2003-03-18 23:19:47 +01:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
*
|
|
|
|
* createuser
|
|
|
|
*
|
2019-01-02 18:44:25 +01:00
|
|
|
* Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group
|
2003-03-18 23:19:47 +01:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
|
|
*
|
2010-09-20 22:08:53 +02:00
|
|
|
* src/bin/scripts/createuser.c
|
2003-03-18 23:19:47 +01:00
|
|
|
*
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "postgres_fe.h"
|
|
|
|
#include "common.h"
|
2019-05-14 20:19:49 +02:00
|
|
|
#include "common/logging.h"
|
2016-03-24 20:55:44 +01:00
|
|
|
#include "fe_utils/simple_list.h"
|
|
|
|
#include "fe_utils/string_utils.h"
|
2003-03-18 23:19:47 +01:00
|
|
|
|
|
|
|
|
|
|
|
static void help(const char *progname);
|
|
|
|
|
|
|
|
int
|
|
|
|
main(int argc, char *argv[])
|
|
|
|
{
|
|
|
|
static struct option long_options[] = {
|
|
|
|
{"host", required_argument, NULL, 'h'},
|
|
|
|
{"port", required_argument, NULL, 'p'},
|
|
|
|
{"username", required_argument, NULL, 'U'},
|
2013-12-11 13:50:36 +01:00
|
|
|
{"role", required_argument, NULL, 'g'},
|
2009-02-26 17:02:39 +01:00
|
|
|
{"no-password", no_argument, NULL, 'w'},
|
2003-03-18 23:19:47 +01:00
|
|
|
{"password", no_argument, NULL, 'W'},
|
|
|
|
{"echo", no_argument, NULL, 'e'},
|
|
|
|
{"createdb", no_argument, NULL, 'd'},
|
|
|
|
{"no-createdb", no_argument, NULL, 'D'},
|
2005-08-14 22:16:03 +02:00
|
|
|
{"superuser", no_argument, NULL, 's'},
|
|
|
|
{"no-superuser", no_argument, NULL, 'S'},
|
|
|
|
{"createrole", no_argument, NULL, 'r'},
|
|
|
|
{"no-createrole", no_argument, NULL, 'R'},
|
|
|
|
{"inherit", no_argument, NULL, 'i'},
|
|
|
|
{"no-inherit", no_argument, NULL, 'I'},
|
|
|
|
{"login", no_argument, NULL, 'l'},
|
|
|
|
{"no-login", no_argument, NULL, 'L'},
|
2011-09-23 15:25:20 +02:00
|
|
|
{"replication", no_argument, NULL, 1},
|
|
|
|
{"no-replication", no_argument, NULL, 2},
|
2012-02-07 13:55:34 +01:00
|
|
|
{"interactive", no_argument, NULL, 3},
|
2005-08-14 22:16:03 +02:00
|
|
|
/* adduser is obsolete, undocumented spelling of superuser */
|
2003-03-18 23:19:47 +01:00
|
|
|
{"adduser", no_argument, NULL, 'a'},
|
|
|
|
{"no-adduser", no_argument, NULL, 'A'},
|
2005-09-30 09:13:54 +02:00
|
|
|
{"connection-limit", required_argument, NULL, 'c'},
|
2003-03-18 23:19:47 +01:00
|
|
|
{"pwprompt", no_argument, NULL, 'P'},
|
|
|
|
{"encrypted", no_argument, NULL, 'E'},
|
|
|
|
{NULL, 0, NULL, 0}
|
|
|
|
};
|
|
|
|
|
2004-05-12 15:38:49 +02:00
|
|
|
const char *progname;
|
2003-03-18 23:19:47 +01:00
|
|
|
int optindex;
|
|
|
|
int c;
|
2012-02-07 13:55:34 +01:00
|
|
|
const char *newuser = NULL;
|
2003-03-18 23:19:47 +01:00
|
|
|
char *host = NULL;
|
|
|
|
char *port = NULL;
|
|
|
|
char *username = NULL;
|
2013-12-11 13:50:36 +01:00
|
|
|
SimpleStringList roles = {NULL, NULL};
|
2009-02-26 17:02:39 +01:00
|
|
|
enum trivalue prompt_password = TRI_DEFAULT;
|
2003-03-18 23:19:47 +01:00
|
|
|
bool echo = false;
|
2012-02-07 13:55:34 +01:00
|
|
|
bool interactive = false;
|
2005-12-12 16:41:52 +01:00
|
|
|
char *conn_limit = NULL;
|
|
|
|
bool pwprompt = false;
|
|
|
|
char *newpassword = NULL;
|
Simplify correct use of simple_prompt().
The previous API for this function had it returning a malloc'd string.
That meant that callers had to check for NULL return, which few of them
were doing, and it also meant that callers had to remember to free()
the string later, which required extra logic in most cases.
Instead, make simple_prompt() write into a buffer supplied by the caller.
Anywhere that the maximum required input length is reasonably small,
which is almost all of the callers, we can just use a local or static
array as the buffer instead of dealing with malloc/free.
A fair number of callers used "pointer == NULL" as a proxy for "haven't
requested the password yet". Maintaining the same behavior requires
adding a separate boolean flag for that, which adds back some of the
complexity we save by removing free()s. Nonetheless, this nets out
at a small reduction in overall code size, and considerably less code
than we would have had if we'd added the missing NULL-return checks
everywhere they were needed.
In passing, clean up the API comment for simple_prompt() and get rid
of a very-unnecessary malloc/free in its Windows code path.
This is nominally a bug fix, but it does not seem worth back-patching,
because the actual risk of an OOM failure in any of these places seems
pretty tiny, and all of them are client-side not server-side anyway.
This patch is by me, but it owes a great deal to Michael Paquier
who identified the problem and drafted a patch for fixing it the
other way.
Discussion: <CAB7nPqRu07Ot6iht9i9KRfYLpDaF2ZuUv5y_+72uP23ZAGysRg@mail.gmail.com>
2016-08-30 23:02:02 +02:00
|
|
|
char newuser_buf[128];
|
|
|
|
char newpassword_buf[100];
|
2006-10-04 02:30:14 +02:00
|
|
|
|
|
|
|
/* Tri-valued variables. */
|
|
|
|
enum trivalue createdb = TRI_DEFAULT,
|
|
|
|
superuser = TRI_DEFAULT,
|
|
|
|
createrole = TRI_DEFAULT,
|
|
|
|
inherit = TRI_DEFAULT,
|
|
|
|
login = TRI_DEFAULT,
|
Remove support for password_encryption='off' / 'plain'.
