so there's essentially
      no WAL available for replay after the tests complete.
      3bee0a46
    • Tom Lane's avatar
      Fix a violation of WAL coding rules in the recent patch to include an · 7fc7a7c4
      Tom Lane authored
      "all tuples visible" flag in heap page headers.  The flag update *must*
      be applied before calling XLogInsert, but heap_update and the tuple
      moving routines in VACUUM FULL were ignoring this rule.  A crash and
      replay could therefore leave the flag incorrectly set, causing rows
      to appear visible in seqscans when they should not be.  This might explain
      recent reports of data corruption from Jeff Ross and others.
      
      In passing, do a bit of editorialization on comments in visibilitymap.c.
      7fc7a7c4
  8. 23 Aug, 2009 2 commits
    • Tom Lane's avatar
      Make TRUNCATE do truncate-in-place when processing a relation that was created · cab9a065
      Tom Lane authored
      or previously truncated in the current (sub)transaction.  This is safe since
      if the (sub)transaction later rolls back, we'd just discard the rel's current
      physical file anyway.  This avoids unreasonable growth in the number of
      transient files when a relation is repeatedly truncated.  Per a performance
      gripe a couple weeks ago from Todd Cook.
      cab9a065
    • Tom Lane's avatar
      Tweak ExecIndexEvalRuntimeKeys to forcibly detoast any toasted comparison · c38b7594
      Tom Lane authored
      values before they get passed to the index access method.  This avoids
      repeated detoastings that will otherwise ensue as the comparison value
      is examined by various index support functions.  We have seen a couple of
      reports of cases where repeated detoastings result in an order-of-magnitude
      slowdown, so it seems worth adding a bit of extra logic to prevent this.
      
      I had previously proposed trying to avoid duplicate detoastings in general,
      but this fix takes care of what seems the most important case in practice
      with very little effort or risk.
      
      Back-patch to 8.4 so that the PostGIS folk won't have to wait a year to
      have this fix in a production release.  (The issue exists further back,
      of course, but the code's diverged enough to make backpatching further a
      higher-risk action.  Also it appears that the possible gains may be limited
      in prior releases because of different handling of lossy operators.)
      c38b7594
  9. 22 Aug, 2009 1 commit
  10. 20 Aug, 2009 1 commit
  11. 19 Aug, 2009 3 commits
  12. 18 Aug, 2009 3 commits