2003-03-18 23:19:47 +01:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
*
|
|
|
|
* createuser
|
|
|
|
*
|
2017-01-03 19:48:53 +01:00
|
|
|
* Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group
|
2003-03-18 23:19:47 +01:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
|
|
*
|
2010-09-20 22:08:53 +02:00
|
|
|
* src/bin/scripts/createuser.c
|
2003-03-18 23:19:47 +01:00
|
|
|
*
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "postgres_fe.h"
|
|
|
|
#include "common.h"
|
2016-03-24 20:55:44 +01:00
|
|
|
#include "fe_utils/simple_list.h"
|
|
|
|
#include "fe_utils/string_utils.h"
|
2003-03-18 23:19:47 +01:00
|
|
|
|
|
|
|
|
|
|
|
static void help(const char *progname);
|
|
|
|
|
|
|
|
int
|
|
|
|
main(int argc, char *argv[])
|
|
|
|
{
|
|
|
|
static struct option long_options[] = {
|
|
|
|
{"host", required_argument, NULL, 'h'},
|
|
|
|
{"port", required_argument, NULL, 'p'},
|
|
|
|
{"username", required_argument, NULL, 'U'},
|
2013-12-11 13:50:36 +01:00
|
|
|
{"role", required_argument, NULL, 'g'},
|
2009-02-26 17:02:39 +01:00
|
|
|
{"no-password", no_argument, NULL, 'w'},
|
2003-03-18 23:19:47 +01:00
|
|
|
{"password", no_argument, NULL, 'W'},
|
|
|
|
{"echo", no_argument, NULL, 'e'},
|
|
|
|
{"createdb", no_argument, NULL, 'd'},
|
|
|
|
{"no-createdb", no_argument, NULL, 'D'},
|
2005-08-14 22:16:03 +02:00
|
|
|
{"superuser", no_argument, NULL, 's'},
|
|
|
|
{"no-superuser", no_argument, NULL, 'S'},
|
|
|
|
{"createrole", no_argument, NULL, 'r'},
|
|
|
|
{"no-createrole", no_argument, NULL, 'R'},
|
|
|
|
{"inherit", no_argument, NULL, 'i'},
|
|
|
|
{"no-inherit", no_argument, NULL, 'I'},
|
|
|
|
{"login", no_argument, NULL, 'l'},
|
|
|
|
{"no-login", no_argument, NULL, 'L'},
|
2011-09-23 15:25:20 +02:00
|
|
|
{"replication", no_argument, NULL, 1},
|
|
|
|
{"no-replication", no_argument, NULL, 2},
|
2012-02-07 13:55:34 +01:00
|
|
|
{"interactive", no_argument, NULL, 3},
|
2005-08-14 22:16:03 +02:00
|
|
|
/* adduser is obsolete, undocumented spelling of superuser */
|
2003-03-18 23:19:47 +01:00
|
|
|
{"adduser", no_argument, NULL, 'a'},
|
|
|
|
{"no-adduser", no_argument, NULL, 'A'},
|
2005-09-30 09:13:54 +02:00
|
|
|
{"connection-limit", required_argument, NULL, 'c'},
|
2003-03-18 23:19:47 +01:00
|
|
|
{"pwprompt", no_argument, NULL, 'P'},
|
|
|
|
{"encrypted", no_argument, NULL, 'E'},
|
|
|
|
{"unencrypted", no_argument, NULL, 'N'},
|
|
|
|
{NULL, 0, NULL, 0}
|
|
|
|
};
|
|
|
|
|
2004-05-12 15:38:49 +02:00
|
|
|
const char *progname;
|
2003-03-18 23:19:47 +01:00
|
|
|
int optindex;
|
|
|
|
int c;
|
2012-02-07 13:55:34 +01:00
|
|
|
const char *newuser = NULL;
|
2003-03-18 23:19:47 +01:00
|
|
|
char *host = NULL;
|
|
|
|
char *port = NULL;
|
|
|
|
char *username = NULL;
|
2013-12-11 13:50:36 +01:00
|
|
|
SimpleStringList roles = {NULL, NULL};
|
2009-02-26 17:02:39 +01:00
|
|
|
enum trivalue prompt_password = TRI_DEFAULT;
|
2003-03-18 23:19:47 +01:00
|
|
|
bool echo = false;
|
2012-02-07 13:55:34 +01:00
|
|
|
bool interactive = false;
|
2005-12-12 16:41:52 +01:00
|
|
|
char *conn_limit = NULL;
|
|
|
|
bool pwprompt = false;
|
|
|
|
char *newpassword = NULL;
|
Simplify correct use of simple_prompt().