Storing passwords in plaintext hasn't been a good idea for a very long
time, if ever. Now seems like a good time to finally forbid it, since we're
messing with this in PostgreSQL 10 anyway.
Remove the CREATE/ALTER USER UNENCRYPTED PASSSWORD 'foo' syntax, since
storing passwords unencrypted is no longer supported. ENCRYPTED PASSWORD
'foo' is still accepted, but ENCRYPTED is now just a noise-word, it does
the same as just PASSWORD 'foo'.
Likewise, remove the --unencrypted option from createuser, but accept
--encrypted as a no-op for backward compatibility. AFAICS, --encrypted was
a no-op even before this patch, because createuser encrypted the password
before sending it to the server even if --encrypted was not specified. It
added the ENCRYPTED keyword to the SQL command, but since the password was
already in encrypted form, it didn't make any difference. The documentation
was not clear on whether that was intended or not, but it's moot now.
Also, while password_encryption='on' is still accepted as an alias for
'md5', it is now marked as hidden, so that it is not listed as an accepted
value in error hints, for example. That's not directly related to removing
'plain', but it seems better this way.
Reviewed by Michael Paquier
Discussion: https://www.postgresql.org/message-id/16e9b768-fd78-0b12-cfc1-7b6b7f238fde@iki.fi
2017-05-08 10:26:07 +02:00
|
|
|
replication = TRI_DEFAULT;
|
2003-03-18 23:19:47 +01:00
|
|
|
|
|
|
|
PQExpBufferData sql;
|
|
|
|
|
|
|
|
PGconn *conn;
|
|
|
|
PGresult *result;
|
|
|
|
|
Unified logging system for command-line programs
This unifies the various ad hoc logging (message printing, error
printing) systems used throughout the command-line programs.
Features:
- Program name is automatically prefixed.
- Message string does not end with newline. This removes a common
source of inconsistencies and omissions.
- Additionally, a final newline is automatically stripped, simplifying
use of PQerrorMessage() etc., another common source of mistakes.
- I converted error message strings to use %m where possible.
- As a result of the above several points, more translatable message
strings can be shared between different components and between
frontends and backend, without gratuitous punctuation or whitespace
differences.
- There is support for setting a "log level". This is not meant to be
user-facing, but can be used internally to implement debug or
verbose modes.
- Lazy argument evaluation, so no significant overhead if logging at
some level is disabled.
- Some color in the messages, similar to gcc and clang. Set
PG_COLOR=auto to try it out. Some colors are predefined, but can be
customized by setting PG_COLORS.
- Common files (common/, fe_utils/, etc.) can handle logging much more
simply by just using one API without worrying too much about the
context of the calling program, requiring callbacks, or having to
pass "progname" around everywhere.
- Some programs called setvbuf() to make sure that stderr is
unbuffered, even on Windows. But not all programs did that. This
is now done centrally.
Soft goals:
- Reduces vertical space use and visual complexity of error reporting
in the source code.
- Encourages more deliberate classification of messages. For example,
in some cases it wasn't clear without analyzing the surrounding code
whether a message was meant as an error or just an info.
- Concepts and terms are vaguely aligned with popular logging
frameworks such as log4j and Python logging.
This is all just about printing stuff out. Nothing affects program
flow (e.g., fatal exits). The uses are just too varied to do that.
Some existing code had wrappers that do some kind of print-and-exit,
and I adapted those.
I tried to keep the output mostly the same, but there is a lot of
historical baggage to unwind and special cases to consider, and I
might not always have succeeded. One significant change is that
pg_rewind used to write all error messages to stdout. That is now
changed to stderr.
Reviewed-by: Donald Dong <xdong@csumb.edu>
Reviewed-by: Arthur Zakirov <a.zakirov@postgrespro.ru>
Discussion: https://www.postgresql.org/message-id/flat/6a609b43-4f57-7348-6480-bd022f924310@2ndquadrant.com
2019-04-01 14:24:37 +02:00
|
|
|
pg_logging_init(argv[0]);
|
2003-03-18 23:19:47 +01:00
|
|
|
progname = get_progname(argv[0]);
|
2008-12-11 08:34:09 +01:00
|
|
|
set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pgscripts"));
|
2004-06-01 04:54:09 +02:00
|
|
|
|
2003-03-18 23:19:47 +01:00
|
|
|
handle_help_version_opts(argc, argv, "createuser", help);
|
|
|
|
|
Remove support for password_encryption='off' / 'plain'.
Storing passwords in plaintext hasn't been a good idea for a very long
time, if ever. Now seems like a good time to finally forbid it, since we're
messing with this in PostgreSQL 10 anyway.
Remove the CREATE/ALTER USER UNENCRYPTED PASSSWORD 'foo' syntax, since
storing passwords unencrypted is no longer supported. ENCRYPTED PASSWORD
'foo' is still accepted, but ENCRYPTED is now just a noise-word, it does
the same as just PASSWORD 'foo'.
Likewise, remove the --unencrypted option from createuser, but accept
--encrypted as a no-op for backward compatibility. AFAICS, --encrypted was
a no-op even before this patch, because createuser encrypted the password
before sending it to the server even if --encrypted was not specified. It
added the ENCRYPTED keyword to the SQL command, but since the password was
already in encrypted form, it didn't make any difference. The documentation
was not clear on whether that was intended or not, but it's moot now.
Also, while password_encryption='on' is still accepted as an alias for
'md5', it is now marked as hidden, so that it is not listed as an accepted
value in error hints, for example. That's not directly related to removing
'plain', but it seems better this way.
