From 98b3c3c450b9c3133f28375dc15c9c9b9bedd820 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Fri, 23 Dec 2005 16:46:39 +0000 Subject: [PATCH] Allow CREATE/ALTER ROLE PASSWORD NULL to allow restoring the default state of having no password. --- doc/src/sgml/ref/create_role.sgml | 13 ++++++++----- src/backend/commands/user.c | 15 +++++++++++---- src/backend/parser/gram.y | 6 +++++- 3 files changed, 24 insertions(+), 10 deletions(-) diff --git a/doc/src/sgml/ref/create_role.sgml b/doc/src/sgml/ref/create_role.sgml index 9af33ce212..60dce9b298 100644 --- a/doc/src/sgml/ref/create_role.sgml +++ b/doc/src/sgml/ref/create_role.sgml @@ -1,5 +1,5 @@ @@ -188,10 +188,13 @@ where option can be: Sets the role's password. (A password is only of use for - roles having the LOGIN attribute, but you can - nonetheless define one for roles without it.) - If you do not plan to use password - authentication you can omit this option. + roles having the LOGIN attribute, but you + can nonetheless define one for roles without it.) If you do + not plan to use password authentication you can omit this + option. If no password is specified, the password will be set + to null and password authentication will always fail for that + user. A null password can optionally be written explicitly as + PASSWORD NULL. diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index 381ebe24ad..0ffcc21501 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -6,7 +6,7 @@ * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.166 2005/11/22 18:17:09 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.167 2005/12/23 16:46:39 petere Exp $ * *------------------------------------------------------------------------- */ @@ -225,7 +225,7 @@ CreateRole(CreateRoleStmt *stmt) defel->defname); } - if (dpassword) + if (dpassword && dpassword->arg) password = strVal(dpassword->arg); if (dissuper) issuper = intVal(dissuper->arg) != 0; @@ -517,7 +517,7 @@ AlterRole(AlterRoleStmt *stmt) defel->defname); } - if (dpassword) + if (dpassword && dpassword->arg) password = strVal(dpassword->arg); if (dissuper) issuper = intVal(dissuper->arg); @@ -573,7 +573,7 @@ AlterRole(AlterRoleStmt *stmt) !dconnlimit && !rolemembers && !validUntil && - password && + dpassword && roleid == GetUserId())) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), @@ -651,6 +651,13 @@ AlterRole(AlterRoleStmt *stmt) new_record_repl[Anum_pg_authid_rolpassword - 1] = 'r'; } + /* unset password */ + if (dpassword && dpassword->arg == NULL) + { + new_record_repl[Anum_pg_authid_rolpassword - 1] = 'r'; + new_record_nulls[Anum_pg_authid_rolpassword - 1] = 'n'; + } + /* valid until */ if (validUntil) { diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index 16fdde7b9b..4a006bd169 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.517 2005/12/11 10:54:27 neilc Exp $ + * $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.518 2005/12/23 16:46:39 petere Exp $ * * HISTORY * AUTHOR DATE MAJOR EVENT @@ -616,6 +616,10 @@ OptRoleElem: $$ = makeDefElem("password", (Node *)makeString($2)); } + | PASSWORD NULL_P + { + $$ = makeDefElem("password", NULL); + } | ENCRYPTED PASSWORD Sconst { $$ = makeDefElem("encryptedPassword",