The previous API for this function had it returning a malloc'd string.
That meant that callers had to check for NULL return, which few of them
were doing, and it also meant that callers had to remember to free()
the string later, which required extra logic in most cases.
Instead, make simple_prompt() write into a buffer supplied by the caller.
Anywhere that the maximum required input length is reasonably small,
which is almost all of the callers, we can just use a local or static
array as the buffer instead of dealing with malloc/free.
A fair number of callers used "pointer == NULL" as a proxy for "haven't
requested the password yet". Maintaining the same behavior requires
adding a separate boolean flag for that, which adds back some of the
complexity we save by removing free()s. Nonetheless, this nets out
at a small reduction in overall code size, and considerably less code
than we would have had if we'd added the missing NULL-return checks
everywhere they were needed.
In passing, clean up the API comment for simple_prompt() and get rid
of a very-unnecessary malloc/free in its Windows code path.
This is nominally a bug fix, but it does not seem worth back-patching,
because the actual risk of an OOM failure in any of these places seems
pretty tiny, and all of them are client-side not server-side anyway.
This patch is by me, but it owes a great deal to Michael Paquier
who identified the problem and drafted a patch for fixing it the
other way.
Discussion: <CAB7nPqRu07Ot6iht9i9KRfYLpDaF2ZuUv5y_+72uP23ZAGysRg@mail.gmail.com>
2016-08-30 23:02:02 +02:00
|
|
|
char newuser_buf[128];
|
|
|
|
char newpassword_buf[100];
|
2006-10-04 02:30:14 +02:00
|
|
|
|
|
|
|
/* Tri-valued variables. */
|
|
|
|
enum trivalue createdb = TRI_DEFAULT,
|
|
|
|
superuser = TRI_DEFAULT,
|
|
|
|
createrole = TRI_DEFAULT,
|
|
|
|
inherit = TRI_DEFAULT,
|
|
|
|
login = TRI_DEFAULT,
|
2011-09-23 15:25:20 +02:00
|
|
|
replication = TRI_DEFAULT,
|
2006-10-04 02:30:14 +02:00
|
|
|
encrypted = TRI_DEFAULT;
|
2003-03-18 23:19:47 +01:00
|
|
|
|
|
|
|
PQExpBufferData sql;
|
|
|
|
|
|
|
|
PGconn *conn;
|
|
|
|
PGresult *result;
|
|
|
|
|
|
|
|
progname = get_progname(argv[0]);
|
2008-12-11 08:34:09 +01:00
|
|
|
set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pgscripts"));
|
2004-06-01 04:54:09 +02:00
|
|
|
|
2003-03-18 23:19:47 +01:00
|
|
|
handle_help_version_opts(argc, argv, "createuser", help);
|
|
|
|
|
2013-12-11 13:50:36 +01:00
|
|
|
while ((c = getopt_long(argc, argv, "h:p:U:g:wWedDsSaArRiIlLc:PEN",
|
2005-08-14 22:16:03 +02:00
|
|
|
long_options, &optindex)) != -1)
|
2003-03-18 23:19:47 +01:00
|
|
|
{
|
|
|
|
switch (c)
|
|
|
|
{
|
|
|
|
case 'h':
|
2012-10-12 19:35:40 +02:00
|
|
|
host = pg_strdup(optarg);
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
|
|
|
case 'p':
|
2012-10-12 19:35:40 +02:00
|
|
|
port = pg_strdup(optarg);
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
|
|
|
case 'U':
|
2012-10-12 19:35:40 +02:00
|
|
|
username = pg_strdup(optarg);
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
2013-12-11 13:50:36 +01:00
|
|
|
case 'g':
|
|
|
|
simple_string_list_append(&roles, optarg);
|
