mirror of
https://github.com/postgres/postgres.git
synced 2026-06-04 06:45:49 -04:00
Heikki Linnakangas
eb61136dc7
Storing passwords in plaintext hasn't been a good idea for a very long time, if ever. Now seems like a good time to finally forbid it, since we're messing with this in PostgreSQL 10 anyway. Remove the CREATE/ALTER USER UNENCRYPTED PASSSWORD 'foo' syntax, since storing passwords unencrypted is no longer supported. ENCRYPTED PASSWORD 'foo' is still accepted, but ENCRYPTED is now just a noise-word, it does the same as just PASSWORD 'foo'. Likewise, remove the --unencrypted option from createuser, but accept --encrypted as a no-op for backward compatibility. AFAICS, --encrypted was a no-op even before this patch, because createuser encrypted the password before sending it to the server even if --encrypted was not specified. It added the ENCRYPTED keyword to the SQL command, but since the password was already in encrypted form, it didn't make any difference. The documentation was not clear on whether that was intended or not, but it's moot now. Also, while password_encryption='on' is still accepted as an alias for 'md5', it is now marked as hidden, so that it is not listed as an accepted value in error hints, for example. That's not directly related to removing 'plain', but it seems better this way. Reviewed by Michael Paquier Discussion: https://www.postgresql.org/message-id/16e9b768-fd78-0b12-cfc1-7b6b7f238fde@iki.fi
375 lines
10 KiB
C
375 lines
10 KiB
C
/*-------------------------------------------------------------------------
|
|
*
|
|
* createuser
|
|
*
|
|
* Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
*
|
|
* src/bin/scripts/createuser.c
|
|
*
|
|
*-------------------------------------------------------------------------
|
|
*/
|
|
|
|
#include "postgres_fe.h"
|
|
#include "common.h"
|
|
#include "fe_utils/simple_list.h"
|
|
#include "fe_utils/string_utils.h"
|
|
|
|
|
|
static void help(const char *progname);
|
|
|
|
int
|
|
main(int argc, char *argv[])
|
|
{
|
|
static struct option long_options[] = {
|
|
{"host", required_argument, NULL, 'h'},
|
|
{"port", required_argument, NULL, 'p'},
|
|
{"username", required_argument, NULL, 'U'},
|
|
{"role", required_argument, NULL, 'g'},
|
|
{"no-password", no_argument, NULL, 'w'},
|
|
{"password", no_argument, NULL, 'W'},
|
|
{"echo", no_argument, NULL, 'e'},
|
|
{"createdb", no_argument, NULL, 'd'},
|
|
{"no-createdb", no_argument, NULL, 'D'},
|
|
{"superuser", no_argument, NULL, 's'},
|
|
{"no-superuser", no_argument, NULL, 'S'},
|
|
{"createrole", no_argument, NULL, 'r'},
|
|
{"no-createrole", no_argument, NULL, 'R'},
|
|
{"inherit", no_argument, NULL, 'i'},
|
|
{"no-inherit", no_argument, NULL, 'I'},
|
|
{"login", no_argument, NULL, 'l'},
|
|
{"no-login", no_argument, NULL, 'L'},
|
|
{"replication", no_argument, NULL, 1},
|
|
{"no-replication", no_argument, NULL, 2},
|
|
{"interactive", no_argument, NULL, 3},
|
|
/* adduser is obsolete, undocumented spelling of superuser */
|
|
{"adduser", no_argument, NULL, 'a'},
|
|
{"no-adduser", no_argument, NULL, 'A'},
|
|
{"connection-limit", required_argument, NULL, 'c'},
|
|
{"pwprompt", no_argument, NULL, 'P'},
|
|
{"encrypted", no_argument, NULL, 'E'},
|
|
{NULL, 0, NULL, 0}
|
|
};
|
|
|
|
const char *progname;
|
|
int optindex;
|
|
int c;
|
|
const char *newuser = NULL;
|
|
char *host = NULL;
|
|
char *port = NULL;
|
|
