mirror of
https://github.com/zebrajr/postgres.git
synced 2025-12-07 12:20:31 +01:00
3e98c8ce50
This commit adds fmtIdEnc() and fmtQualifiedIdEnc(), which allow to specify the encoding as an explicit argument. Additionally setFmtEncoding() is provided, which defines the encoding when no explicit encoding is provided, to avoid breaking all code using fmtId(). All users of fmtId()/fmtQualifiedId() are either converted to the explicit version or a call to setFmtEncoding() has been added. This commit does not yet utilize the now well-defined encoding, that will happen in a subsequent commit. Reviewed-by: Noah Misch <noah@leadboat.com> Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us> Backpatch-through: 13 Security: CVE-2025-1094
459 lines
12 KiB
C
459 lines
12 KiB
C
/*-------------------------------------------------------------------------
|
|
*
|
|
* createuser
|
|
*
|
|
* Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
*
|
|
* src/bin/scripts/createuser.c
|
|
*
|
|
*-------------------------------------------------------------------------
|
|
*/
|
|
|
|
#include "postgres_fe.h"
|
|
|
|
#include <limits.h>
|
|
|
|
#include "common.h"
|
|
#include "common/logging.h"
|
|
#include "common/string.h"
|
|
#include "fe_utils/option_utils.h"
|
|
#include "fe_utils/simple_list.h"
|
|
#include "fe_utils/string_utils.h"
|
|
|
|
|
|
static void help(const char *progname);
|
|
|
|
int
|
|
main(int argc, char *argv[])
|
|
{
|
|
static struct option long_options[] = {
|
|
{"with-admin", required_argument, NULL, 'a'},
|
|
{"connection-limit", required_argument, NULL, 'c'},
|
|
{"createdb", no_argument, NULL, 'd'},
|
|
{"no-createdb", no_argument, NULL, 'D'},
|
|
{"echo", no_argument, NULL, 'e'},
|
|
{"encrypted", no_argument, NULL, 'E'},
|
|
{"role", required_argument, NULL, 'g'},
|
|
{"member-of", required_argument, NULL, 'g'},
|
|
{"host", required_argument, NULL, 'h'},
|
|
{"inherit", no_argument, NULL, 'i'},
|
|
{"no-inherit", no_argument, NULL, 'I'},
|
|
{"login", no_argument, NULL, 'l'},
|
|
{"no-login", no_argument, NULL, 'L'},
|
|
{"with-member", required_argument, NULL, 'm'},
|
|
{"port", required_argument, NULL, 'p'},
|
|
{"pwprompt", no_argument, NULL, 'P'},
|
|
{"createrole", no_argument, NULL, 'r'},
|
|
{"no-createrole", no_argument, NULL, 'R'},
|
|
{"superuser", no_argument, NULL, 's'},
|
|
{"no-superuser", no_argument, NULL, 'S'},
|
|
{"username", required_argument, NULL, 'U'},
|
|
{"valid-until", required_argument, NULL, 'v'},
|
|
{"no-password", no_argument, NULL, 'w'},
|
|
{"password", no_argument, NULL, 'W'},
|
|
{"replication", no_argument, NULL, 1},
|
|
{"no-replication", no_argument, NULL, 2},
|
|
{"interactive", no_argument, NULL, 3},
|
|
{"bypassrls", no_argument, NULL, 4},
|
|
{"no-bypassrls", no_argument, NULL, 5},
|
|
{NULL, 0, NULL, 0}
|
|
};
|
|
|
|
const char *progname;
|
|
int optindex;
|
|
int c;
|
|
const char *newuser = NULL;
|
|
char *host = NULL;
|
|
char *port = NULL;
|
|
char *username = NULL;
|
|
SimpleStringList roles = {NULL, NULL};
|
|
SimpleStringList members = {NULL, NULL};
|
|
SimpleStringList admins = {NULL, NULL};
|
|
enum trivalue prompt_password = TRI_DEFAULT;
|
|
ConnParams cparams;
|
|
bool echo = false;
|
|
bool interactive = false;
|
|
int conn_limit = -2; /* less than minimum valid value */
|
|
bool pwprompt = false;
|
|
char *newpassword = NULL;
|
|
char *pwexpiry = NULL;
|
|
|
|
/* Tri-valued variables. */
