- 26 6月, 2002 1 次提交
-
-
由 Bruce Momjian 提交于
comments on one of the optimizer functions a lot more clear, adds a summary of the recent KSQO discussion to the comments in the code, adds regression tests for the bug with sequence state Tom fixed recently and another reg. test, and removes some PostQuel legacy stuff: ExecAppend -> ExecInsert, ExecRetrieve -> ExecSelect, etc. This was changed because the elog() messages from this routine are user-visible, so we should be using the SQL terms. Neil Conway
-
- 22 6月, 2002 1 次提交
-
-
由 Bruce Momjian 提交于
-
- 21 6月, 2002 4 次提交
-
-
由 Bruce Momjian 提交于
-
由 Bruce Momjian 提交于
-
由 Bruce Momjian 提交于
two small changes to the API since last patch, which hopefully completes the decoupling of composite function support from SRF specific support. Joe Conway
-
由 Bruce Momjian 提交于
-
- 19 6月, 2002 2 次提交
-
-
由 Tom Lane 提交于
-
由 Bruce Momjian 提交于
members in gram.y. This is the prefered method for WITH and arbitrary param/value pairs.
-
- 16 6月, 2002 5 次提交
-
-
由 Bruce Momjian 提交于
-
由 Bruce Momjian 提交于
Second cut attached. This one just adds a boolean option to the existing function to indicate that implicit schemas are to be included (or not). I remembered the docs as well this time :-) Dave Page
-
由 Bruce Momjian 提交于
>I'd vote for changing WriteBuffer to >return void, and have it elog() on bad argument. Manfred Koizar
-
由 Bruce Momjian 提交于
SharedBufferChanged BufferRelidLastDirtied BufferTagLastDirtied BufferDirtiedByMe Manfred Koizar
-
由 Bruce Momjian 提交于
HeapTupleHeaderData in setter and getter macros called HeapTupleHeaderGetXmin, HeapTupleHeaderSetXmin etc. It also introduces a "virtual" field xvac by defining HeapTupleHeaderGetXvac and HeapTupleHeaderSetXvac. Xvac is used by VACUUM, in fact it is stored in t_cmin. Manfred Koizar
-
- 14 6月, 2002 4 次提交
-
-
由 Bruce Momjian 提交于
If the user has certificates in $HOME/.postgresql/postgresql.crt and $HOME/.postgresql/postgresql.key exist, they are provided to the server. The certificate used to sign this cert must be known to the server, in $DataDir/root.crt. If successful, the cert's "common name" is logged. Client certs are not used for authentication, but they could be via the port->peer (X509 *), port->peer_dn (char *) or port->peer_cn (char *) fields. Or any other function could be used, e.g., many sites like the issuer + serial number hash. Bear Giles
-
由 Bruce Momjian 提交于
In order to reduce the risk of cryptanalysis during extended sessions (or brief ones involving a substantial amount of data), this patch renegotiates the session key after 64kib has been transferred. Bear Giles
-
由 Bruce Momjian 提交于
-
由 Bruce Momjian 提交于
are motivated by security concerns, it's not just bug fixes. The key differences (from stock 7.2.1) are: *) almost all code that directly uses the OpenSSL library is in two new files, src/interfaces/libpq/fe-ssl.c src/backend/postmaster/be-ssl.c in the long run, it would be nice to merge these two files. *) the legacy code to read and write network data have been encapsulated into read_SSL() and write_SSL(). These functions should probably be renamed - they handle both SSL and non-SSL cases. the remaining code should eliminate the problems identified earlier, albeit not very cleanly. *) both front- and back-ends will send a SSL shutdown via the new close_SSL() function. This is necessary for sessions to work properly. (Sessions are not yet fully supported, but by cleanly closing the SSL connection instead of just sending a TCP FIN packet other SSL tools will be much happier.) *) The client certificate and key are now expected in a subdirectory of the user's home directory. Specifically, - the directory .postgresql must be owned by the user, and allow no access by 'group' or 'other.' - the file .postgresql/postgresql.crt must be a regular file owned by the user. - the file .postgresql/postgresql.key must be a regular file owned by the user, and allow no access by 'group' or 'other'. At the current time encrypted private keys are not supported. There should also be a way to support multiple client certs/keys. *) the front-end performs minimal validation of the back-end cert. Self-signed certs are permitted, but the common name *must* match the hostname used by the front-end. (The cert itself should always use a fully qualified domain name (FDQN) in its common name