summaryrefslogtreecommitdiffstats
path: root/src/bin/scripts/createuser.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 12:15:05 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 12:15:05 +0000
commit46651ce6fe013220ed397add242004d764fc0153 (patch)
tree6e5299f990f88e60174a1d3ae6e48eedd2688b2b /src/bin/scripts/createuser.c
parentInitial commit. (diff)
downloadpostgresql-14-upstream.tar.xz
postgresql-14-upstream.zip
Adding upstream version 14.5.upstream/14.5upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/bin/scripts/createuser.c')
-rw-r--r--src/bin/scripts/createuser.c383
1 files changed, 383 insertions, 0 deletions
diff --git a/src/bin/scripts/createuser.c b/src/bin/scripts/createuser.c
new file mode 100644
index 0000000..ef7e0e5
--- /dev/null
+++ b/src/bin/scripts/createuser.c
@@ -0,0 +1,383 @@
+/*-------------------------------------------------------------------------
+ *
+ * createuser
+ *
+ * Portions Copyright (c) 1996-2021, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1994, Regents of the University of California
+ *
+ * src/bin/scripts/createuser.c
+ *
+ *-------------------------------------------------------------------------
+ */
+
+#include "postgres_fe.h"
+#include "common.h"
+#include "common/logging.h"
+#include "common/string.h"
+#include "fe_utils/option_utils.h"
+#include "fe_utils/simple_list.h"
+#include "fe_utils/string_utils.h"
+
+
+static void help(const char *progname);
+
+int
+main(int argc, char *argv[])
+{
+ static struct option long_options[] = {
+ {"host", required_argument, NULL, 'h'},
+ {"port", required_argument, NULL, 'p'},
+ {"username", required_argument, NULL, 'U'},
+ {"role", required_argument, NULL, 'g'},
+ {"no-password", no_argument, NULL, 'w'},
+ {"password", no_argument, NULL, 'W'},
+ {"echo", no_argument, NULL, 'e'},
+ {"createdb", no_argument, NULL, 'd'},
+ {"no-createdb", no_argument, NULL, 'D'},
+ {"superuser", no_argument, NULL, 's'},
+ {"no-superuser", no_argument, NULL, 'S'},
+ {"createrole", no_argument, NULL, 'r'},
+ {"no-createrole", no_argument, NULL, 'R'},
+ {"inherit", no_argument, NULL, 'i'},
+ {"no-inherit", no_argument, NULL, 'I'},
+ {"login", no_argument, NULL, 'l'},
+ {"no-login", no_argument, NULL, 'L'},
+ {"replication", no_argument, NULL, 1},
+ {"no-replication", no_argument, NULL, 2},
+ {"interactive", no_argument, NULL, 3},
+ {"connection-limit", required_argument, NULL, 'c'},
+ {"pwprompt", no_argument, NULL, 'P'},
+ {"encrypted", no_argument, NULL, 'E'},
+ {NULL, 0, NULL, 0}
+ };
+
+ const char *progname;
+ int optindex;
+ int c;
+ const char *newuser = NULL;
+ char *host = NULL;
+ char *port = NULL;
+ char *username = NULL;
+ SimpleStringList roles = {NULL, NULL};
+ enum trivalue prompt_password = TRI_DEFAULT;
+ ConnParams cparams;
+ bool echo = false;
+ bool interactive = false;
+ int conn_limit = -2; /* less than minimum valid value */
+ bool pwprompt = false;
+ char *newpassword = NULL;
+
+ /* Tri-valued variables. */
+ enum trivalue createdb = TRI_DEFAULT,
+ superuser = TRI_DEFAULT,
+ createrole = TRI_DEFAULT,
+ inherit = TRI_DEFAULT,
+ login = TRI_DEFAULT,