char *username = NULL;
|
|
SimpleStringList roles = {NULL, NULL};
|
|
enum trivalue prompt_password = TRI_DEFAULT;
|
|
bool echo = false;
|
|
bool interactive = false;
|
|
char *conn_limit = NULL;
|
|
bool pwprompt = false;
|
|
char *newpassword = NULL;
|
|
char newuser_buf[128];
|
|
char newpassword_buf[100];
|
|
|
|
/* Tri-valued variables. */
|
|
enum trivalue createdb = TRI_DEFAULT,
|
|
superuser = TRI_DEFAULT,
|
|
createrole = TRI_DEFAULT,
|
|
inherit = TRI_DEFAULT,
|
|
login = TRI_DEFAULT,
|
|
replication = TRI_DEFAULT;
|
|
|
|
PQExpBufferData sql;
|
|
|
|
PGconn *conn;
|
|
PGresult *result;
|
|
|
|
progname = get_progname(argv[0]);
|
|
set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pgscripts"));
|
|
|
|
handle_help_version_opts(argc, argv, "createuser", help);
|
|
|
|
while ((c = getopt_long(argc, argv, "h:p:U:g:wWedDsSaArRiIlLc:PE",
|
|
long_options, &optindex)) != -1)
|
|
{
|
|
switch (c)
|
|
{
|
|
case 'h':
|
|
host = pg_strdup(optarg);
|
|
break;
|
|
case 'p':
|
|
port = pg_strdup(optarg);
|
|
break;
|
|
case 'U':
|
|
username = pg_strdup(optarg);
|
|
break;
|
|
case 'g':
|
|
simple_string_list_append(&roles, optarg);
|
|
break;
|
|
case 'w':
|
|
prompt_password = TRI_NO;
|
|
break;
|
|
case 'W':
|
|
prompt_password = TRI_YES;
|
|
break;
|
|
case 'e':
|
|
echo = true;
|
|
break;
|
|
case 'd':
|
|
createdb = TRI_YES;
|
|
break;
|
|
case 'D':
|
|
createdb = TRI_NO;
|
|
break;
|
|
case 's':
|
|
case 'a':
|
|
superuser = TRI_YES;
|
|
break;
|
|
case 'S':
|
|
case 'A':
|
|
superuser = TRI_NO;
|
|
break;
|
|
case 'r':
|
|
createrole = TRI_YES;
|
|
break;
|
|
case 'R':
|
|
createrole = TRI_NO;
|
|
break;
|
|
case 'i':
|
|
inherit = TRI_YES;
|
|
break;
|
|
case 'I':
|
|
inherit = TRI_NO;
|
|
break;
|
|
case 'l':
|
|
login = TRI_YES;
|
|
break;
|
|
case 'L':
|
|
login = TRI_NO;
|
|
break;
|
|
case 'c':
|
|
conn_limit = pg_strdup(optarg);
|
|
break;
|
|
case 'P':
|
|
pwprompt = true;
|
|
break;
|
|
case 'E':
|
|
/* no-op, accepted for backward compatibility */
|
|
break;
|
|
case 1:
|
|
replication = TRI_YES;
|
|
break;
|
|
case 2:
|
|
replication = TRI_NO;
|
|
break;
|
|
case 3:
|
|
interactive = true;
|
|
break;
|
|
default:
|
|
fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
|
|
exit(1);
|
|
}
|
|
}
|
|
|
|
switch (argc - optind)
|
|
{
|
|
case 0:
|
|
break;
|
|
case 1:
|
|
newuser = argv[optind];
|
|
break;
|
|
default:
|
|
fprintf(stderr, _("%s: too many command-line arguments (first is \"%s\")\n"),
|
|
progname, argv[optind + 1]);
|
|
fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
|
|
exit(1);
|
|
}
|
|
|
|
if (newuser == NULL)
|
|
{
|
|
if (interactive)
|
|
{
|
|
simple_prompt("Enter name of role to add: ",
|
|
newuser_buf, sizeof(newuser_buf), true);
|
|
newuser = newuser_buf;
|
|
}
|
|
else
|
|
{
|
|
if (getenv("PGUSER"))
|
|
newuser = getenv("PGUSER");
|
|
else
|
|
newuser = get_user_name_or_exit(progname);
|
|
}
|
|
}
|
|
|
|
if (pwprompt)
|
|
{
|
|
char pw2[100];
|
|
|
|
simple_prompt("Enter password for new role: ",
|
|
newpassword_buf, sizeof(newpassword_buf), false);
|
|
simple_prompt("Enter it again: ", pw2, sizeof(pw2), false);
|
|
if (strcmp(newpassword_buf, pw2) != 0)
|
|
{
|
|
fprintf(stderr, _("Passwords didn't match.\n"));
|
|
exit(1);
|
|
}
|
|
newpassword = newpassword_buf;
|
|
}
|
|
|
|
if (superuser == 0)
|
|
{
|
|
if (interactive && yesno_prompt("Shall the new role be a superuser?"))