|
|
|
break;
|
2009-02-26 17:02:39 +01:00
|
|
|
case 'w':
|
|
|
|
prompt_password = TRI_NO;
|
|
|
|
break;
|
2003-03-18 23:19:47 +01:00
|
|
|
case 'W':
|
2009-02-26 17:02:39 +01:00
|
|
|
prompt_password = TRI_YES;
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
|
|
|
case 'e':
|
|
|
|
echo = true;
|
|
|
|
break;
|
|
|
|
case 'd':
|
2005-12-12 16:48:04 +01:00
|
|
|
createdb = TRI_YES;
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
|
|
|
case 'D':
|
2005-12-12 16:48:04 +01:00
|
|
|
createdb = TRI_NO;
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
2005-08-14 22:16:03 +02:00
|
|
|
case 's':
|
|
|
|
case 'a':
|
2005-12-12 16:48:04 +01:00
|
|
|
superuser = TRI_YES;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
|
|
|
case 'S':
|
|
|
|
case 'A':
|
2005-12-12 16:48:04 +01:00
|
|
|
superuser = TRI_NO;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
|
|
|
case 'r':
|
2005-12-12 16:48:04 +01:00
|
|
|
createrole = TRI_YES;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
|
|
|
case 'R':
|
2005-12-12 16:48:04 +01:00
|
|
|
createrole = TRI_NO;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
2003-03-18 23:19:47 +01:00
|
|
|
case 'i':
|
2005-12-12 16:48:04 +01:00
|
|
|
inherit = TRI_YES;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
|
|
|
case 'I':
|
2005-12-12 16:48:04 +01:00
|
|
|
inherit = TRI_NO;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
|
|
|
case 'l':
|
2005-12-12 16:48:04 +01:00
|
|
|
login = TRI_YES;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
|
|
|
case 'L':
|
2005-12-12 16:48:04 +01:00
|
|
|
login = TRI_NO;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
|
|
|
case 'c':
|
2012-10-12 19:35:40 +02:00
|
|
|
conn_limit = pg_strdup(optarg);
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
|
|
|
case 'P':
|
|
|
|
pwprompt = true;
|
|
|
|
break;
|
|
|
|
case 'E':
|
2005-12-12 16:48:04 +01:00
|
|
|
encrypted = TRI_YES;
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
|
|
|
case 'N':
|
2005-12-12 16:48:04 +01:00
|
|
|
encrypted = TRI_NO;
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
2011-09-23 15:25:20 +02:00
|
|
|
case 1:
|
|
|
|
replication = TRI_YES;
|
|
|
|
break;
|
|
|
|
case 2:
|
|
|
|
replication = TRI_NO;
|
|
|
|
break;
|
2012-02-07 13:55:34 +01:00
|
|
|
case 3:
|
|
|
|
interactive = true;
|
|
|
|
break;
|
2003-03-18 23:19:47 +01:00
|
|
|
default:
|
2003-07-23 10:47:41 +02:00
|
|
|
fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
|
2003-03-18 23:19:47 +01:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (argc - optind)
|
|
|
|
{
|
|
|
|
case 0:
|
|
|
|
break;
|
|
|
|
case 1:
|
|
|
|
newuser = argv[optind];
|
|
|
|
break;
|
|
|
|
default:
|
2003-07-23 10:47:41 +02:00
|
|
|
fprintf(stderr, _("%s: too many command-line arguments (first is \"%s\")\n"),
|
2003-03-18 23:19:47 +01:00
|
|
|
progname, argv[optind + 1]);
|
2003-07-23 10:47:41 +02:00
|
|
|
fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
|
2003-03-18 23:19:47 +01:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (newuser == NULL)
|
2012-02-07 13:55:34 +01:00
|
|
|
{
|
|
|
|
if (interactive)
|
Simplify correct use of simple_prompt().
