pg_upgrade: only allow template0 to be non-connectable

This patch causes pg_upgrade to error out during its check phase if:

(1) template0 is marked connectable
or
(2) any other database is marked non-connectable

This is done because, in the first case, pg_upgrade would fail because
the pg_dumpall --globals restore would fail, and in the second case, the
database would not be restored, leading to data loss.

Report by Matt Landry (1), Stephen Frost (2)

Backpatch through 9.0

diff --git a/contrib/pg_upgrade/check.c b/contrib/pg_upgrade/check.c
index 038caa23d07039d6f93d2e79fb896d33a884df3f..1915d292407f2bbd777d0086c66ef1d4b2666c3e 100644 (file)
--- a/contrib/pg_upgrade/check.c
+++ b/contrib/pg_upgrade/check.c
@@ -20,6 +20,7 @@ static void check_locale_and_encoding(ControlData *oldctrl,
 static bool equivalent_locale(int category, const char *loca, const char *locb);
 static bool equivalent_encoding(const char *chara, const char *charb);
 static void check_is_super_user(ClusterInfo *cluster);
+static void check_proper_datallowconn(ClusterInfo *cluster);
 static void check_for_prepared_transactions(ClusterInfo *cluster);
 static void check_for_isn_and_int8_passing_mismatch(ClusterInfo *cluster);
 static void check_for_reg_data_type_usage(ClusterInfo *cluster);
@@ -95,6 +96,7 @@ check_and_dump_old_cluster(bool live_check, char **sequence_script_file_name)
     * Check for various failure cases
     */
    check_is_super_user(&old_cluster);
+   check_proper_datallowconn(&old_cluster);
    check_for_prepared_transactions(&old_cluster);
    check_for_reg_data_type_usage(&old_cluster);
    check_for_isn_and_int8_passing_mismatch(&old_cluster);
@@ -629,6 +631,58 @@ create_script_for_cluster_analyze(char **analyze_script_file_name)
 }
 
 
+static void
+check_proper_datallowconn(ClusterInfo *cluster)
+{
+   int         dbnum;
+   PGconn     *conn_template1;
+   PGresult   *dbres;
+   int         ntups;
+   int         i_datname;
+   int         i_datallowconn;
+
+   prep_status("Checking database connection settings");
+
+   conn_template1 = connectToServer(cluster, "template1");
+
+   /* get database names */
+   dbres = executeQueryOrDie(conn_template1,
+                             "SELECT   datname, datallowconn "
+                             "FROM pg_catalog.pg_database");
+
+   i_datname = PQfnumber(dbres, "datname");
+   i_datallowconn = PQfnumber(dbres, "datallowconn");
+
+   ntups = PQntuples(dbres);
+   for (dbnum = 0; dbnum < ntups; dbnum++)
+   {
+       char       *datname = PQgetvalue(dbres, dbnum, i_datname);
+       char       *datallowconn = PQgetvalue(dbres, dbnum, i_datallowconn);
+
+       if (strcmp(datname, "template0") == 0)
+       {
+           /* avoid restore failure when pg_dumpall tries to create template0 */
+           if (strcmp(datallowconn, "t") == 0)
+               pg_log(PG_FATAL, "template0 must not allow connections, "
+                        "i.e. its pg_database.datallowconn must be false\n");
+       }
+       else
+       {
+           /* avoid datallowconn == false databases from being skipped on restore */
+           if (strcmp(datallowconn, "f") == 0)
+               pg_log(PG_FATAL, "All non-template0 databases must allow connections, "
+                        "i.e. their pg_database.datallowconn must be true\n");
+       }
+   }
+
+   PQclear(dbres);
+
+   PQfinish(conn_template1);
+
+   check_ok();
+}
+
+
 /*
  * create_script_for_old_cluster_deletion()
  *