Reviewed by Michael Paquier
Discussion: https://www.postgresql.org/message-id/16e9b768-fd78-0b12-cfc1-7b6b7f238fde@iki.fi
2017-05-08 10:26:07 +02:00
|
|
|
while ((c = getopt_long(argc, argv, "h:p:U:g:wWedDsSaArRiIlLc:PE",
|
2005-08-14 22:16:03 +02:00
|
|
|
long_options, &optindex)) != -1)
|
2003-03-18 23:19:47 +01:00
|
|
|
{
|
|
|
|
switch (c)
|
|
|
|
{
|
|
|
|
case 'h':
|
2012-10-12 19:35:40 +02:00
|
|
|
host = pg_strdup(optarg);
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
|
|
|
case 'p':
|
2012-10-12 19:35:40 +02:00
|
|
|
port = pg_strdup(optarg);
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
|
|
|
case 'U':
|
2012-10-12 19:35:40 +02:00
|
|
|
username = pg_strdup(optarg);
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
2013-12-11 13:50:36 +01:00
|
|
|
case 'g':
|
|
|
|
simple_string_list_append(&roles, optarg);
|
|
|
|
break;
|
2009-02-26 17:02:39 +01:00
|
|
|
case 'w':
|
|
|
|
prompt_password = TRI_NO;
|
|
|
|
break;
|
2003-03-18 23:19:47 +01:00
|
|
|
case 'W':
|
2009-02-26 17:02:39 +01:00
|
|
|
prompt_password = TRI_YES;
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
|
|
|
case 'e':
|
|
|
|
echo = true;
|
|
|
|
break;
|
|
|
|
case 'd':
|
2005-12-12 16:48:04 +01:00
|
|
|
createdb = TRI_YES;
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
|
|
|
case 'D':
|
2005-12-12 16:48:04 +01:00
|
|
|
createdb = TRI_NO;
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
2005-08-14 22:16:03 +02:00
|
|
|
case 's':
|
|
|
|
case 'a':
|
2005-12-12 16:48:04 +01:00
|
|
|
superuser = TRI_YES;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
|
|
|
case 'S':
|
|
|
|
case 'A':
|
2005-12-12 16:48:04 +01:00
|
|
|
superuser = TRI_NO;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
|
|
|
case 'r':
|
2005-12-12 16:48:04 +01:00
|
|
|
createrole = TRI_YES;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
|
|
|
case 'R':
|
2005-12-12 16:48:04 +01:00
|
|
|
createrole = TRI_NO;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
2003-03-18 23:19:47 +01:00
|
|
|
case 'i':
|
2005-12-12 16:48:04 +01:00
|
|
|
inherit = TRI_YES;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
|
|
|
case 'I':
|
2005-12-12 16:48:04 +01:00
|
|
|
inherit = TRI_NO;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
|
|
|
case 'l':
|
2005-12-12 16:48:04 +01:00
|
|
|
login = TRI_YES;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
|
|
|
case 'L':
|
2005-12-12 16:48:04 +01:00
|
|
|
login = TRI_NO;
|
2005-08-14 22:16:03 +02:00
|
|
|
break;
|
|
|
|
case 'c':
|
2012-10-12 19:35:40 +02:00
|
|
|
conn_limit = pg_strdup(optarg);
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
|
|
|
case 'P':
|
|
|
|
pwprompt = true;
|
|
|
|
break;
|
|
|
|
case 'E':
|
Remove support for password_encryption='off' / 'plain'.
Storing passwords in plaintext hasn't been a good idea for a very long
time, if ever. Now seems like a good time to finally forbid it, since we're
messing with this in PostgreSQL 10 anyway.
Remove the CREATE/ALTER USER UNENCRYPTED PASSSWORD 'foo' syntax, since
storing passwords unencrypted is no longer supported. ENCRYPTED PASSWORD
'foo' is still accepted, but ENCRYPTED is now just a noise-word, it does
the same as just PASSWORD 'foo'.
Likewise, remove the --unencrypted option from createuser, but accept
--encrypted as a no-op for backward compatibility. AFAICS, --encrypted was
a no-op even before this patch, because createuser encrypted the password
before sending it to the server even if --encrypted was not specified. It
added the ENCRYPTED keyword to the SQL command, but since the password was
already in encrypted form, it didn't make any difference. The documentation
was not clear on whether that was intended or not, but it's moot now.
Also, while password_encryption='on' is still accepted as an alias for
'md5', it is now marked as hidden, so that it is not listed as an accepted
value in error hints, for example. That's not directly related to removing
'plain', but it seems better this way.
Reviewed by Michael Paquier
Discussion: https://www.postgresql.org/message-id/16e9b768-fd78-0b12-cfc1-7b6b7f238fde@iki.fi
2017-05-08 10:26:07 +02:00
|
|
|
/* no-op, accepted for backward compatibility */
|
2003-03-18 23:19:47 +01:00
|
|
|
break;
|
2011-09-23 15:25:20 +02:00
|
|
|
case 1:
|
|
|
|
replication = TRI_YES;
|
|
|
|
break;
|
|
|
|
case 2:
|
|
|
|
replication = TRI_NO;
|
|
|
|
break;
|
2012-02-07 13:55:34 +01:00
|
|
|
case 3:
|
|
|
|
interactive = true;
|
|
|
|
break;
|
2003-03-18 23:19:47 +01:00
|
|
|
default:
|
2003-07-23 10:47:41 +02:00
|
|
|
fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
|
2003-03-18 23:19:47 +01:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (argc - optind)
|
|
|
|
{
|
|
|
|
case 0:
|
|
|
|
break;
|
|
|
|
case 1:
|
|
|
|
newuser = argv[optind];
|
|
|
|
break;
|
|
|
|
default:
|
Unified logging system for command-line programs
This unifies the various ad hoc logging (message printing, error
printing) systems used throughout the command-line programs.
Features:
- Program name is automatically prefixed.
- Message string does not end with newline. This removes a common
source of inconsistencies and omissions.
- Additionally, a final newline is automatically stripped, simplifying
use of PQerrorMessage() etc., another common source of mistakes.
- I converted error message strings to use %m where possible.
- As a result of the above several points, more translatable message
strings can be shared between different components and between
frontends and backend, without gratuitous punctuation or whitespace
differences.
- There is support for setting a "log level". This is not meant to be
user-facing, but can be used internally to implement debug or
verbose modes.
- Lazy argument evaluation, so no significant overhead if logging at
some level is disabled.
- Some color in the messages, similar to gcc and clang. Set
PG_COLOR=auto to try it out. Some colors are predefined, but can be
customized by setting PG_COLORS.