|
|
superuser = TRI_YES;
|
|
else
|
|
superuser = TRI_NO;
|
|
}
|
|
|
|
if (superuser == TRI_YES)
|
|
{
|
|
/* Not much point in trying to restrict a superuser */
|
|
createdb = TRI_YES;
|
|
createrole = TRI_YES;
|
|
}
|
|
|
|
if (createdb == 0)
|
|
{
|
|
if (interactive && yesno_prompt("Shall the new role be allowed to create databases?"))
|
|
createdb = TRI_YES;
|
|
else
|
|
createdb = TRI_NO;
|
|
}
|
|
|
|
if (createrole == 0)
|
|
{
|
|
if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?"))
|
|
createrole = TRI_YES;
|
|
else
|
|
createrole = TRI_NO;
|
|
}
|
|
|
|
if (inherit == 0)
|
|
inherit = TRI_YES;
|
|
|
|
if (login == 0)
|
|
login = TRI_YES;
|
|
|
|
conn = connectDatabase("postgres", host, port, username, prompt_password,
|
|
progname, false, false);
|
|
|
|
initPQExpBuffer(&sql);
|
|
|
|
printfPQExpBuffer(&sql, "CREATE ROLE %s", fmtId(newuser));
|
|
if (newpassword)
|
|
{
|
|
char *encrypted_password;
|
|
|
|
appendPQExpBufferStr(&sql, " PASSWORD ");
|
|
|
|
encrypted_password = PQencryptPasswordConn(conn,
|
|
newpassword,
|
|
newuser,
|
|
NULL);
|
|
if (!encrypted_password)
|
|
{
|
|
fprintf(stderr, _("%s: password encryption failed: %s"),
|
|
progname, PQerrorMessage(conn));
|
|
exit(1);
|
|
}
|
|
appendStringLiteralConn(&sql, encrypted_password, conn);
|
|
PQfreemem(encrypted_password);
|
|
}
|
|
if (superuser == TRI_YES)
|
|
appendPQExpBufferStr(&sql, " SUPERUSER");
|
|
if (superuser == TRI_NO)
|
|
appendPQExpBufferStr(&sql, " NOSUPERUSER");
|
|
if (createdb == TRI_YES)
|
|
appendPQExpBufferStr(&sql, " CREATEDB");
|
|
if (createdb == TRI_NO)
|
|
appendPQExpBufferStr(&sql, " NOCREATEDB");
|
|
if (createrole == TRI_YES)
|
|
appendPQExpBufferStr(&sql, " CREATEROLE");
|
|
if (createrole == TRI_NO)
|
|
appendPQExpBufferStr(&sql, " NOCREATEROLE");
|
|
if (inherit == TRI_YES)
|
|
appendPQExpBufferStr(&sql, " INHERIT");
|
|
if (inherit == TRI_NO)
|
|
appendPQExpBufferStr(&sql, " NOINHERIT");
|
|
if (login == TRI_YES)
|
|
appendPQExpBufferStr(&sql, " LOGIN");
|
|
if (login == TRI_NO)
|
|
appendPQExpBufferStr(&sql, " NOLOGIN");
|
|
if (replication == TRI_YES)
|
|
appendPQExpBufferStr(&sql, " REPLICATION");
|
|
if (replication == TRI_NO)
|
|
appendPQExpBufferStr(&sql, " NOREPLICATION");
|
|
if (conn_limit != NULL)
|
|
appendPQExpBuffer(&sql, " CONNECTION LIMIT %s", conn_limit);
|
|
if (roles.head != NULL)
|
|
{
|
|
SimpleStringListCell *cell;
|
|
|
|
appendPQExpBufferStr(&sql, " IN ROLE ");
|
|
|
|
for (cell = roles.head; cell; cell = cell->next)
|
|
{
|
|
if (cell->next)
|
|
appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