+ replication = TRI_DEFAULT;
+
+ PQExpBufferData sql;
+
+ PGconn *conn;
+ PGresult *result;
+
+ pg_logging_init(argv[0]);
+ progname = get_progname(argv[0]);
+ set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pgscripts"));
+
+ handle_help_version_opts(argc, argv, "createuser", help);
+
+ while ((c = getopt_long(argc, argv, "h:p:U:g:wWedDsSrRiIlLc:PE",
+ long_options, &optindex)) != -1)
+ {
+ char *endptr;
+
+ switch (c)
+ {
+ case 'h':
+ host = pg_strdup(optarg);
+ break;
+ case 'p':
+ port = pg_strdup(optarg);
+ break;
+ case 'U':
+ username = pg_strdup(optarg);
+ break;
+ case 'g':
+ simple_string_list_append(&roles, optarg);
+ break;
+ case 'w':
+ prompt_password = TRI_NO;
+ break;
+ case 'W':
+ prompt_password = TRI_YES;
+ break;
+ case 'e':
+ echo = true;
+ break;
+ case 'd':
+ createdb = TRI_YES;
+ break;
+ case 'D':
+ createdb = TRI_NO;
+ break;
+ case 's':
+ superuser = TRI_YES;
+ break;
+ case 'S':
+ superuser = TRI_NO;
+ break;
+ case 'r':
+ createrole = TRI_YES;
+ break;
+ case 'R':
+ createrole = TRI_NO;
+ break;
+ case 'i':
+ inherit = TRI_YES;
+ break;
+ case 'I':
+ inherit = TRI_NO;
+ break;
+ case 'l':
+ login = TRI_YES;
+ break;
+ case 'L':
+ login = TRI_NO;
+ break;
+ case 'c':
+ conn_limit = strtol(optarg, &endptr, 10);
+ if (*endptr != '\0' || conn_limit < -1) /* minimum valid value */
+ {
+ pg_log_error("invalid value for --connection-limit: %s",
+ optarg);
+ exit(1);
+ }
+ break;
+ case 'P':
+ pwprompt = true;
+ break;
+ case 'E':
+ /* no-op, accepted for backward compatibility */
+ break;
+ case 1:
+ replication = TRI_YES;
+ break;
+ case 2:
+ replication = TRI_NO;
+ break;
+ case 3:
+ interactive = true;
+ break;
+ default:
+ fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
+ exit(1);
+ }
+ }
+
+ switch (argc - optind)
+ {
+ case 0:
+ break;
+ case 1:
+ newuser = argv[optind];
+ break;
+ default:
+ pg_log_error("too many command-line arguments (first is \"%s\")",
+ argv[optind + 1]);
+ fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
+ exit(1);
+ }
+
+ if (newuser == NULL)
+ {
+ if (interactive)
+ {
+ newuser = simple_prompt("Enter name of role to add: ", true);
+ }
+ else
+ {
+ if (getenv("PGUSER"))
+ newuser = getenv("PGUSER");
+ else
+ newuser = get_user_name_or_exit(progname);
+ }
+ }
+
+ if (pwprompt)
+ {
+ char *pw2;
+
+ newpassword = simple_prompt("Enter password for new role: ", false);
+ pw2 = simple_prompt("Enter it again: ", false);
+ if (strcmp(newpassword, pw2) != 0)
+ {
+ fprintf(stderr, _("Passwords didn't match.\n"));
+ exit(1);
+ }
+ free(pw2);
+ }
+
+ if (superuser == 0)
+ {
+ if (interactive && yesno_prompt("Shall the new role be a superuser?"))
+ superuser = TRI_YES;
+ else
+ superuser = TRI_NO;
+ }
+
+ if (superuser == TRI_YES)
+ {
+ /* Not much point in trying to restrict a superuser */
+ createdb = TRI_YES;
+ createrole = TRI_YES;
+ }
+
+ if (createdb == 0)
+ {
+ if (interactive && yesno_prompt("Shall the new role be allowed to create databases?"))
+ createdb = TRI_YES;
+ else
+ createdb = TRI_NO;
+ }
+
+ if (createrole == 0)
+ {
+ if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?"))