field.) This means that psql -h eris db will fail, but psql -h eris.example.com db will succeed. At the current time this must be an exact match; future patches may support any FQDN that resolves to the address returned by getpeername(2). Another common "problem" is expiring certs. For now, it may be a good idea to use a very-long-lived self-signed cert. As a compile-time option, the front-end can specify a file containing valid root certificates, but it is not yet required. *) the back-end performs minimal validation of the client cert. It allows self-signed certs. It checks for expiration. It supports a compile-time option specifying a file containing valid root certificates. *) both front- and back-ends default to TLSv1, not SSLv3/SSLv2. *) both front- and back-ends support DSA keys. DSA keys are moderately more expensive on startup, but many people consider them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.) *) if /dev/urandom exists, both client and server will read 16k of randomization data from it. *) the server can read empheral DH parameters from the files $DataDir/dh512.pem $DataDir/dh1024.pem $DataDir/dh2048.pem $DataDir/dh4096.pem if none are provided, the server will default to hardcoded parameter files provided by the OpenSSL project. Remaining tasks: *) the select() clauses need to be revisited - the SSL abstraction layer may need to absorb more of the current code to avoid rare deadlock conditions. This also touches on a true solution to the pg_eof() problem. *) the SIGPIPE signal handler may need to be revisited. *) support encrypted private keys. *) sessions are not yet fully supported. (SSL sessions can span multiple "connections," and allow the client and server to avoid costly renegotiations.) *) makecert - a script that creates back-end certs. *) pgkeygen - a tool that creates front-end certs. *) the whole protocol issue, SASL, etc. *) certs are fully validated - valid root certs must be available. This is a hassle, but it means that you *can* trust the identity of the server. *) the client library can handle hardcoded root certificates, to avoid the need to copy these files. *) host name of server cert must resolve to IP address, or be a recognized alias. This is more liberal than the previous iteration. *) the number of bytes transferred is tracked, and the session key is periodically renegotiated. *) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The configuration files have reasonable defaults for each type of use. Bear Giles
-
- 13 6月, 2002 2 次提交
-
-
由 Tatsuo Ishii 提交于
(ODBC support has not been committed yet. left for Hiroshi...)
-
由 Tom Lane 提交于
implementation didn't work for Sort nodes associated with Append plans.
-
- 11 6月, 2002 2 次提交
-
-
由 Thomas G. Lockhart 提交于
Implement SQL99 SIMILAR TO as a synonym for our existing operator "~". Implement SQL99 regular expression SUBSTRING(string FROM pat FOR escape). Extend the definition to make the FOR clause optional. Define textregexsubstr() to actually implement this feature. Update the regression test to include these new string features. All tests pass. Rename the regular expression support routines from "pg95_xxx" to "pg_xxx". Define CREATE CHARACTER SET in the parser per SQL99. No implementation yet.
-
由 Jan Wieck 提交于
> Changes to avoid collisions with WIN32 & MFC names... > 1. Renamed: > a. PROC => PGPROC > b. GetUserName() => GetUserNameFromId() > c. GetCurrentTime() => GetCurrentDateTime() > d. IGNORE => IGNORE_DTF in include/utils/datetime.h & utils/adt/datetim > > 2. Added _P to some lex/yacc tokens: > CONST, CHAR, DELETE, FLOAT, GROUP, IN, OUT Jan
-
- 04 6月, 2002 1 次提交
-
-
由 Bruce Momjian 提交于
-
- 03 6月, 2002 1 次提交
-
-
由 Bruce Momjian 提交于
-
- 28 5月, 2002 1 次提交
-
-
由 Tom Lane 提交于
where the latter is made slightly larger to allow for in-memory tuples containing resjunk attributes. Responds to today's complaint that one cannot UPDATE a table containing the allegedly-legal maximum number of columns. Also, apply Manfred Koizar's recent patch to avoid extra alignment padding when there is a null bitmap. This saves bytes in some cases while not creating any backward-compatibility problem AFAICS.
-
- 26 5月, 2002 1 次提交
-
-
由 Tom Lane 提交于
and just slow down normal operations (only fractionally, but a cycle saved is a cycle earned). Improve documentation of AMI_OVERRIDE behavior.
