EXTRA_CLEAN = datapagemap.c datapagemap.h xlogreader.c receivelog.c receivelog.h streamutil.c streamutil.h logging.h

PG_CPPFLAGS = -I$(libpq_srcdir) ${PTHREAD_CFLAGS}

overrideCPPFLAGS := -DFRONTEND$(CPPFLAGS)

PG_LIBS =$(libpq_pgport) ${PTHREAD_LIBS} ${PTHREAD_CFLAGS}

REGRESS = init option show delete backup restore

all: checksrcdir datapagemap.h logging.h receivelog.h streamutil.h pg_arman

MAKE_GLOBAL="../../src/Makefile.global"

TEST_GLOBAL:=$(shell test -e ../../src/Makefile.global)

ifeq ($(.SHELLSTATUS),1)

PG_CONFIG = pg_config

PGXS :=$(shell$(PG_CONFIG) --pgxs)

.PHONY: checksrcdir

checksrcdir:

@echo "You must have PostgreSQL source tree available to compile."

@echo "Pass the path to the PostgreSQL source tree to make, in the top_srcdir"

@echo "variable: \"make top_srcdir=<path to PostgreSQL source tree>\""

@exit 1

REGRESS =

subdir=contrib/pg_arman

top_builddir=../..

include$(top_builddir)/src/Makefile.global

include$(top_srcdir)/contrib/contrib-global.mk

PG_CPPFLAGS = -I$(libpq_srcdir) ${PTHREAD_CFLAGS}

overrideCPPFLAGS := -DFRONTEND$(CPPFLAGS)$(PG_CPPFLAGS)

PG_LIBS =$(libpq_pgport) ${PTHREAD_CFLAGS}

envtest:

: top_srcdir=$(top_srcdir)

: libpq_srcdir =$(libpq_srcdir)

.PHONY: checksrcdir

rm -f&&$(LN_S)$<.

streamutil.h:% :$(top_srcdir)/src/bin/pg_basebackup/%

rm -f&&$(LN_S)$<.

PG_CONFIG = pg_config

PGXS :=$(shell$(PG_CONFIG) --pgxs)

file->is_datafile= true;

{

intfind_dot;

intcheck_digit;

char*text_segno;

for(find_dot=path_len-1;file->path[find_dot]!='.'&&find_dot >=0;find_dot--);

if (find_dot <=0)

continue;

text_segno=file->path+find_dot+1;

if (!isdigit(text_segno[0]))

for(check_digit=0;text_segno[check_digit]!='\0';check_digit++)

if (!isdigit(text_segno[check_digit]))

{

check_digit=-1;

break;

}

if (check_digit==-1)

continue;

file->segno= (int)strtol(text_segno,NULL,10);

if (i==BLCKSZ)

gotoskip_checksum;

}

((PageHeader)page.data)->pd_checksum=pg_checksum_page(page.data,header.block);

((PageHeader)page.data)->pd_checksum=pg_checksum_page(page.data,file->segno*RELSEG_SIZE+header.block);

}

skip_checksum:

pg_crc32crc;

unsignedintmode;/* bit length of mode_t depends on platforms */

structtmtm;

pgFile*file;

pgFile*file;

memset(&tm,0,sizeof(tm));

if (sscanf(buf,"%s %c %lu %u %o %d-%d-%d %d:%d:%d",

strcpy(file->path,path);

parray_append(files,file);

if(file->is_datafile)

{

intfind_dot;

intcheck_digit;

char*text_segno;

size_tpath_len=strlen(file->path);

for(find_dot=path_len-1;file->path[find_dot]!='.'&&find_dot >=0;find_dot--);

if (find_dot <=0)

continue;

text_segno=file->path+find_dot+1;

for(check_digit=0;text_segno[check_digit]!='\0';check_digit++)

if (!isdigit(text_segno[check_digit]))

{

check_digit=-1;

break;

}

if (check_digit==-1)

continue;

file->segno= (int)strtol(text_segno,NULL,10);

}

}

fclose(fp);

<listitem>

<para>

Maximum time between automatic WAL checkpoints, in seconds.

The valid range is between 30 seconds and onehour.

The valid range is between 30 seconds and oneday.

The default is five minutes (<literal>5min</>).

Increasing this parameter can increase the amount of time needed

for crash recovery.