|
|
else
|
|
appendPQExpBuffer(&sql, "%s", fmtId(cell->val));
|
|
}
|
|
}
|
|
appendPQExpBufferChar(&sql, ';');
|
|
|
|
if (echo)
|
|
printf("%s\n", sql.data);
|
|
result = PQexec(conn, sql.data);
|
|
|
|
if (PQresultStatus(result) != PGRES_COMMAND_OK)
|
|
{
|
|
fprintf(stderr, _("%s: creation of new role failed: %s"),
|
|
progname, PQerrorMessage(conn));
|
|
PQfinish(conn);
|
|
exit(1);
|
|
}
|
|
|
|
PQclear(result);
|
|
PQfinish(conn);
|
|
exit(0);
|
|
}
|
|
|
|
|
|
static void
|
|
help(const char *progname)
|
|
{
|
|
printf(_("%s creates a new PostgreSQL role.\n\n"), progname);
|
|
printf(_("Usage:\n"));
|
|
printf(_(" %s [OPTION]... [ROLENAME]\n"), progname);
|
|
printf(_("\nOptions:\n"));
|
|
printf(_(" -c, --connection-limit=N connection limit for role (default: no limit)\n"));
|
|
printf(_(" -d, --createdb role can create new databases\n"));
|
|
printf(_(" -D, --no-createdb role cannot create databases (default)\n"));
|
|
printf(_(" -e, --echo show the commands being sent to the server\n"));
|
|
printf(_(" -g, --role=ROLE new role will be a member of this role\n"));
|
|
printf(_(" -i, --inherit role inherits privileges of roles it is a\n"
|
|
" member of (default)\n"));
|
|
printf(_(" -I, --no-inherit role does not inherit privileges\n"));
|
|
printf(_(" -l, --login role can login (default)\n"));
|
|
printf(_(" -L, --no-login role cannot login\n"));
|
|
printf(_(" -P, --pwprompt assign a password to new role\n"));
|
|
printf(_(" -r, --createrole role can create new roles\n"));
|
|
printf(_(" -R, --no-createrole role cannot create roles (default)\n"));
|
|
printf(_(" -s, --superuser role will be superuser\n"));
|
|
printf(_(" -S, --no-superuser role will not be superuser (default)\n"));
|
|
printf(_(" -V, --version output version information, then exit\n"));
|
|
printf(_(" --interactive prompt for missing role name and attributes rather\n"
|
|
" than using defaults\n"));
|
|
printf(_(" --replication role can initiate replication\n"));
|
|
printf(_(" --no-replication role cannot initiate replication\n"));
|
|
printf(_(" -?, --help show this help, then exit\n"));
|
|
printf(_("\nConnection options:\n"));
|
|
printf(_(" -h, --host=HOSTNAME database server host or socket directory\n"));
|
|
printf(_(" -p, --port=PORT database server port\n"));
|
|
printf(_(" -U, --username=USERNAME user name to connect as (not the one to create)\n"));
|
|
printf(_(" -w, --no-password never prompt for password\n"));
|
|
printf(_(" -W, --password force password prompt\n"));
|
|
printf(_("\nReport bugs to <pgsql-bugs@postgresql.org>.\n"));
|
|
}
|