The previous API for this function had it returning a malloc'd string.
That meant that callers had to check for NULL return, which few of them
were doing, and it also meant that callers had to remember to free()
the string later, which required extra logic in most cases.
Instead, make simple_prompt() write into a buffer supplied by the caller.
Anywhere that the maximum required input length is reasonably small,
which is almost all of the callers, we can just use a local or static
array as the buffer instead of dealing with malloc/free.
A fair number of callers used "pointer == NULL" as a proxy for "haven't
requested the password yet". Maintaining the same behavior requires
adding a separate boolean flag for that, which adds back some of the
complexity we save by removing free()s. Nonetheless, this nets out
at a small reduction in overall code size, and considerably less code
than we would have had if we'd added the missing NULL-return checks
everywhere they were needed.
In passing, clean up the API comment for simple_prompt() and get rid
of a very-unnecessary malloc/free in its Windows code path.
This is nominally a bug fix, but it does not seem worth back-patching,
because the actual risk of an OOM failure in any of these places seems
pretty tiny, and all of them are client-side not server-side anyway.
This patch is by me, but it owes a great deal to Michael Paquier
who identified the problem and drafted a patch for fixing it the
other way.
Discussion: <CAB7nPqRu07Ot6iht9i9KRfYLpDaF2ZuUv5y_+72uP23ZAGysRg@mail.gmail.com>
2016-08-30 23:02:02 +02:00
|
|
|
{
|
|
|
|
simple_prompt("Enter name of role to add: ",
|
|
|
|
newuser_buf, sizeof(newuser_buf), true);
|
|
|
|
newuser = newuser_buf;
|
|
|
|
}
|
2012-02-07 13:55:34 +01:00
|
|
|
else
|
|
|
|
{
|
|
|
|
if (getenv("PGUSER"))
|
|
|
|
newuser = getenv("PGUSER");
|
|
|
|
else
|
2013-12-18 18:16:16 +01:00
|
|
|
newuser = get_user_name_or_exit(progname);
|
2012-02-07 13:55:34 +01:00
|
|
|
}
|
|
|
|
}
|
2003-03-18 23:19:47 +01:00
|
|
|
|
|
|
|
if (pwprompt)
|
|
|
|
{
|
Simplify correct use of simple_prompt().
The previous API for this function had it returning a malloc'd string.
That meant that callers had to check for NULL return, which few of them
were doing, and it also meant that callers had to remember to free()
the string later, which required extra logic in most cases.
Instead, make simple_prompt() write into a buffer supplied by the caller.
Anywhere that the maximum required input length is reasonably small,
which is almost all of the callers, we can just use a local or static
array as the buffer instead of dealing with malloc/free.
A fair number of callers used "pointer == NULL" as a proxy for "haven't
requested the password yet". Maintaining the same behavior requires
adding a separate boolean flag for that, which adds back some of the
complexity we save by removing free()s. Nonetheless, this nets out
at a small reduction in overall code size, and considerably less code
than we would have had if we'd added the missing NULL-return checks
everywhere they were needed.
In passing, clean up the API comment for simple_prompt() and get rid
of a very-unnecessary malloc/free in its Windows code path.
This is nominally a bug fix, but it does not seem worth back-patching,
because the actual risk of an OOM failure in any of these places seems
pretty tiny, and all of them are client-side not server-side anyway.
This patch is by me, but it owes a great deal to Michael Paquier
who identified the problem and drafted a patch for fixing it the
other way.
Discussion: <CAB7nPqRu07Ot6iht9i9KRfYLpDaF2ZuUv5y_+72uP23ZAGysRg@mail.gmail.com>
2016-08-30 23:02:02 +02:00
|
|
|
char pw2[100];
|
2003-03-18 23:19:47 +01:00
|
|
|
|
Simplify correct use of simple_prompt().
