1. 23 12月, 2011 3 次提交
    • R
      Add a security_barrier option for views. · 0e4611c0
      Robert Haas 提交于
      When a view is marked as a security barrier, it will not be pulled up
      into the containing query, and no quals will be pushed down into it,
      so that no function or operator chosen by the user can be applied to
      rows not exposed by the view.  Views not configured with this
      option cannot provide robust row-level security, but will perform far
      better.
      
      Patch by KaiGai Kohei; original problem report by Heikki Linnakangas
      (in October 2009!).  Review (in earlier versions) by Noah Misch and
      others.  Design advice by Tom Lane and myself.  Further review and
      cleanup by me.
      0e4611c0
    • P
      Add ALTER DOMAIN ... RENAME · f90dd280
      Peter Eisentraut 提交于
      You could already rename domains using ALTER TYPE, but with this new
      command it is more consistent with how other commands treat domains as
      a subcategory of types.
      f90dd280
    • R
      Don't forget to de-escape the password field in .pgpass. · 8d15e3ec
      Robert Haas 提交于
      This has been broken just about forever (or more specifically, commit
      7f4981f4) and nobody noticed until
      Richard Huxton reported it recently.  Analysis and fix by Ross
      Reedstrom, although I didn't use his patch.  This doesn't seem
      important enough to back-patch and is mildly backward incompatible, so
      I'm just doing this in master.
      8d15e3ec
  2. 22 12月, 2011 2 次提交
    • T
      Update per-column ACLs, not only per-table ACL, when changing table owner. · c31224e2
      Tom Lane 提交于
      We forgot to modify column ACLs, so privileges were still shown as having
      been granted by the old owner.  This meant that neither the new owner nor
      a superuser could revoke the now-untraceable-to-table-owner permissions.
      Per bug #6350 from Marc Balmer.
      
      This has been wrong since column ACLs were added, so back-patch to 8.4.
      c31224e2
    • R
      Improve behavior of concurrent CLUSTER. · cbe24a6d
      Robert Haas 提交于
      In the previous coding, a user could queue up for an AccessExclusiveLock
      on a table they did not have permission to cluster, thus potentially
      interfering with access by authorized users who got stuck waiting behind
      the AccessExclusiveLock.  This approach avoids that.  cluster() has the
      same permissions-checking requirements as REINDEX TABLE, so this commit
      moves the now-shared callback to tablecmds.c and renames it, per
      discussion with Noah Misch.
      cbe24a6d
  3. 21 12月, 2011 5 次提交
    • R
      Take fewer snapshots. · d573e239
      Robert Haas 提交于
      When a PORTAL_ONE_SELECT query is executed, we can opportunistically
      reuse the parse/plan shot for the execution phase.  This cuts down the
      number of snapshots per simple query from 2 to 1 for the simple
      protocol, and 3 to 2 for the extended protocol.  Since we are only
      reusing a snapshot taken early in the processing of the same protocol
      message, the change shouldn't be user-visible, except that the remote
      possibility of the planning and execution snapshots being different is
      eliminated.
      
      Note that this change does not make it safe to assume that the parse/plan
      snapshot will certainly be reused; that will currently only happen if
      PortalStart() decides to use the PORTAL_ONE_SELECT strategy.  It might
      be worth trying to provide some stronger guarantees here in the future,
      but for now we don't.
      
      Patch by me; review by Dimitri Fontaine.
      d573e239
    • R
      sepgsql: Check CREATE permissions for some object types. · e1042a34
      Robert Haas 提交于
      KaiGai Kohei, reviewed by Dimitri Fontaine and me.
      e1042a34
    • R
      Shave a few cycles in string_agg(). · 7f0e4bb8
      Robert Haas 提交于
      Pavel Stehule
      7f0e4bb8
    • T
      Fix gincostestimate to handle ScalarArrayOpExpr reasonably. · 1db5af27
      Tom Lane 提交于
      The original coding of this function overlooked the possibility that
      it could be passed anything except simple OpExpr indexquals.  But
      ScalarArrayOpExpr is possible too, and the code would probably crash
      (and surely give ridiculous answers) in such a case.  Add logic to try
      to estimate sanely for such cases.
      
      In passing, fix the treatment of inner-indexscan cost estimation: it was
      failing to scale up properly for multiple iterations of a nestloop.
      (I think somebody might've thought that index_pages_fetched() is linear,
      but of course it's not.)
      
      Report, diagnosis, and preliminary patch by Marti Raudsepp; I refactored
      it a bit and fixed the cost estimation.
      
      Back-patch into 9.1 where the bogus code was introduced.
      1db5af27
    • T
      Avoid crashing when we have problems unlinking files post-commit. · d0024cd1
      Tom Lane 提交于
      smgrdounlink takes care to not throw an ERROR if it fails to unlink
      something, but that caution was rendered useless by commit
      33960006, which put an smgrexists call in
      front of it; smgrexists *does* throw error if anything looks funny, such
      as getting a permissions error from trying to open the file.  If that
      happens post-commit, you get a PANIC, and what's worse the same logic
      appears in the WAL replay code, so the database even fails to restart.
      
      Restore the intended behavior by removing the smgrexists call --- it isn't
      accomplishing anything that we can't do better by adjusting mdunlink's
      ideas of whether it ought to warn about ENOENT or not.
      