|
|
enum trivalue createdb = TRI_DEFAULT,
|
|
superuser = TRI_DEFAULT,
|
|
createrole = TRI_DEFAULT,
|
|
inherit = TRI_DEFAULT,
|
|
login = TRI_DEFAULT,
|
|
replication = TRI_DEFAULT,
|
|
bypassrls = TRI_DEFAULT;
|
|
|
|
PQExpBufferData sql;
|
|
|
|
PGconn *conn;
|
|
PGresult *result;
|
|
|
|
pg_logging_init(argv[0]);
|
|
progname = get_progname(argv[0]);
|
|
set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pgscripts"));
|
|
|
|
handle_help_version_opts(argc, argv, "createuser", help);
|
|
|
|
while ((c = getopt_long(argc, argv, "a:c:dDeEg:h:iIlLm:p:PrRsSU:v:wW",
|
|
long_options, &optindex)) != -1)
|
|
{
|
|
switch (c)
|
|
{
|
|
case 'a':
|
|
simple_string_list_append(&admins, optarg);
|
|
break;
|
|
case 'c':
|
|
if (!option_parse_int(optarg, "-c/--connection-limit",
|
|
-1, INT_MAX, &conn_limit))
|
|
exit(1);
|
|
break;
|
|
case 'd':
|
|
createdb = TRI_YES;
|
|
break;
|
|
case 'D':
|
|
createdb = TRI_NO;
|
|
break;
|
|
case 'e':
|
|
echo = true;
|
|
break;
|
|
case 'E':
|
|
/* no-op, accepted for backward compatibility */
|
|
break;
|
|
case 'g':
|
|
simple_string_list_append(&roles, optarg);
|
|
break;
|
|
case 'h':
|
|
host = pg_strdup(optarg);
|
|
break;
|
|
case 'i':
|
|
inherit = TRI_YES;
|
|
break;
|
|
case 'I':
|
|
inherit = TRI_NO;
|
|
break;
|
|
case 'l':
|
|
login = TRI_YES;
|
|
break;
|
|
case 'L':
|
|
login = TRI_NO;
|
|
break;
|
|
case 'm':
|
|
simple_string_list_append(&members, optarg);
|
|
break;
|
|
case 'p':
|
|
port = pg_strdup(optarg);
|
|
break;
|
|
case 'P':
|
|
pwprompt = true;
|
|
break;
|
|
case 'r':
|
|
createrole = TRI_YES;
|
|
break;
|
|
case 'R':
|
|
createrole = TRI_NO;
|
|
break;
|
|
case 's':
|
|
superuser = TRI_YES;
|
|
break;
|
|
case 'S':
|
|
superuser = TRI_NO;
|
|
break;
|
|
case 'U':
|
|
username = pg_strdup(optarg);
|
|
break;
|
|
case 'v':
|
|
pwexpiry = pg_strdup(optarg);
|
|
break;
|
|
case 'w':
|
|
prompt_password = TRI_NO;
|
|
break;
|
|
case 'W':
|
|
prompt_password = TRI_YES;
|
|
break;
|
|
case 1:
|
|
replication = TRI_YES;
|
|
break;
|
|
case 2:
|
|
replication = TRI_NO;
|
|
break;
|
|
case 3:
|
|
interactive = true;
|
|
break;
|
|
case 4:
|
|
bypassrls = TRI_YES;
|
|
break;
|
|
case 5:
|
|
bypassrls = TRI_NO;
|
|
break;
|
|
default:
|
|
/* getopt_long already emitted a complaint */
|
|
pg_log_error_hint("Try \"%s --help\" for more information.", progname);
|
|
exit(1);
|
|
}
|
|
}
|
|
|
|
switch (argc - optind)
|
|
{
|
|
case 0:
|
|
break;
|
|
case 1:
|
|
newuser = argv[optind];
|
|
break;
|
|
default:
|
|
pg_log_error("too many command-line arguments (first is \"%s\")",
|
|
argv[optind + 1]);
|
|
pg_log_error_hint("Try \"%s --help\" for more information.", progname);
|
|
exit(1);
|
|
}
|
|
|
|
if (newuser == NULL)
|
|
{
|
|
if (interactive)
|
|
{
|
|
newuser = simple_prompt("Enter name of role to add: ", true);
|
|
}
|
|
else
|
|
{
|
|
if (getenv("PGUSER"))
|
|
newuser = getenv("PGUSER");
|
|
else
|
|
newuser = get_user_name_or_exit(progname);
|
|
}
|
|
}
|
|
|
|
if (pwprompt)
|
|
{
|
|
char *pw2;
|
|
|
|
newpassword = simple_prompt("Enter password for new role: ", false);
|
|
pw2 = simple_prompt("Enter it again: ", false);
|
|
if (strcmp(newpassword, pw2) != 0)
|
|
{
|
|
fprintf(stderr, _("Passwords didn't match.\n"));
|
|
exit(1);
|
|
}
|
|
free(pw2);
|
|
}
|
|
|
|
if (superuser == TRI_DEFAULT)
|
|
{
|
|
if (interactive && yesno_prompt("Shall the new role be a superuser?"))