<programlisting>

CREATE POLICY user_policy ON users

USING (user = current_user);

USING (user_name = current_user);

</programlisting>

<para>

<programlisting>

CREATE POLICY user_policy ON users

USING (true)

WITH CHECK (user = current_user);

WITH CHECK (user_name = current_user);

</programlisting>

<para>

<programlisting>

-- Simple passwd-file based example

CREATE TABLE passwd (

username text UNIQUE NOT NULL,

user_name text UNIQUE NOT NULL,

pwhash text,

uid int PRIMARY KEY,

gid int NOT NULL,

-- Normal users can update their own records, but

-- limit which shells a normal user is allowed to set

CREATE POLICY user_mod ON passwd FOR UPDATE

USING (current_user =username)

USING (current_user =user_name)

WITH CHECK (

current_user =username AND

current_user =user_name AND

shell IN ('/bin/bash','/bin/sh','/bin/dash','/bin/zsh','/bin/tcsh')

);

-- Allow admin all normal rights

GRANT SELECT, INSERT, UPDATE, DELETE ON passwd TO admin;

-- Users only get select access on public columns

GRANT SELECT

(username, uid, gid, real_name, home_phone, extra_info, home_dir, shell)

(user_name, uid, gid, real_name, home_phone, extra_info, home_dir, shell)

ON passwd TO public;

-- Allow users to update certain columns

GRANT UPDATE

postgres=&gt; set role admin;

SET

postgres=&gt; table passwd;

username | pwhash | uid | gid | real_name | home_phone | extra_info | home_dir | shell

----------+--------+-----+-----+-----------+--------------+------------+-------------+-----------

admin | xxx | 0 | 0 | Admin | 111-222-3333 | | /root | /bin/dash

bob | xxx | 1 | 1 | Bob | 123-456-7890 | | /home/bob | /bin/zsh

alice | xxx | 2 | 1 | Alice | 098-765-4321 | | /home/alice | /bin/zsh

user_name | pwhash | uid | gid | real_name | home_phone | extra_info | home_dir | shell

-----------+--------+-----+-----+-----------+--------------+------------+-------------+-----------

admin| xxx | 0 | 0 | Admin | 111-222-3333 | | /root | /bin/dash

bob| xxx | 1 | 1 | Bob | 123-456-7890 | | /home/bob | /bin/zsh

alice| xxx | 2 | 1 | Alice | 098-765-4321 | | /home/alice | /bin/zsh

(3 rows)

-- Test what Alice is able to do

postgres=&gt; set role alice;

SET

postgres=&gt; table passwd;

ERROR: permission denied for relation passwd

postgres=&gt; selectusername,real_name,home_phone,extra_info,home_dir,shell from passwd;

username | real_name | home_phone | extra_info | home_dir | shell

----------+-----------+--------------+------------+-------------+-----------

admin | Admin | 111-222-3333 | | /root | /bin/dash

bob | Bob | 123-456-7890 | | /home/bob | /bin/zsh

alice | Alice | 098-765-4321 | | /home/alice | /bin/zsh

postgres=&gt; selectuser_name,real_name,home_phone,extra_info,home_dir,shell from passwd;

user_name | real_name | home_phone | extra_info | home_dir | shell

-----------+-----------+--------------+------------+-------------+-----------

admin| Admin | 111-222-3333 | | /root | /bin/dash

bob| Bob | 123-456-7890 | | /home/bob | /bin/zsh

alice| Alice | 098-765-4321 | | /home/alice | /bin/zsh

(3 rows)

postgres=&gt; update passwd setusername = 'joe';

postgres=&gt; update passwd setuser_name = 'joe';

ERROR: permission denied for relation passwd

-- Alice is allowed to change her own real_name, but no others

postgres=&gt; update passwd set real_name = 'Alice Doe';

UPDATE 1

postgres=&gt; update passwd set real_name = 'John Doe' whereusername = 'admin';

postgres=&gt; update passwd set real_name = 'John Doe' whereuser_name = 'admin';

UPDATE 0

postgres=&gt; update passwd set shell = '/bin/xx';

ERROR: new row violates WITH CHECK OPTION for "passwd"

postgres=&gt; delete from passwd;

ERROR: permission denied for relation passwd

postgres=&gt; insert into passwd (username) values ('xxx');

postgres=&gt; insert into passwd (user_name) values ('xxx');