The previous API for this function had it returning a malloc'd string.
That meant that callers had to check for NULL return, which few of them
were doing, and it also meant that callers had to remember to free()
the string later, which required extra logic in most cases.
Instead, make simple_prompt() write into a buffer supplied by the caller.
Anywhere that the maximum required input length is reasonably small,
which is almost all of the callers, we can just use a local or static
array as the buffer instead of dealing with malloc/free.
A fair number of callers used "pointer == NULL" as a proxy for "haven't
requested the password yet". Maintaining the same behavior requires
adding a separate boolean flag for that, which adds back some of the
complexity we save by removing free()s. Nonetheless, this nets out
at a small reduction in overall code size, and considerably less code
than we would have had if we'd added the missing NULL-return checks
everywhere they were needed.
In passing, clean up the API comment for simple_prompt() and get rid
of a very-unnecessary malloc/free in its Windows code path.
This is nominally a bug fix, but it does not seem worth back-patching,
because the actual risk of an OOM failure in any of these places seems
pretty tiny, and all of them are client-side not server-side anyway.
This patch is by me, but it owes a great deal to Michael Paquier
who identified the problem and drafted a patch for fixing it the
other way.
Discussion: <CAB7nPqRu07Ot6iht9i9KRfYLpDaF2ZuUv5y_+72uP23ZAGysRg@mail.gmail.com>
2016-08-30 23:02:02 +02:00
|
|
|
simple_prompt("Enter password for new role: ",
|
|
|
|
newpassword_buf, sizeof(newpassword_buf), false);
|
|
|
|
simple_prompt("Enter it again: ", pw2, sizeof(pw2), false);
|
|
|
|
if (strcmp(newpassword_buf, pw2) != 0)
|
2003-03-18 23:19:47 +01:00
|
|
|
{
|
|
|
|
fprintf(stderr, _("Passwords didn't match.\n"));
|
|
|
|
exit(1);
|
|
|
|
}
|
Simplify correct use of simple_prompt().
The previous API for this function had it returning a malloc'd string.
That meant that callers had to check for NULL return, which few of them
were doing, and it also meant that callers had to remember to free()
the string later, which required extra logic in most cases.
Instead, make simple_prompt() write into a buffer supplied by the caller.
Anywhere that the maximum required input length is reasonably small,
which is almost all of the callers, we can just use a local or static
array as the buffer instead of dealing with malloc/free.
A fair number of callers used "pointer == NULL" as a proxy for "haven't
requested the password yet". Maintaining the same behavior requires
adding a separate boolean flag for that, which adds back some of the
complexity we save by removing free()s. Nonetheless, this nets out
at a small reduction in overall code size, and considerably less code
than we would have had if we'd added the missing NULL-return checks
everywhere they were needed.
In passing, clean up the API comment for simple_prompt() and get rid
of a very-unnecessary malloc/free in its Windows code path.
This is nominally a bug fix, but it does not seem worth back-patching,
because the actual risk of an OOM failure in any of these places seems
pretty tiny, and all of them are client-side not server-side anyway.
This patch is by me, but it owes a great deal to Michael Paquier
who identified the problem and drafted a patch for fixing it the
other way.
Discussion: <CAB7nPqRu07Ot6iht9i9KRfYLpDaF2ZuUv5y_+72uP23ZAGysRg@mail.gmail.com>
2016-08-30 23:02:02 +02:00
|
|
|
newpassword = newpassword_buf;
|
2003-03-18 23:19:47 +01:00
|
|
|
}
|
|
|
|
|
2005-08-14 22:16:03 +02:00
|
|
|
if (superuser == 0)
|
|
|
|
{
|
2012-02-07 13:55:34 +01:00
|
|
|
if (interactive && yesno_prompt("Shall the new role be a superuser?"))