      Per report from Joseph Shraibman of unrecoverable crash after trying to
      drop a table whose FSM fork had somehow gotten chmod'd to 000 permissions.
      Backpatch to 8.4, where the bogus coding was introduced.
      d0024cd1
  4. 20 12月, 2011 5 次提交
    • P
      Add support for privileges on types · 72920557
      Peter Eisentraut 提交于
      This adds support for the more or less SQL-conforming USAGE privilege
      on types and domains.  The intent is to be able restrict which users
      can create dependencies on types, which restricts the way in which
      owners can alter types.
      
      reviewed by Yeb Havinga
      72920557
    • A
      Forgot catversion bump on previous patch · 05e992e9
      Alvaro Herrera 提交于
      Per Tom
      05e992e9
    • T
      Rename updateNodeLink to spgUpdateNodeLink. · 8f57b064
      Tom Lane 提交于
      On reflection, the original name seems way too generic for a global
      symbol.  A quick check shows this is the only exported function name
      in SP-GiST that doesn't begin with "spg" or contain "SpGist", so the
      rest of them seem all right.
      8f57b064
    • A
      Allow CHECK constraints to be declared ONLY · 61d81bd2
      Alvaro Herrera 提交于
      This makes them enforceable only on the parent table, not on children
      tables.  This is useful in various situations, per discussion involving
      people bitten by the restrictive behavior introduced in 8.4.
      
      Message-Id:
      8762mp93iw.fsf@comcast.net
      CAFaPBrSMMpubkGf4zcRL_YL-AERUbYF_-ZNNYfb3CVwwEqc9TQ@mail.gmail.com
      
      Authors: Nikhil Sontakke, Alex Hunsaker
      Reviewed by Robert Haas and myself
      61d81bd2
    • T
      Teach SP-GiST to do index-only scans. · 92203624
      Tom Lane 提交于
      Operator classes can specify whether or not they support this; this
      preserves the flexibility to use lossy representations within an index.
      
      In passing, move constant data about a given index into the rd_amcache
      cache area, instead of doing fresh lookups each time we start an index
      operation.  This is mainly to try to make sure that spgcanreturn() has
      insignificant cost; I still don't have any proof that it matters for
      actual index accesses.  Also, get rid of useless copying of FmgrInfo
      pointers; we can perfectly well use the relcache's versions in-place.
      92203624
  5. 19 12月, 2011 5 次提交
  6. 18 12月, 2011 9 次提交
  7. 17 12月, 2011 3 次提交
    • T
      Add missing 'static' qualifier. · fb4bbc81
      Tom Lane 提交于
      fb4bbc81
    • R
      Various micro-optimizations for GetSnapshopData(). · 0d76b60d
      Robert Haas 提交于
      Heikki Linnakangas had the idea of rearranging GetSnapshotData to
      avoid checking for sub-XIDs when no top-level XID is present.  This
      patch does that plus further a bit of further, related rearrangement.
      Benchmarking show a significant improvement on unlogged tables at
      higher concurrency levels, and mostly indifferent result on permanent
      tables (which are presumably bottlenecked elsewhere).  Most of the
      benefit seems to come from using the new NormalTransactionIdPrecedes()
      macro rather than the function call TransactionIdPrecedes().
      0d76b60d
    • A
      Add --section option to pg_dump and pg_restore. · a4cd6abc
      Andrew Dunstan 提交于
      Valid values are --pre-data, data and post-data. The option can be
      given more than once. --schema-only is equivalent to
      --section=pre-data --section=post-data. --data-only is equivalent
      to --section=data.
      
      Andrew Dunstan, reviewed by Joachim Wieland and Josh Berkus.
      a4cd6abc
  8. 16 12月, 2011 6 次提交
    • H
    • A
      include_if_exists facility for config file. · 6d09b210
      Andrew Dunstan 提交于
      This works the same as include, except that an error is not thrown
      if the file is missing. Instead the fact that it's missing is
      logged.
      
      Greg Smith, reviewed by Euler Taveira de Oliveira.
      6d09b210
    • R
      Improve behavior of concurrent ALTER <relation> .. SET SCHEMA. · 1da5c119
      Robert Haas 提交于
      If the referrent of a name changes while we're waiting for the lock,
      we must recheck permissons.  We also now check the relkind before
      locking, since it's easy to do that long the way.
      
      Patch by me; review by Noah Misch.
      1da5c119
    • R
      Improve behavior of concurrent rename statements. · 74a1d4fe
      Robert Haas 提交于
      Previously, renaming a table, sequence, view, index, foreign table,
      column, or trigger checked permissions before locking the object, which
      meant that if permissions were revoked during the lock wait, we would
      still allow the operation.  Similarly, if the original object is dropped
      and a new one with the same name is created, the operation will be allowed
      if we had permissions on the old object; the permissions on the new
      object don't matter.  All this is now fixed.
      
      Along the way, attempting to rename a trigger on a foreign table now gives
      the same error message as trying to create one there in the first place
      (i.e. that it's not a table or view) rather than simply stating that no
      trigger by that name exists.
      
      Patch by me; review by Noah Misch.
      74a1d4fe
    • R
      Don't leave regress_test_role_super lying around. · d039fd51
      Robert Haas 提交于
      Fixes an oversight in commit fc6d1006.
      
      Noted by Tom Lane.
      d039fd51
    • R
      Fix typo. · f6835ea9
      Robert Haas 提交于
      f6835ea9
  9. 15 12月, 2011 2 次提交