|
|
superuser = TRI_YES;
|
|
else
|
|
superuser = TRI_NO;
|
|
}
|
|
|
|
if (superuser == TRI_YES)
|
|
{
|
|
/* Not much point in trying to restrict a superuser */
|
|
createdb = TRI_YES;
|
|
createrole = TRI_YES;
|
|
}
|
|
|
|
if (createdb == TRI_DEFAULT)
|
|
{
|
|
if (interactive && yesno_prompt("Shall the new role be allowed to create databases?"))
|
|
createdb = TRI_YES;
|
|
else
|
|
createdb = TRI_NO;
|
|
}
|
|
|
|
if (createrole == TRI_DEFAULT)
|
|
{
|
|
if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?"))
|
|
createrole = TRI_YES;
|
|
else
|
|
createrole = TRI_NO;
|
|
}
|
|
|
|
if (bypassrls == TRI_DEFAULT)
|
|
bypassrls = TRI_NO;
|
|
|
|
if (replication == TRI_DEFAULT)
|
|
replication = TRI_NO;
|
|
|
|
if (inherit == TRI_DEFAULT)
|
|
inherit = TRI_YES;
|
|
|
|
if (login == TRI_DEFAULT)
|
|
login = TRI_YES;
|
|
|
|
cparams.dbname = NULL; /* this program lacks any dbname option... */
|
|
cparams.pghost = host;
|
|
cparams.pgport = port;
|
|
cparams.pguser = username;
|
|
cparams.prompt_password = prompt_password;
|
|
cparams.override_dbname = NULL;
|
|
|
|
conn = connectMaintenanceDatabase(&cparams, progname, echo);
|
|
|
|
setFmtEncoding(PQclientEncoding(conn));
|
|
|
|
initPQExpBuffer(&sql);
|
|
|
|
printfPQExpBuffer(&sql, "CREATE ROLE %s", fmtId(newuser));
|
|
if (newpassword)
|
|
{
|
|
char *encrypted_password;
|
|
|
|
appendPQExpBufferStr(&sql, " PASSWORD ");
|
|
|
|
encrypted_password = PQencryptPasswordConn(conn,
|
|
newpassword,
|
|
newuser,
|
|
NULL);
|
|
if (!encrypted_password)
|
|
pg_fatal("password encryption failed: %s",
|
|
PQerrorMessage(conn));
|
|
appendStringLiteralConn(&sql, encrypted_password, conn);
|
|
PQfreemem(encrypted_password);
|
|
}
|
|
if (superuser == TRI_YES)
|
|
appendPQExpBufferStr(&sql, " SUPERUSER");
|
|
if (superuser == TRI_NO)
|
|
appendPQExpBufferStr(&sql, " NOSUPERUSER");
|
|
if (createdb == TRI_YES)
|
|
appendPQExpBufferStr(&sql, " CREATEDB");
|
|
if (createdb == TRI_NO)
|
|
appendPQExpBufferStr(&sql, " NOCREATEDB");
|
|
if (createrole == TRI_YES)
|
|
appendPQExpBufferStr(&sql, " CREATEROLE");
|
|
if (createrole == TRI_NO)
|
|
appendPQExpBufferStr(&sql, " NOCREATEROLE");
|
|
if (inherit == TRI_YES)
|
|
appendPQExpBufferStr(&sql, " INHERIT");
|
|
if (inherit == TRI_NO)
|
|
appendPQExpBufferStr(&sql, " NOINHERIT");
|
|
if (login == TRI_YES)
|
|
appendPQExpBufferStr(&sql, " LOGIN");
|
|
if (login == TRI_NO)
|
|
appendPQExpBufferStr(&sql, " NOLOGIN");
|
|
if (replication == TRI_YES)
|
|
appendPQExpBufferStr(&sql, " REPLICATION");
|
|
if (replication == TRI_NO)
|
|
appendPQExpBufferStr(&sql, " NOREPLICATION");
|
|
if (bypassrls == TRI_YES)
|
|
appendPQExpBufferStr(&sql, " BYPASSRLS");
|
|
if (bypassrls == TRI_NO)
|
|
appendPQExpBufferStr(&sql, " NOBYPASSRLS");
|
|
if (conn_limit >= -1)
|
|
appendPQExpBuffer(&sql, " CONNECTION LIMIT %d", conn_limit);
|
|
if (pwexpiry != NULL)
|
|
{
|
|
appendPQExpBufferStr(&sql, " VALID UNTIL ");
|
|
appendStringLiteralConn(&sql, pwexpiry, conn);
|
|
}
|
|
if (roles.head != NULL)
|
|
{
|
|
SimpleStringListCell *cell;
|
|
|
|
appendPQExpBufferStr(&sql, " IN ROLE ");
|
|
|
|
for (cell = roles.head; cell; cell = cell->next)
|
|
{
|
|
if (cell->next)
|
|
appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
|
|
else
|
|
appendPQExpBufferStr(&sql, fmtId(cell->val));
|
|
}
|
|
}
|
|
if (members.head != NULL)
|
|
{
|
|
SimpleStringListCell *cell;
|
|
|
|
appendPQExpBufferStr(&sql, " ROLE ");
|
|
|
|
for (cell = members.head; cell; cell = cell->next)
|
|
{
|
|
if (cell->next)
|
|
appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
|
|
else
|
|
appendPQExpBufferStr(&sql, fmtId(cell->val));
|
|
}
|
|
}
|
|
if (admins.head != NULL)
|
|
{
|
|
SimpleStringListCell *cell;
|
|
|
|
appendPQExpBufferStr(&sql, " ADMIN ");
|
|
|
|
for (cell = admins.head; cell; cell = cell->next)
|
|
{
|
|
if (cell->next)
|
|
appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
|
|
else
|
|
appendPQExpBufferStr(&sql, fmtId(cell->val));
|
|
}
|
|
}
|
|
|
|
appendPQExpBufferChar(&sql, ';');
|
|
|
|
if (echo)
|
|
printf("%s\n", sql.data);
|
|
result = PQexec(conn, sql.data);
|
|
|
|
if (PQresultStatus(result) != PGRES_COMMAND_OK)
|
|
{
|
|
pg_log_error("creation of new role failed: %s", PQerrorMessage(conn));
|
|
PQfinish(conn);
|
|
exit(1);
|
|
}
|
|
|
|
PQclear(result);
|
|
PQfinish(conn);
|
|
exit(0);
|
|
}
|
|
|
|
|
|
static void
|
|
help(const char *progname)
|
|
{
|
|
printf(_("%s creates a new PostgreSQL role.\n\n"), progname);
|
|
printf(_("Usage:\n"));
|
|
printf(_(" %s [OPTION]... [ROLENAME]\n"), progname);
|
|
printf(_("\nOptions:\n"));
|
|
printf(_(" -a, --with-admin=ROLE ROLE will be a member of new role with admin\n"
|
|
" option\n"));
|
|
printf(_(" -c, --connection-limit=N connection limit for role (default: no limit)\n"));
|
|
printf(_(" -d, --createdb role can create new databases\n"));
|
|
printf(_(" -D, --no-createdb role cannot create databases (default)\n"));
|
|
printf(_(" -e, --echo show the commands being sent to the server\n"));
|
|
printf(_(" -g, --member-of=ROLE new role will be a member of ROLE\n"));
|
|
printf(_(" --role=ROLE (same as --member-of, deprecated)\n"));
|
|
printf(_(" -i, --inherit role inherits privileges of roles it is a\n"
|
|
" member of (default)\n"));
|
|
printf(_(" -I, --no-inherit role does not inherit privileges\n"));
|
|
printf(_(" -l, --login role can login (default)\n"));
|
|
printf(_(" -L, --no-login role cannot login\n"));
|
|
printf(_(" -m, --with-member=ROLE ROLE will be a member of new role\n"));
|
|
printf(_(" -P, --pwprompt assign a password to new role\n"));
|
|
printf(_(" -r, --createrole role can create new roles\n"));
|
|
printf(_(" -R, --no-createrole role cannot create roles (default)\n"));
|
|
printf(_(" -s, --superuser role will be superuser\n"));
|
|
printf(_(" -S, --no-superuser role will not be superuser (default)\n"));
|
|
printf(_(" -v, --valid-until=TIMESTAMP\n"
|
|
" password expiration date and time for role\n"));
|
|
printf(_(" -V, --version output version information, then exit\n"));
|
|
printf(_(" --interactive prompt for missing role name and attributes rather\n"
|
|
" than using defaults\n"));
|
|
printf(_(" --bypassrls role can bypass row-level security (RLS) policy\n"));
|
|
printf(_(" --no-bypassrls role cannot bypass row-level security (RLS) policy\n"
|
|
" (default)\n"));
|
|
printf(_(" --replication role can initiate replication\n"));
|
|
printf(_(" --no-replication role cannot initiate replication (default)\n"));
|
|
printf(_(" -?, --help show this help, then exit\n"));
|
|
printf(_("\nConnection options:\n"));
|
|
printf(_(" -h, --host=HOSTNAME database server host or socket directory\n"));
|
|
printf(_(" -p, --port=PORT database server port\n"));
|
|
printf(_(" -U, --username=USERNAME user name to connect as (not the one to create)\n"));
|
|
printf(_(" -w, --no-password never prompt for password\n"));
|
|
printf(_(" -W, --password force password prompt\n"));
|
|
printf(_("\nReport bugs to <%s>.\n"), PACKAGE_BUGREPORT);
|
|
printf(_("%s home page: <%s>\n"), PACKAGE_NAME, PACKAGE_URL);
|
|
}
|