- Common files (common/, fe_utils/, etc.) can handle logging much more
simply by just using one API without worrying too much about the
context of the calling program, requiring callbacks, or having to
pass "progname" around everywhere.
- Some programs called setvbuf() to make sure that stderr is
unbuffered, even on Windows. But not all programs did that. This
is now done centrally.
Soft goals:
- Reduces vertical space use and visual complexity of error reporting
in the source code.
- Encourages more deliberate classification of messages. For example,
in some cases it wasn't clear without analyzing the surrounding code
whether a message was meant as an error or just an info.
- Concepts and terms are vaguely aligned with popular logging
frameworks such as log4j and Python logging.
This is all just about printing stuff out. Nothing affects program
flow (e.g., fatal exits). The uses are just too varied to do that.
Some existing code had wrappers that do some kind of print-and-exit,
and I adapted those.
I tried to keep the output mostly the same, but there is a lot of
historical baggage to unwind and special cases to consider, and I
might not always have succeeded. One significant change is that
pg_rewind used to write all error messages to stdout. That is now
changed to stderr.
Reviewed-by: Donald Dong <xdong@csumb.edu>
Reviewed-by: Arthur Zakirov <a.zakirov@postgrespro.ru>
Discussion: https://www.postgresql.org/message-id/flat/6a609b43-4f57-7348-6480-bd022f924310@2ndquadrant.com
2019-04-01 14:24:37 +02:00
|
|
|
pg_log_error("too many command-line arguments (first is \"%s\")",
|
|
|
|
argv[optind + 1]);
|
2003-07-23 10:47:41 +02:00
|
|
|
fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
|
2003-03-18 23:19:47 +01:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (newuser == NULL)
|
2012-02-07 13:55:34 +01:00
|
|
|
{
|
|
|
|
if (interactive)
|
Simplify correct use of simple_prompt().
The previous API for this function had it returning a malloc'd string.
That meant that callers had to check for NULL return, which few of them
were doing, and it also meant that callers had to remember to free()
the string later, which required extra logic in most cases.
Instead, make simple_prompt() write into a buffer supplied by the caller.
Anywhere that the maximum required input length is reasonably small,
which is almost all of the callers, we can just use a local or static
array as the buffer instead of dealing with malloc/free.
A fair number of callers used "pointer == NULL" as a proxy for "haven't
requested the password yet". Maintaining the same behavior requires
adding a separate boolean flag for that, which adds back some of the
complexity we save by removing free()s. Nonetheless, this nets out
at a small reduction in overall code size, and considerably less code
than we would have had if we'd added the missing NULL-return checks
everywhere they were needed.
In passing, clean up the API comment for simple_prompt() and get rid
of a very-unnecessary malloc/free in its Windows code path.
This is nominally a bug fix, but it does not seem worth back-patching,
because the actual risk of an OOM failure in any of these places seems
pretty tiny, and all of them are client-side not server-side anyway.
This patch is by me, but it owes a great deal to Michael Paquier
who identified the problem and drafted a patch for fixing it the
other way.
Discussion: <CAB7nPqRu07Ot6iht9i9KRfYLpDaF2ZuUv5y_+72uP23ZAGysRg@mail.gmail.com>
2016-08-30 23:02:02 +02:00
|
|
|
{
|
|
|
|
simple_prompt("Enter name of role to add: ",
|
|
|
|
newuser_buf, sizeof(newuser_buf), true);
|
|
|
|
newuser = newuser_buf;
|
|
|
|
}
|
2012-02-07 13:55:34 +01:00
|
|
|
else
|
|
|
|
{
|
|
|
|
if (getenv("PGUSER"))
|
|
|
|
newuser = getenv("PGUSER");
|
|
|
|
else
|
2013-12-18 18:16:16 +01:00
|
|
|
newuser = get_user_name_or_exit(progname);
|
2012-02-07 13:55:34 +01:00
|
|
|
}
|
|
|
|
}
|
2003-03-18 23:19:47 +01:00
|
|
|
|
|
|
|
if (pwprompt)
|
|
|
|
{
|
Simplify correct use of simple_prompt().
The previous API for this function had it returning a malloc'd string.
That meant that callers had to check for NULL return, which few of them
were doing, and it also meant that callers had to remember to free()
the string later, which required extra logic in most cases.
Instead, make simple_prompt() write into a buffer supplied by the caller.
Anywhere that the maximum required input length is reasonably small,
which is almost all of the callers, we can just use a local or static
array as the buffer instead of dealing with malloc/free.
A fair number of callers used "pointer == NULL" as a proxy for "haven't
requested the password yet". Maintaining the same behavior requires
adding a separate boolean flag for that, which adds back some of the
complexity we save by removing free()s. Nonetheless, this nets out
at a small reduction in overall code size, and considerably less code
than we would have had if we'd added the missing NULL-return checks
everywhere they were needed.
In passing, clean up the API comment for simple_prompt() and get rid
of a very-unnecessary malloc/free in its Windows code path.
This is nominally a bug fix, but it does not seem worth back-patching,
because the actual risk of an OOM failure in any of these places seems
pretty tiny, and all of them are client-side not server-side anyway.
This patch is by me, but it owes a great deal to Michael Paquier
who identified the problem and drafted a patch for fixing it the
other way.
Discussion: <CAB7nPqRu07Ot6iht9i9KRfYLpDaF2ZuUv5y_+72uP23ZAGysRg@mail.gmail.com>
2016-08-30 23:02:02 +02:00
|
|
|
char pw2[100];
|
2003-03-18 23:19:47 +01:00
|
|
|
|
Simplify correct use of simple_prompt().
The previous API for this function had it returning a malloc'd string.
That meant that callers had to check for NULL return, which few of them
were doing, and it also meant that callers had to remember to free()
the string later, which required extra logic in most cases.
Instead, make simple_prompt() write into a buffer supplied by the caller.
Anywhere that the maximum required input length is reasonably small,
which is almost all of the callers, we can just use a local or static
array as the buffer instead of dealing with malloc/free.
A fair number of callers used "pointer == NULL" as a proxy for "haven't
requested the password yet". Maintaining the same behavior requires
adding a separate boolean flag for that, which adds back some of the
complexity we save by removing free()s. Nonetheless, this nets out
at a small reduction in overall code size, and considerably less code
than we would have had if we'd added the missing NULL-return checks
everywhere they were needed.
