Add code to prevent transaction ID wraparound by enforcing a safe limit

in GetNewTransactionId().  Since the limit value has to be computed
before we run any real transactions, this requires adding code to database
startup to scan pg_database and determine the oldest datfrozenxid.
This can conveniently be combined with the first stage of an attack on
the problem that the 'flat file' copies of pg_shadow and pg_group are
not properly updated during WAL recovery.  The code I've added to
startup resides in a new file src/backend/utils/init/flatfiles.c, and
it is responsible for rewriting the flat files as well as initializing
the XID wraparound limit value.  This will eventually allow us to get
rid of GetRawDatabaseInfo too, but we'll need an initdb so we can add
a trigger to pg_database.

3 files changed, 47 insertions, 15 deletions

diff --git a/src/include/access/transam.h b/src/include/access/transam.h
index bf52484cc43..e623c5d0006 100644
--- a/src/include/access/transam.h
+++ b/src/include/access/transam.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/access/transam.h,v 1.51 2004/12/31 22:03:21 pgsql Exp $
+ * $PostgreSQL: pgsql/src/include/access/transam.h,v 1.52 2005/02/20 02:22:03 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -75,13 +75,21 @@
 
 /*
  * VariableCache is placed in shmem and used by
- * backends to get next available XID & OID.
+ * backends to get next available OID & XID.
+ *
+ * Note: xidWrapLimit and limit_datname are not "active" values, but are
+ * used just to generate useful messages when xidWarnLimit or xidStopLimit
+ * are exceeded.
  */
 typedef struct VariableCacheData
 {
-	TransactionId nextXid;		/* next XID to assign */
 	Oid			nextOid;		/* next OID to assign */
 	uint32		oidCount;		/* OIDs available before must do XLOG work */
+	TransactionId nextXid;		/* next XID to assign */
+	TransactionId xidWarnLimit;	/* start complaining here */
+	TransactionId xidStopLimit;	/* refuse to advance nextXid beyond here */
+	TransactionId xidWrapLimit;	/* where the world ends */
+	NameData	limit_datname;	/* database that needs vacuumed first */
 } VariableCacheData;
 
 typedef VariableCacheData *VariableCache;
@@ -118,6 +126,8 @@ extern bool TransactionIdFollowsOrEquals(TransactionId id1, TransactionId id2);
 /* in transam/varsup.c */
 extern TransactionId GetNewTransactionId(bool isSubXact);
 extern TransactionId ReadNewTransactionId(void);
+extern void SetTransactionIdLimit(TransactionId oldest_datfrozenxid,
+								  Name oldest_datname);
 extern Oid	GetNewObjectId(void);
 extern void CheckMaxObjectId(Oid assigned_oid);
 
diff --git a/src/include/commands/user.h b/src/include/commands/user.h
index 882b0efc219..a37f94940a9 100644
--- a/src/include/commands/user.h
+++ b/src/include/commands/user.h
@@ -4,20 +4,16 @@
  *	  Commands for manipulating users and groups.
  *
  *
- * $PostgreSQL: pgsql/src/include/commands/user.h,v 1.25 2004/09/16 16:58:39 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/commands/user.h,v 1.26 2005/02/20 02:22:05 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
 #ifndef USER_H
 #define USER_H
 
-#include "fmgr.h"
 #include "nodes/parsenodes.h"
 
 
-extern char *group_getfilename(void);
-extern char *user_getfilename(void);
-
 extern void CreateUser(CreateUserStmt *stmt);
 extern void AlterUser(AlterUserStmt *stmt);
 extern void AlterUserSet(AlterUserSetStmt *stmt);
@@ -29,11 +25,4 @@ extern void AlterGroup(AlterGroupStmt *stmt, const char *tag);
 extern void DropGroup(DropGroupStmt *stmt);
 extern void RenameGroup(const char *oldname, const char *newname);
 
-extern Datum update_pg_pwd_and_pg_group(PG_FUNCTION_ARGS);
-
-extern void AtEOXact_UpdatePasswordFile(bool isCommit);
-extern void AtEOSubXact_UpdatePasswordFile(bool isCommit,
-										   SubTransactionId mySubid,
-										   SubTransactionId parentSubid);
-
 #endif   /* USER_H */
diff --git a/src/include/utils/flatfiles.h b/src/include/utils/flatfiles.h
new file mode 100644
index 00000000000..02e51759254
--- /dev/null
+++ b/src/include/utils/flatfiles.h
@@ -0,0 +1,33 @@
+/*-------------------------------------------------------------------------
+ *
+ * flatfiles.h
+ *	  Routines for maintaining "flat file" images of the shared catalogs.
+ *
+ *
+ * $PostgreSQL: pgsql/src/include/utils/flatfiles.h,v 1.1 2005/02/20 02:22:07 tgl Exp $
+ *
+ *-------------------------------------------------------------------------
+ */
+#ifndef FLATFILES_H
+#define FLATFILES_H
+
+#include "fmgr.h"
+
+extern void database_file_update_needed(void);
+extern void group_file_update_needed(void);
+extern void user_file_update_needed(void);
+
+extern char *database_getflatfilename(void);
+extern char *group_getflatfilename(void);
+extern char *user_getflatfilename(void);
+
+extern void BuildFlatFiles(bool database_only);
+
+extern void AtEOXact_UpdateFlatFiles(bool isCommit);
+extern void AtEOSubXact_UpdateFlatFiles(bool isCommit,
+										SubTransactionId mySubid,
+										SubTransactionId parentSubid);
+
+extern Datum flatfile_update_trigger(PG_FUNCTION_ARGS);
+
+#endif   /* FLATFILES_H */