|
2005-12-12 16:48:04 +01:00
|
|
|
superuser = TRI_YES;
|
2005-08-14 22:16:03 +02:00
|
|
|
else
|
2005-12-12 16:48:04 +01:00
|
|
|
superuser = TRI_NO;
|
2005-08-14 22:16:03 +02:00
|
|
|
}
|
|
|
|
|
2005-12-12 16:48:04 +01:00
|
|
|
if (superuser == TRI_YES)
|
2005-08-14 22:16:03 +02:00
|
|
|
{
|
|
|
|
/* Not much point in trying to restrict a superuser */
|
2005-12-12 16:48:04 +01:00
|
|
|
createdb = TRI_YES;
|
|
|
|
createrole = TRI_YES;
|
2005-08-14 22:16:03 +02:00
|
|
|
}
|
|
|
|
|
2003-03-18 23:19:47 +01:00
|
|
|
if (createdb == 0)
|
|
|
|
{
|
2012-02-07 13:55:34 +01:00
|
|
|
if (interactive && yesno_prompt("Shall the new role be allowed to create databases?"))
|
2005-12-12 16:48:04 +01:00
|
|
|
createdb = TRI_YES;
|
2003-03-18 23:19:47 +01:00
|
|
|
else
|
2005-12-12 16:48:04 +01:00
|
|
|
createdb = TRI_NO;
|
2003-03-18 23:19:47 +01:00
|
|
|
}
|
|
|
|
|
2005-08-14 22:16:03 +02:00
|
|
|
if (createrole == 0)
|
2003-03-18 23:19:47 +01:00
|
|
|
{
|
2012-02-07 13:55:34 +01:00
|
|
|
if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?"))
|
2005-12-12 16:48:04 +01:00
|
|
|
createrole = TRI_YES;
|
2003-03-18 23:19:47 +01:00
|
|
|
else
|
2005-12-12 16:48:04 +01:00
|
|
|
createrole = TRI_NO;
|
2005-08-14 22:16:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (inherit == 0)
|
2005-12-12 16:48:04 +01:00
|
|
|
inherit = TRI_YES;
|
2005-08-14 22:16:03 +02:00
|
|
|
|
|
|
|
if (login == 0)
|
2005-12-12 16:48:04 +01:00
|
|
|
login = TRI_YES;
|
2003-03-18 23:19:47 +01:00
|
|
|
|
2015-12-23 21:45:43 +01:00
|
|
|
conn = connectDatabase("postgres", host, port, username, prompt_password,
|
|
|
|
progname, false, false);
|
2006-05-28 23:13:54 +02:00
|
|
|
|
2003-03-18 23:19:47 +01:00
|
|
|
initPQExpBuffer(&sql);
|
|
|
|
|
2005-08-14 22:16:03 +02:00
|
|
|
printfPQExpBuffer(&sql, "CREATE ROLE %s", fmtId(newuser));
|
2003-03-18 23:19:47 +01:00
|
|
|
if (newpassword)
|
|
|
|
{
|
2005-12-12 16:48:04 +01:00
|
|
|
if (encrypted == TRI_YES)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " ENCRYPTED");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (encrypted == TRI_NO)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " UNENCRYPTED");
|
|
|
|
appendPQExpBufferStr(&sql, " PASSWORD ");
|
2005-12-18 03:17:16 +01:00
|
|
|
|
|
|
|
if (encrypted != TRI_NO)
|
|
|
|
{
|
2005-12-23 02:16:38 +01:00
|
|
|
char *encrypted_password;
|
2005-12-18 03:17:16 +01:00
|
|
|
|
2017-05-03 10:19:07 +02:00
|
|
|
encrypted_password = PQencryptPasswordConn(conn,
|
|
|
|
newpassword,
|
|
|
|
newuser,
|
|
|
|
NULL);
|
2005-12-23 02:16:38 +01:00
|
|
|
if (!encrypted_password)
|
2005-12-18 03:17:16 +01:00
|
|
|
{
|
2017-05-03 10:19:07 +02:00
|
|
|
fprintf(stderr, _("%s: password encryption failed: %s"),
|
|
|
|
progname, PQerrorMessage(conn));
|
2005-12-18 03:17:16 +01:00
|
|
|
exit(1);
|
|
|
|
}
|
2006-05-28 23:13:54 +02:00
|
|
|
appendStringLiteralConn(&sql, encrypted_password, conn);
|
2005-12-23 02:16:38 +01:00
|
|
|
PQfreemem(encrypted_password);
|
2005-12-18 03:17:16 +01:00
|
|
|
}
|
|
|
|
else
|
2006-05-28 23:13:54 +02:00
|
|
|
appendStringLiteralConn(&sql, newpassword, conn);