In passing, clean up the API comment for simple_prompt() and get rid
of a very-unnecessary malloc/free in its Windows code path.
This is nominally a bug fix, but it does not seem worth back-patching,
because the actual risk of an OOM failure in any of these places seems
pretty tiny, and all of them are client-side not server-side anyway.
This patch is by me, but it owes a great deal to Michael Paquier
who identified the problem and drafted a patch for fixing it the
other way.
Discussion: <CAB7nPqRu07Ot6iht9i9KRfYLpDaF2ZuUv5y_+72uP23ZAGysRg@mail.gmail.com>
2016-08-30 23:02:02 +02:00
|
|
|
simple_prompt("Enter password for new role: ",
|
|
|
|
newpassword_buf, sizeof(newpassword_buf), false);
|
|
|
|
simple_prompt("Enter it again: ", pw2, sizeof(pw2), false);
|
|
|
|
if (strcmp(newpassword_buf, pw2) != 0)
|
2003-03-18 23:19:47 +01:00
|
|
|
{
|
|
|
|
fprintf(stderr, _("Passwords didn't match.\n"));
|
|
|
|
exit(1);
|
|
|
|
}
|
Simplify correct use of simple_prompt().
The previous API for this function had it returning a malloc'd string.
That meant that callers had to check for NULL return, which few of them
were doing, and it also meant that callers had to remember to free()
the string later, which required extra logic in most cases.
Instead, make simple_prompt() write into a buffer supplied by the caller.
Anywhere that the maximum required input length is reasonably small,
which is almost all of the callers, we can just use a local or static
array as the buffer instead of dealing with malloc/free.
A fair number of callers used "pointer == NULL" as a proxy for "haven't
requested the password yet". Maintaining the same behavior requires
adding a separate boolean flag for that, which adds back some of the
complexity we save by removing free()s. Nonetheless, this nets out
at a small reduction in overall code size, and considerably less code
than we would have had if we'd added the missing NULL-return checks
everywhere they were needed.
In passing, clean up the API comment for simple_prompt() and get rid
of a very-unnecessary malloc/free in its Windows code path.
This is nominally a bug fix, but it does not seem worth back-patching,
because the actual risk of an OOM failure in any of these places seems
pretty tiny, and all of them are client-side not server-side anyway.
This patch is by me, but it owes a great deal to Michael Paquier
who identified the problem and drafted a patch for fixing it the
other way.
Discussion: <CAB7nPqRu07Ot6iht9i9KRfYLpDaF2ZuUv5y_+72uP23ZAGysRg@mail.gmail.com>
2016-08-30 23:02:02 +02:00
|
|
|
newpassword = newpassword_buf;
|
2003-03-18 23:19:47 +01:00
|
|
|
}
|
|
|
|
|
2005-08-14 22:16:03 +02:00
|
|
|
if (superuser == 0)
|
|
|
|
{
|
2012-02-07 13:55:34 +01:00
|
|
|
if (interactive && yesno_prompt("Shall the new role be a superuser?"))
|
2005-12-12 16:48:04 +01:00
|
|
|
superuser = TRI_YES;
|
2005-08-14 22:16:03 +02:00
|
|
|
else
|
2005-12-12 16:48:04 +01:00
|
|
|
superuser = TRI_NO;
|
2005-08-14 22:16:03 +02:00
|
|
|
}
|
|
|
|
|
2005-12-12 16:48:04 +01:00
|
|
|
if (superuser == TRI_YES)
|
2005-08-14 22:16:03 +02:00
|
|
|
{
|
|
|
|
/* Not much point in trying to restrict a superuser */
|
2005-12-12 16:48:04 +01:00
|
|
|
createdb = TRI_YES;
|
|
|
|
createrole = TRI_YES;
|
2005-08-14 22:16:03 +02:00
|
|
|
}
|
|
|
|
|
2003-03-18 23:19:47 +01:00
|
|
|
if (createdb == 0)
|
|
|
|
{
|
2012-02-07 13:55:34 +01:00
|
|
|
if (interactive && yesno_prompt("Shall the new role be allowed to create databases?"))
|
2005-12-12 16:48:04 +01:00
|
|
|
createdb = TRI_YES;
|
2003-03-18 23:19:47 +01:00
|
|
|
else
|
2005-12-12 16:48:04 +01:00
|
|
|
createdb = TRI_NO;
|
2003-03-18 23:19:47 +01:00
|
|
|
}
|
|
|
|
|
2005-08-14 22:16:03 +02:00
|
|
|
if (createrole == 0)
|
2003-03-18 23:19:47 +01:00
|
|
|
{
|
2012-02-07 13:55:34 +01:00
|
|
|
if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?"))
|
2005-12-12 16:48:04 +01:00
|
|
|
createrole = TRI_YES;
|
2003-03-18 23:19:47 +01:00
|
|
|
else
|
2005-12-12 16:48:04 +01:00
|
|
|
createrole = TRI_NO;
|
2005-08-14 22:16:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (inherit == 0)
|
2005-12-12 16:48:04 +01:00
|
|
|
inherit = TRI_YES;
|
2005-08-14 22:16:03 +02:00
|
|
|
|
|
|
|
if (login == 0)
|
2005-12-12 16:48:04 +01:00
|
|
|
login = TRI_YES;
|
2003-03-18 23:19:47 +01:00
|
|
|
|
2015-12-23 21:45:43 +01:00
|
|
|
conn = connectDatabase("postgres", host, port, username, prompt_password,
|
Empty search_path in Autovacuum and non-psql/pgbench clients.
This makes the client programs behave as documented regardless of the
connect-time search_path and regardless of user-created objects. Today,
a malicious user with CREATE permission on a search_path schema can take
control of certain of these clients' queries and invoke arbitrary SQL
functions under the client identity, often a superuser. This is
exploitable in the default configuration, where all users have CREATE
privilege on schema "public".
This changes behavior of user-defined code stored in the database, like
pg_index.indexprs and pg_extension_config_dump(). If they reach code
bearing unqualified names, "does not exist" or "no schema has been
selected to create in" errors might appear. Users may fix such errors
by schema-qualifying affected names. After upgrading, consider watching
server logs for these errors.