-
- 25 5月, 2002 1 次提交
-
-
由 Tom Lane 提交于
transaction, so as to avoid returning them out of the index AM. Saves repeated heap_fetch operations on frequently-updated rows. Also detect queries on unique keys (equality to all columns of a unique index), and don't bother continuing scan once we have found first match. Killing is implemented in the btree and hash AMs, but not yet in rtree or gist, because there isn't an equally convenient place to do it in those AMs (the outer amgetnext routine can't do it without re-pinning the index page). Did some small cleanup on APIs of HeapTupleSatisfies, heap_fetch, and index_insert to make this a little easier.
-
- 23 5月, 2002 2 次提交
-
-
由 Tom Lane 提交于
exemplified by bug #671. Moving the storage to relcache turned out to be a bad idea because relcache might decide to discard the info. Instead, open and close the relcache entry on each sequence operation, and use a record of the current XID to discover whether we already hold AccessShareLock on the sequence.
-
由 Peter Eisentraut 提交于
function body (and other properties) as a function in the language is created. This generalizes ad hoc code that already existed for the built-in languages. The validation now happens after the pg_proc tuple of the new function is created, so it is possible to define recursive SQL functions. Add some regression test cases that cover bogus function definition attempts.
-
- 22 5月, 2002 2 次提交
-
-
由 Tom Lane 提交于
a frozen (copied) snapshot too. Move execMain's snapshot copying code out into a subroutine in case we find other places that need it.
-
由 Tom Lane 提交于
in snapshots, per my proposal of a few days ago. Also, tweak heapam.c routines (heap_insert, heap_update, heap_delete, heap_mark4update) to be passed the command ID to use, instead of doing GetCurrentCommandID. For catalog updates they'll still get passed current command ID, but for updates generated from the main executor they'll get passed the command ID saved in the snapshot the query is using. This should fix some corner cases associated with functions and triggers that advance current command ID while an outer query is still in progress.
-
- 21 5月, 2002 1 次提交
-
-
由 Tom Lane 提交于
yesterday's proposal to pghackers. Also remove unnecessary parameters to heap_beginscan, heap_rescan. I modified pg_proc.h to reflect the new numbers of parameters for the AM interface routines, but did not force an initdb because nothing actually looks at those fields.
-
- 19 5月, 2002 2 次提交
-
-
由 Tom Lane 提交于
-
由 Tom Lane 提交于
process function RTE expressions, which they were previously missing. This allows outer-Var references and subselects to work correctly in the arguments of a function RTE. Install check to prevent function RTEs from cross-referencing Vars of sibling FROM-items, which doesn't make any sense (if you want to join, write a JOIN or WHERE clause).
-
- 18 5月, 2002 5 次提交
-
-
由 Peter Eisentraut 提交于
I took the opportunity to remove the pg_proc.proistrusted field.
-
由 Tom Lane 提交于
rather than a Query node; this allows set_plan_references to recurse into subplans correctly. Fixes core dump on full outer joins in subplans. Also, invoke preprocess_expression on function RTEs' function expressions. This seems to fix the planner's problems with outer-level Vars in function RTEs.
-
由 Tom Lane 提交于
format_type_be() in error messages.
-
由 Tom Lane 提交于
allows the example in the CREATE SCHEMA ref page to actually work now. Also, clean up when the transaction that initially creates a temp-table namespace is later aborted. Simplify internal representation of search path by folding special cases into the main list.
-
由 Peter Eisentraut 提交于
-
- 17 5月, 2002 1 次提交
-
-
由 Tom Lane 提交于
GUC support. It's now possible to set datestyle, timezone, and client_encoding from postgresql.conf and per-database or per-user settings. Also, implement rollback of SET commands that occur in a transaction that later fails. Create a SET LOCAL var = value syntax that sets the variable only for the duration of the current transaction. All per previous discussions in pghackers.
-
- 13 5月, 2002 1 次提交
-
-
由 Tom Lane 提交于
returns-set boolean field in Func and Oper nodes. This allows cleaner, more reliable tests for expressions returning sets in the planner and parser. For example, a WHERE clause returning a set is now detected and complained of in the parser, not only at runtime.
-