|
2003-03-18 23:19:47 +01:00
|
|
|
}
|
2005-12-12 16:48:04 +01:00
|
|
|
if (superuser == TRI_YES)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " SUPERUSER");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (superuser == TRI_NO)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " NOSUPERUSER");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (createdb == TRI_YES)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " CREATEDB");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (createdb == TRI_NO)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " NOCREATEDB");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (createrole == TRI_YES)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " CREATEROLE");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (createrole == TRI_NO)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " NOCREATEROLE");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (inherit == TRI_YES)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " INHERIT");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (inherit == TRI_NO)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " NOINHERIT");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (login == TRI_YES)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " LOGIN");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (login == TRI_NO)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " NOLOGIN");
|
2011-09-23 15:25:20 +02:00
|
|
|
if (replication == TRI_YES)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " REPLICATION");
|
2011-09-23 15:25:20 +02:00
|
|
|
if (replication == TRI_NO)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " NOREPLICATION");
|
2005-08-14 22:16:03 +02:00
|
|
|
if (conn_limit != NULL)
|
|
|
|
appendPQExpBuffer(&sql, " CONNECTION LIMIT %s", conn_limit);
|
2013-12-11 13:50:36 +01:00
|
|
|
if (roles.head != NULL)
|
|
|
|
{
|
|
|
|
SimpleStringListCell *cell;
|
2014-05-06 18:12:18 +02:00
|
|
|
|
2013-12-11 13:50:36 +01:00
|
|
|
appendPQExpBufferStr(&sql, " IN ROLE ");
|
|
|
|
|
|
|
|
for (cell = roles.head; cell; cell = cell->next)
|
|
|
|
{
|
|
|
|
if (cell->next)
|
|
|
|
appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
|
|
|
|
else
|
|
|
|
appendPQExpBuffer(&sql, "%s", fmtId(cell->val));
|
|
|
|
}
|
|
|
|
}
|
2015-07-02 11:32:48 +02:00
|
|
|
appendPQExpBufferChar(&sql, ';');
|
2003-03-18 23:19:47 +01:00
|
|
|
|
|
|
|
if (echo)
|
2014-02-11 03:47:19 +01:00
|
|
|
printf("%s\n", sql.data);
|
2003-03-18 23:19:47 +01:00
|
|
|
result = PQexec(conn, sql.data);
|
|
|
|
|
|
|
|
if (PQresultStatus(result) != PGRES_COMMAND_OK)
|
|
|
|
{
|
2005-08-14 22:16:03 +02:00
|
|
|
fprintf(stderr, _("%s: creation of new role failed: %s"),
|
2003-03-18 23:19:47 +01:00
|
|
|
progname, PQerrorMessage(conn));
|
|
|
|
PQfinish(conn);
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
2006-05-29 21:52:46 +02:00
|
|
|
PQclear(result);
|
2003-03-18 23:19:47 +01:00
|
|
|
PQfinish(conn);
|
|
|
|
exit(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
help(const char *progname)
|
|
|
|
{