The --table arguments of src/bin/scripts clients have been lax; for
example, "vacuumdb -Zt pg_am\;CHECKPOINT" performed a checkpoint. That
now fails, but for now, "vacuumdb -Zt 'pg_am(amname);CHECKPOINT'" still
performs a checkpoint.
Back-patch to 9.3 (all supported versions).
Reviewed by Tom Lane, though this fix strategy was not his first choice.
Reported by Arseniy Sharoglazov.
Security: CVE-2018-1058
2018-02-26 16:39:44 +01:00
|
|
|
progname, echo, false, false);
|
2006-05-28 23:13:54 +02:00
|
|
|
|
2003-03-18 23:19:47 +01:00
|
|
|
initPQExpBuffer(&sql);
|
|
|
|
|
2005-08-14 22:16:03 +02:00
|
|
|
printfPQExpBuffer(&sql, "CREATE ROLE %s", fmtId(newuser));
|
2003-03-18 23:19:47 +01:00
|
|
|
if (newpassword)
|
|
|
|
{
|
Remove support for password_encryption='off' / 'plain'.
Storing passwords in plaintext hasn't been a good idea for a very long
time, if ever. Now seems like a good time to finally forbid it, since we're
messing with this in PostgreSQL 10 anyway.
Remove the CREATE/ALTER USER UNENCRYPTED PASSSWORD 'foo' syntax, since
storing passwords unencrypted is no longer supported. ENCRYPTED PASSWORD
'foo' is still accepted, but ENCRYPTED is now just a noise-word, it does
the same as just PASSWORD 'foo'.
Likewise, remove the --unencrypted option from createuser, but accept
--encrypted as a no-op for backward compatibility. AFAICS, --encrypted was
a no-op even before this patch, because createuser encrypted the password
before sending it to the server even if --encrypted was not specified. It
added the ENCRYPTED keyword to the SQL command, but since the password was
already in encrypted form, it didn't make any difference. The documentation
was not clear on whether that was intended or not, but it's moot now.
Also, while password_encryption='on' is still accepted as an alias for
'md5', it is now marked as hidden, so that it is not listed as an accepted
value in error hints, for example. That's not directly related to removing
'plain', but it seems better this way.
Reviewed by Michael Paquier
Discussion: https://www.postgresql.org/message-id/16e9b768-fd78-0b12-cfc1-7b6b7f238fde@iki.fi
2017-05-08 10:26:07 +02:00
|
|
|
char *encrypted_password;
|
|
|
|
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " PASSWORD ");
|
2005-12-18 03:17:16 +01:00
|
|
|
|
Remove support for password_encryption='off' / 'plain'.
Storing passwords in plaintext hasn't been a good idea for a very long
time, if ever. Now seems like a good time to finally forbid it, since we're
messing with this in PostgreSQL 10 anyway.
Remove the CREATE/ALTER USER UNENCRYPTED PASSSWORD 'foo' syntax, since
storing passwords unencrypted is no longer supported. ENCRYPTED PASSWORD
'foo' is still accepted, but ENCRYPTED is now just a noise-word, it does
the same as just PASSWORD 'foo'.
Likewise, remove the --unencrypted option from createuser, but accept
--encrypted as a no-op for backward compatibility. AFAICS, --encrypted was
a no-op even before this patch, because createuser encrypted the password
before sending it to the server even if --encrypted was not specified. It
added the ENCRYPTED keyword to the SQL command, but since the password was
already in encrypted form, it didn't make any difference. The documentation
was not clear on whether that was intended or not, but it's moot now.
Also, while password_encryption='on' is still accepted as an alias for
'md5', it is now marked as hidden, so that it is not listed as an accepted
value in error hints, for example. That's not directly related to removing
'plain', but it seems better this way.
Reviewed by Michael Paquier
Discussion: https://www.postgresql.org/message-id/16e9b768-fd78-0b12-cfc1-7b6b7f238fde@iki.fi
2017-05-08 10:26:07 +02:00
|
|
|
encrypted_password = PQencryptPasswordConn(conn,
|
|
|
|
newpassword,
|
|
|
|
newuser,
|
|
|
|
NULL);
|
|
|
|
if (!encrypted_password)
|
2005-12-18 03:17:16 +01:00
|
|
|
{
|
Unified logging system for command-line programs
This unifies the various ad hoc logging (message printing, error
printing) systems used throughout the command-line programs.
Features:
- Program name is automatically prefixed.
- Message string does not end with newline. This removes a common
source of inconsistencies and omissions.
- Additionally, a final newline is automatically stripped, simplifying
use of PQerrorMessage() etc., another common source of mistakes.
- I converted error message strings to use %m where possible.
- As a result of the above several points, more translatable message
strings can be shared between different components and between
frontends and backend, without gratuitous punctuation or whitespace
differences.
- There is support for setting a "log level". This is not meant to be
user-facing, but can be used internally to implement debug or
verbose modes.
- Lazy argument evaluation, so no significant overhead if logging at
some level is disabled.
- Some color in the messages, similar to gcc and clang. Set
PG_COLOR=auto to try it out. Some colors are predefined, but can be
customized by setting PG_COLORS.
- Common files (common/, fe_utils/, etc.) can handle logging much more
simply by just using one API without worrying too much about the
context of the calling program, requiring callbacks, or having to
pass "progname" around everywhere.
- Some programs called setvbuf() to make sure that stderr is
unbuffered, even on Windows. But not all programs did that. This
is now done centrally.
Soft goals:
- Reduces vertical space use and visual complexity of error reporting
in the source code.
- Encourages more deliberate classification of messages. For example,
in some cases it wasn't clear without analyzing the surrounding code
whether a message was meant as an error or just an info.
- Concepts and terms are vaguely aligned with popular logging
frameworks such as log4j and Python logging.
This is all just about printing stuff out. Nothing affects program
flow (e.g., fatal exits). The uses are just too varied to do that.
Some existing code had wrappers that do some kind of print-and-exit,
and I adapted those.
I tried to keep the output mostly the same, but there is a lot of
historical baggage to unwind and special cases to consider, and I
might not always have succeeded. One significant change is that
pg_rewind used to write all error messages to stdout. That is now
changed to stderr.