+ createrole = TRI_YES;
+ else
+ createrole = TRI_NO;
+ }
+
+ if (inherit == 0)
+ inherit = TRI_YES;
+
+ if (login == 0)
+ login = TRI_YES;
+
+ cparams.dbname = NULL; /* this program lacks any dbname option... */
+ cparams.pghost = host;
+ cparams.pgport = port;
+ cparams.pguser = username;
+ cparams.prompt_password = prompt_password;
+ cparams.override_dbname = NULL;
+
+ conn = connectMaintenanceDatabase(&cparams, progname, echo);
+
+ initPQExpBuffer(&sql);
+
+ printfPQExpBuffer(&sql, "CREATE ROLE %s", fmtId(newuser));
+ if (newpassword)
+ {
+ char *encrypted_password;
+
+ appendPQExpBufferStr(&sql, " PASSWORD ");
+
+ encrypted_password = PQencryptPasswordConn(conn,
+ newpassword,
+ newuser,
+ NULL);
+ if (!encrypted_password)
+ {
+ pg_log_error("password encryption failed: %s",
+ PQerrorMessage(conn));
+ exit(1);
+ }
+ appendStringLiteralConn(&sql, encrypted_password, conn);
+ PQfreemem(encrypted_password);
+ }
+ if (superuser == TRI_YES)
+ appendPQExpBufferStr(&sql, " SUPERUSER");
+ if (superuser == TRI_NO)
+ appendPQExpBufferStr(&sql, " NOSUPERUSER");
+ if (createdb == TRI_YES)
+ appendPQExpBufferStr(&sql, " CREATEDB");
+ if (createdb == TRI_NO)
+ appendPQExpBufferStr(&sql, " NOCREATEDB");
+ if (createrole == TRI_YES)
+ appendPQExpBufferStr(&sql, " CREATEROLE");
+ if (createrole == TRI_NO)
+ appendPQExpBufferStr(&sql, " NOCREATEROLE");
+ if (inherit == TRI_YES)
+ appendPQExpBufferStr(&sql, " INHERIT");
+ if (inherit == TRI_NO)
+ appendPQExpBufferStr(&sql, " NOINHERIT");
+ if (login == TRI_YES)
+ appendPQExpBufferStr(&sql, " LOGIN");
+ if (login == TRI_NO)
+ appendPQExpBufferStr(&sql, " NOLOGIN");
+ if (replication == TRI_YES)
+ appendPQExpBufferStr(&sql, " REPLICATION");
+ if (replication == TRI_NO)
+ appendPQExpBufferStr(&sql, " NOREPLICATION");
+ if (conn_limit >= -1)
+ appendPQExpBuffer(&sql, " CONNECTION LIMIT %d", conn_limit);
+ if (roles.head != NULL)
+ {
+ SimpleStringListCell *cell;
+
+ appendPQExpBufferStr(&sql, " IN ROLE ");
+
+ for (cell = roles.head; cell; cell = cell->next)
+ {
+ if (cell->next)
+ appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
+ else
+ appendPQExpBufferStr(&sql, fmtId(cell->val));
+ }
+ }
+ appendPQExpBufferChar(&sql, ';');
+
+ if (echo)
+ printf("%s\n", sql.data);
+ result = PQexec(conn, sql.data);
+
+ if (PQresultStatus(result) != PGRES_COMMAND_OK)
+ {
+ pg_log_error("creation of new role failed: %s", PQerrorMessage(conn));
+ PQfinish(conn);
+ exit(1);
+ }
+
+ PQclear(result);
+ PQfinish(conn);
+ exit(0);
+}
+
+
+static void
+help(const char *progname)
+{
+ printf(_("%s creates a new PostgreSQL role.\n\n"), progname);
+ printf(_("Usage:\n"));
+ printf(_(" %s [OPTION]... [ROLENAME]\n"), progname);
+ printf(_("\nOptions:\n"));
+ printf(_(" -c, --connection-limit=N connection limit for role (default: no limit)\n"));
+ printf(_(" -d, --createdb role can create new databases\n"));
+ printf(_(" -D, --no-createdb role cannot create databases (default)\n"));
+ printf(_(" -e, --echo show the commands being sent to the server\n"));
+ printf(_(" -g, --role=ROLE new role will be a member of this role\n"));
+ printf(_(" -i, --inherit role inherits privileges of roles it is a\n"
+ " member of (default)\n"));
+ printf(_(" -I, --no-inherit role does not inherit privileges\n"));
+ printf(_(" -l, --login role can login (default)\n"));
+ printf(_(" -L, --no-login role cannot login\n"));
+ printf(_(" -P, --pwprompt assign a password to new role\n"));
+ printf(_(" -r, --createrole role can create new roles\n"));
+ printf(_(" -R, --no-createrole role cannot create roles (default)\n"));
+ printf(_(" -s, --superuser role will be superuser\n"));
+ printf(_(" -S, --no-superuser role will not be superuser (default)\n"));
+ printf(_(" -V, --version output version information, then exit\n"));
+ printf(_(" --interactive prompt for missing role name and attributes rather\n"
+ " than using defaults\n"));
+ printf(_(" --replication role can initiate replication\n"));
+ printf(_(" --no-replication role cannot initiate replication\n"));
+ printf(_(" -?, --help show this help, then exit\n"));
+ printf(_("\nConnection options:\n"));
+ printf(_(" -h, --host=HOSTNAME database server host or socket directory\n"));
+ printf(_(" -p, --port=PORT database server port\n"));
+ printf(_(" -U, --username=USERNAME user name to connect as (not the one to create)\n"));
+ printf(_(" -w, --no-password never prompt for password\n"));
+ printf(_(" -W, --password force password prompt\n"));
+ printf(_("\nReport bugs to <%s>.\n"), PACKAGE_BUGREPORT);
+ printf(_("%s home page: <%s>\n"), PACKAGE_NAME, PACKAGE_URL);
+}