|
2005-08-14 22:16:03 +02:00
|
|
|
printf(_("%s creates a new PostgreSQL role.\n\n"), progname);
|
2003-03-18 23:19:47 +01:00
|
|
|
printf(_("Usage:\n"));
|
2005-09-30 09:58:01 +02:00
|
|
|
printf(_(" %s [OPTION]... [ROLENAME]\n"), progname);
|
2003-03-18 23:19:47 +01:00
|
|
|
printf(_("\nOptions:\n"));
|
2009-02-25 14:03:07 +01:00
|
|
|
printf(_(" -c, --connection-limit=N connection limit for role (default: no limit)\n"));
|
2005-08-14 22:16:03 +02:00
|
|
|
printf(_(" -d, --createdb role can create new databases\n"));
|
2012-02-07 13:55:34 +01:00
|
|
|
printf(_(" -D, --no-createdb role cannot create databases (default)\n"));
|
2009-02-25 14:03:07 +01:00
|
|
|
printf(_(" -e, --echo show the commands being sent to the server\n"));
|
|
|
|
printf(_(" -E, --encrypted encrypt stored password\n"));
|
2013-12-11 13:50:36 +01:00
|
|
|
printf(_(" -g, --role=ROLE new role will be a member of this role\n"));
|
2005-09-30 09:58:01 +02:00
|
|
|
printf(_(" -i, --inherit role inherits privileges of roles it is a\n"
|
2005-10-15 04:49:52 +02:00
|
|
|
" member of (default)\n"));
|
2005-09-30 09:58:01 +02:00
|
|
|
printf(_(" -I, --no-inherit role does not inherit privileges\n"));
|
2009-02-25 14:03:07 +01:00
|
|
|
printf(_(" -l, --login role can login (default)\n"));
|
|
|
|
printf(_(" -L, --no-login role cannot login\n"));
|
2004-12-14 12:11:20 +01:00
|
|
|
printf(_(" -N, --unencrypted do not encrypt stored password\n"));
|
2009-02-25 14:03:07 +01:00
|
|
|
printf(_(" -P, --pwprompt assign a password to new role\n"));
|
|
|
|
printf(_(" -r, --createrole role can create new roles\n"));
|
2012-02-07 13:55:34 +01:00
|
|
|
printf(_(" -R, --no-createrole role cannot create roles (default)\n"));
|
2009-02-25 14:03:07 +01:00
|
|
|
printf(_(" -s, --superuser role will be superuser\n"));
|
2012-02-07 13:55:34 +01:00
|
|
|
printf(_(" -S, --no-superuser role will not be superuser (default)\n"));
|
2012-06-18 01:44:00 +02:00
|
|
|
printf(_(" -V, --version output version information, then exit\n"));
|
2012-02-07 13:55:34 +01:00
|
|
|
printf(_(" --interactive prompt for missing role name and attributes rather\n"
|
|
|
|
" than using defaults\n"));
|
2011-09-23 15:25:20 +02:00
|
|
|
printf(_(" --replication role can initiate replication\n"));
|
|
|
|
printf(_(" --no-replication role cannot initiate replication\n"));
|
2012-06-18 01:44:00 +02:00
|
|
|
printf(_(" -?, --help show this help, then exit\n"));
|
2003-03-18 23:19:47 +01:00
|
|
|
printf(_("\nConnection options:\n"));
|
2003-06-11 07:13:12 +02:00
|
|
|
printf(_(" -h, --host=HOSTNAME database server host or socket directory\n"));
|
2003-03-18 23:19:47 +01:00
|
|
|
printf(_(" -p, --port=PORT database server port\n"));
|
|
|
|
printf(_(" -U, --username=USERNAME user name to connect as (not the one to create)\n"));
|
2009-02-26 17:02:39 +01:00
|
|
|
printf(_(" -w, --no-password never prompt for password\n"));
|
2007-12-11 20:57:32 +01:00
|
|
|
printf(_(" -W, --password force password prompt\n"));
|
2003-03-18 23:19:47 +01:00
|
|
|
printf(_("\nReport bugs to <pgsql-bugs@postgresql.org>.\n"));
|
|
|
|
}
|