Reviewed-by: Donald Dong <xdong@csumb.edu>
Reviewed-by: Arthur Zakirov <a.zakirov@postgrespro.ru>
Discussion: https://www.postgresql.org/message-id/flat/6a609b43-4f57-7348-6480-bd022f924310@2ndquadrant.com
2019-04-01 14:24:37 +02:00
|
|
|
pg_log_error("password encryption failed: %s",
|
|
|
|
PQerrorMessage(conn));
|
Remove support for password_encryption='off' / 'plain'.
Storing passwords in plaintext hasn't been a good idea for a very long
time, if ever. Now seems like a good time to finally forbid it, since we're
messing with this in PostgreSQL 10 anyway.
Remove the CREATE/ALTER USER UNENCRYPTED PASSSWORD 'foo' syntax, since
storing passwords unencrypted is no longer supported. ENCRYPTED PASSWORD
'foo' is still accepted, but ENCRYPTED is now just a noise-word, it does
the same as just PASSWORD 'foo'.
Likewise, remove the --unencrypted option from createuser, but accept
--encrypted as a no-op for backward compatibility. AFAICS, --encrypted was
a no-op even before this patch, because createuser encrypted the password
before sending it to the server even if --encrypted was not specified. It
added the ENCRYPTED keyword to the SQL command, but since the password was
already in encrypted form, it didn't make any difference. The documentation
was not clear on whether that was intended or not, but it's moot now.
Also, while password_encryption='on' is still accepted as an alias for
'md5', it is now marked as hidden, so that it is not listed as an accepted
value in error hints, for example. That's not directly related to removing
'plain', but it seems better this way.
Reviewed by Michael Paquier
Discussion: https://www.postgresql.org/message-id/16e9b768-fd78-0b12-cfc1-7b6b7f238fde@iki.fi
2017-05-08 10:26:07 +02:00
|
|
|
exit(1);
|
2005-12-18 03:17:16 +01:00
|
|
|
}
|
Remove support for password_encryption='off' / 'plain'.
Storing passwords in plaintext hasn't been a good idea for a very long
time, if ever. Now seems like a good time to finally forbid it, since we're
messing with this in PostgreSQL 10 anyway.
Remove the CREATE/ALTER USER UNENCRYPTED PASSSWORD 'foo' syntax, since
storing passwords unencrypted is no longer supported. ENCRYPTED PASSWORD
'foo' is still accepted, but ENCRYPTED is now just a noise-word, it does
the same as just PASSWORD 'foo'.
Likewise, remove the --unencrypted option from createuser, but accept
--encrypted as a no-op for backward compatibility. AFAICS, --encrypted was
a no-op even before this patch, because createuser encrypted the password
before sending it to the server even if --encrypted was not specified. It
added the ENCRYPTED keyword to the SQL command, but since the password was
already in encrypted form, it didn't make any difference. The documentation
was not clear on whether that was intended or not, but it's moot now.
Also, while password_encryption='on' is still accepted as an alias for
'md5', it is now marked as hidden, so that it is not listed as an accepted
value in error hints, for example. That's not directly related to removing
'plain', but it seems better this way.
Reviewed by Michael Paquier
Discussion: https://www.postgresql.org/message-id/16e9b768-fd78-0b12-cfc1-7b6b7f238fde@iki.fi
2017-05-08 10:26:07 +02:00
|
|
|
appendStringLiteralConn(&sql, encrypted_password, conn);
|
|
|
|
PQfreemem(encrypted_password);
|
2003-03-18 23:19:47 +01:00
|
|
|
}
|
2005-12-12 16:48:04 +01:00
|
|
|
if (superuser == TRI_YES)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " SUPERUSER");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (superuser == TRI_NO)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " NOSUPERUSER");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (createdb == TRI_YES)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " CREATEDB");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (createdb == TRI_NO)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " NOCREATEDB");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (createrole == TRI_YES)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " CREATEROLE");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (createrole == TRI_NO)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " NOCREATEROLE");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (inherit == TRI_YES)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " INHERIT");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (inherit == TRI_NO)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " NOINHERIT");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (login == TRI_YES)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " LOGIN");
|
2005-12-12 16:48:04 +01:00
|
|
|
if (login == TRI_NO)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " NOLOGIN");
|
2011-09-23 15:25:20 +02:00
|
|
|
if (replication == TRI_YES)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " REPLICATION");
|
2011-09-23 15:25:20 +02:00
|
|
|
if (replication == TRI_NO)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(&sql, " NOREPLICATION");
|
2005-08-14 22:16:03 +02:00
|
|
|
if (conn_limit != NULL)
|
|
|
|
appendPQExpBuffer(&sql, " CONNECTION LIMIT %s", conn_limit);
|
2013-12-11 13:50:36 +01:00
|
|
|
if (roles.head != NULL)
|
|
|
|
{
|
|
|
|
SimpleStringListCell *cell;
|
2014-05-06 18:12:18 +02:00
|
|
|
|
2013-12-11 13:50:36 +01:00
|
|
|
appendPQExpBufferStr(&sql, " IN ROLE ");
|
|
|
|
|
|
|
|
for (cell = roles.head; cell; cell = cell->next)
|
|
|
|
{
|
|
|
|
if (cell->next)
|
|
|
|
appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
|
|
|
|
else
|
2017-08-16 05:34:39 +02:00
|
|
|
appendPQExpBufferStr(&sql, fmtId(cell->val));
|
2013-12-11 13:50:36 +01:00
|
|
|
}
|
|
|
|
}
|
2015-07-02 11:32:48 +02:00
|
|
|
appendPQExpBufferChar(&sql, ';');
|
2003-03-18 23:19:47 +01:00
|
|
|
|
|
|
|
if (echo)
|
2014-02-11 03:47:19 +01:00
|
|
|
printf("%s\n", sql.data);
|
2003-03-18 23:19:47 +01:00
|
|
|
result = PQexec(conn, sql.data);
|
|
|
|
|
|
|
|
if (PQresultStatus(result) != PGRES_COMMAND_OK)
|
|
|
|
{
|
Unified logging system for command-line programs
This unifies the various ad hoc logging (message printing, error
printing) systems used throughout the command-line programs.
Features:
- Program name is automatically prefixed.
- Message string does not end with newline. This removes a common
source of inconsistencies and omissions.
- Additionally, a final newline is automatically stripped, simplifying
use of PQerrorMessage() etc., another common source of mistakes.
