Add code to prevent transaction ID wraparound by enforcing a safe limit

in GetNewTransactionId().  Since the limit value has to be computed
before we run any real transactions, this requires adding code to database
startup to scan pg_database and determine the oldest datfrozenxid.
This can conveniently be combined with the first stage of an attack on
the problem that the 'flat file' copies of pg_shadow and pg_group are
not properly updated during WAL recovery.  The code I've added to
startup resides in a new file src/backend/utils/init/flatfiles.c, and
it is responsible for rewriting the flat files as well as initializing
the XID wraparound limit value.  This will eventually allow us to get
rid of GetRawDatabaseInfo too, but we'll need an initdb so we can add
a trigger to pg_database.

1 files changed, 7 insertions, 0 deletions

diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c
index cac60f9f3d..83bb6d7dd6 100644
--- a/src/backend/tcop/postgres.c
+++ b/src/backend/tcop/postgres.c
@@ -55,6 +55,7 @@
 #include "tcop/pquery.h"
 #include "tcop/tcopprot.h"
 #include "tcop/utility.h"
+#include "utils/flatfiles.h"
 #include "utils/guc.h"
 #include "utils/lsyscache.h"
 #include "utils/memutils.h"
@@ -2706,6 +2707,12 @@ PostgresMain(int argc, char *argv[], const char *username)
 		 */
 		LoadFreeSpaceMap();
 		on_shmem_exit(DumpFreeSpaceMap, 0);
+
+		/*
+		 * We have to build the flat file for pg_database, but not for
+		 * the user and group tables, since we won't try to do authentication.
+		 */
+		BuildFlatFiles(true);
 	}
 
 	/*