ERROR: permission denied for relation passwd

-- Alice can change her own password; RLS silently prevents updating other rows

postgres=&gt; update passwd set pwhash = 'abc';

(since this is one of the ways to restrict the activities of your

users to well-defined namespaces). The syntax for that is:

<programlisting>

CREATE SCHEMA <replaceable>schemaname</replaceable> AUTHORIZATION <replaceable>username</replaceable>;

CREATE SCHEMA <replaceable>schema_name</replaceable> AUTHORIZATION <replaceable>user_name</replaceable>;

</programlisting>

You can even omit the schema name, in which case the schema name

will be the same as the user name. See <xref

implements only the basic schema support specified in the

standard. Therefore, many users consider qualified names to

really consist of

<literal><replaceable>username</>.<replaceable>tablename</></literal>.

<literal><replaceable>user_name</>.<replaceable>table_name</></literal>.

This is how <productname>PostgreSQL</productname> will effectively

behave if you create a per-user schema for every user.

</para>

by <application>pg_dump</>. Such a change is usually only sensible if

you concurrently make the same change in the extension's script file.

(But there are special provisions for tables containing configuration

data; see below.)

data; see <xref linkend="extend-extensions-config-tables">.)

In production situations, it's generally better to create an extension

update script to perform changes to extension member objects.

</para>

<para>

The extension script may set privileges on objectswhich are part of the

The extension script may set privileges on objectsthat are part of the

extension via <command>GRANT</command> and <command>REVOKE</command>

statements. The final set of privileges for each object (if any are set)

will be stored in the

<term><varname>comment</varname> (<type>string</type>)</term>

<listitem>

<para>

A comment (any string) about the extension. Alternatively,

the comment can be set by means of the <xref linkend="sql-comment">

command in the script file.

A comment (any string) about the extension. The comment is applied

when initially creating an extension, but not during extension updates

(since that might override user-added comments). Alternatively,

the extension's comment can be set by writing

a <xref linkend="sql-comment"> command in the script file.

</para>

</listitem>

</varlistentry>

its contained objects into a different schema after initial creation

of the extension. The default is <literal>false</>, i.e. the

extension is not relocatable.

Seebelow for more information.

See<xref linkend="extend-extensions-relocation"> for more information.

</para>

</listitem>

</varlistentry>

<para>

This parameter can only be set for non-relocatable extensions.

It forces the extension to be loaded into exactly the named schema

and not any other. See below for more information.

and not any other.

The <varname>schema</varname> parameter is consulted only when

initially creating an extension, not during extension updates.

See <xref linkend="extend-extensions-relocation"> for more information.

</para>

</listitem>

</varlistentry>

comments) by the extension mechanism. This provision is commonly used

to throw an error if the script file is fed to <application>psql</>

rather than being loaded via <command>CREATE EXTENSION</> (see example

script below). Without that, users might accidentally load the

script in <xref linkend="extend-extensions-example">).

Without that, users might accidentally load the

extension's contents as <quote>loose</> objects rather than as an

extension, a state of affairs that's a bit tedious to recover from.

</para>

</sect2>

<sect2>

<sect2 id="extend-extensions-relocation">

<title>Extension Relocatability</title>

<para>

</para>

</sect2>

<sect2>

<sect2 id="extend-extensions-config-tables">

<title>Extension Configuration Tables</title>

<para>

out but the dump will not be able to be restored directly and user

intervention will be required.

</para>

<para>

Sequences associated with <type>serial</> or <type>bigserial</> columns

need to be directly marked to dump their state. Marking their parent

</para>

</sect2>

<sect2>

<sect2 id="extend-extensions-example">

<title>Extension Example</title>

<para>

<literal><function>ts_filter(<replaceable class="PARAMETER">vector</replaceable> <type>tsvector</>, <replaceable class="PARAMETER">weights</replaceable> <type>"char"[]</>)</function></literal>

</entry>

<entry><type>tsvector</type></entry>

<entry>Select only elements with given <replaceable class="PARAMETER">weights</replaceable> from <replaceable class="PARAMETER">vector</replaceable></entry>

<entry>select only elements with given <replaceable class="PARAMETER">weights</replaceable> from <replaceable class="PARAMETER">vector</replaceable></entry>

<entry><literal>ts_filter('fat:2,4 cat:3b rat:5A'::tsvector, '{a,b}')</literal></entry>

<entry><literal>'cat':3B 'rat':5A</literal></entry>

</row>