- I converted error message strings to use %m where possible.
- As a result of the above several points, more translatable message
strings can be shared between different components and between
frontends and backend, without gratuitous punctuation or whitespace
differences.
- There is support for setting a "log level". This is not meant to be
user-facing, but can be used internally to implement debug or
verbose modes.
- Lazy argument evaluation, so no significant overhead if logging at
some level is disabled.
- Some color in the messages, similar to gcc and clang. Set
PG_COLOR=auto to try it out. Some colors are predefined, but can be
customized by setting PG_COLORS.
- Common files (common/, fe_utils/, etc.) can handle logging much more
simply by just using one API without worrying too much about the
context of the calling program, requiring callbacks, or having to
pass "progname" around everywhere.
- Some programs called setvbuf() to make sure that stderr is
unbuffered, even on Windows. But not all programs did that. This
is now done centrally.
Soft goals:
- Reduces vertical space use and visual complexity of error reporting
in the source code.
- Encourages more deliberate classification of messages. For example,
in some cases it wasn't clear without analyzing the surrounding code
whether a message was meant as an error or just an info.
- Concepts and terms are vaguely aligned with popular logging
frameworks such as log4j and Python logging.
This is all just about printing stuff out. Nothing affects program
flow (e.g., fatal exits). The uses are just too varied to do that.
Some existing code had wrappers that do some kind of print-and-exit,
and I adapted those.
I tried to keep the output mostly the same, but there is a lot of
historical baggage to unwind and special cases to consider, and I
might not always have succeeded. One significant change is that
pg_rewind used to write all error messages to stdout. That is now
changed to stderr.
Reviewed-by: Donald Dong <xdong@csumb.edu>
Reviewed-by: Arthur Zakirov <a.zakirov@postgrespro.ru>
Discussion: https://www.postgresql.org/message-id/flat/6a609b43-4f57-7348-6480-bd022f924310@2ndquadrant.com
2019-04-01 14:24:37 +02:00
|
|
|
pg_log_error("creation of new role failed: %s", PQerrorMessage(conn));
|
2003-03-18 23:19:47 +01:00
|
|
|
PQfinish(conn);
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
2006-05-29 21:52:46 +02:00
|
|
|
PQclear(result);
|
2003-03-18 23:19:47 +01:00
|
|
|
PQfinish(conn);
|
|
|
|
exit(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
help(const char *progname)
|
|
|
|
{
|
2005-08-14 22:16:03 +02:00
|
|
|
printf(_("%s creates a new PostgreSQL role.\n\n"), progname);
|
2003-03-18 23:19:47 +01:00
|
|
|
printf(_("Usage:\n"));
|
2005-09-30 09:58:01 +02:00
|
|
|
printf(_(" %s [OPTION]... [ROLENAME]\n"), progname);
|
2003-03-18 23:19:47 +01:00
|
|
|
printf(_("\nOptions:\n"));
|
2009-02-25 14:03:07 +01:00
|
|
|
printf(_(" -c, --connection-limit=N connection limit for role (default: no limit)\n"));
|
2005-08-14 22:16:03 +02:00
|
|
|
printf(_(" -d, --createdb role can create new databases\n"));
|
2012-02-07 13:55:34 +01:00
|
|
|
printf(_(" -D, --no-createdb role cannot create databases (default)\n"));
|
2009-02-25 14:03:07 +01:00
|
|
|
printf(_(" -e, --echo show the commands being sent to the server\n"));
|
2013-12-11 13:50:36 +01:00
|
|
|
printf(_(" -g, --role=ROLE new role will be a member of this role\n"));
|
2005-09-30 09:58:01 +02:00
|
|
|
printf(_(" -i, --inherit role inherits privileges of roles it is a\n"
|
2005-10-15 04:49:52 +02:00
|
|
|
" member of (default)\n"));
|
2005-09-30 09:58:01 +02:00
|
|
|
printf(_(" -I, --no-inherit role does not inherit privileges\n"));
|
2009-02-25 14:03:07 +01:00
|
|
|
printf(_(" -l, --login role can login (default)\n"));
|
|
|
|
printf(_(" -L, --no-login role cannot login\n"));
|
|
|
|
printf(_(" -P, --pwprompt assign a password to new role\n"));
|
|
|
|
printf(_(" -r, --createrole role can create new roles\n"));
|
2012-02-07 13:55:34 +01:00
|
|
|
printf(_(" -R, --no-createrole role cannot create roles (default)\n"));
|
2009-02-25 14:03:07 +01:00
|
|
|
printf(_(" -s, --superuser role will be superuser\n"));
|
2012-02-07 13:55:34 +01:00
|
|
|
printf(_(" -S, --no-superuser role will not be superuser (default)\n"));
|
2012-06-18 01:44:00 +02:00
|
|
|
printf(_(" -V, --version output version information, then exit\n"));
|
2012-02-07 13:55:34 +01:00
|
|
|
printf(_(" --interactive prompt for missing role name and attributes rather\n"
|
|
|
|
" than using defaults\n"));
|
2011-09-23 15:25:20 +02:00
|
|
|
printf(_(" --replication role can initiate replication\n"));
|
|
|
|
printf(_(" --no-replication role cannot initiate replication\n"));
|
2012-06-18 01:44:00 +02:00
|
|
|
printf(_(" -?, --help show this help, then exit\n"));
|
2003-03-18 23:19:47 +01:00
|
|
|
printf(_("\nConnection options:\n"));
|
2003-06-11 07:13:12 +02:00
|
|
|
printf(_(" -h, --host=HOSTNAME database server host or socket directory\n"));
|
2003-03-18 23:19:47 +01:00
|
|
|
printf(_(" -p, --port=PORT database server port\n"));
|
|
|
|
printf(_(" -U, --username=USERNAME user name to connect as (not the one to create)\n"));
|
2009-02-26 17:02:39 +01:00
|
|
|
printf(_(" -w, --no-password never prompt for password\n"));
|
2007-12-11 20:57:32 +01:00
|
|
|
printf(_(" -W, --password force password prompt\n"));
|
2019-01-19 19:06:35 +01:00
|
|
|
printf(_("\nReport bugs to <pgsql-bugs@lists.postgresql.org>.\n"));
|
2003-03-18 23:19:47 +01:00
|
|
|
}
|