aboutsummaryrefslogtreecommitdiff
path: root/src/backend/commands/user.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend/commands/user.c')
-rw-r--r--src/backend/commands/user.c197
1 files changed, 116 insertions, 81 deletions
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 47c8dfa4313..7f62b199280 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -6,7 +6,7 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.79 2001/07/12 18:02:59 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.80 2001/08/15 18:42:14 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -25,6 +25,7 @@
#include "catalog/indexing.h"
#include "commands/user.h"
#include "libpq/crypt.h"
+#include "libpq/md5.h"
#include "miscadmin.h"
#include "utils/array.h"
#include "utils/builtins.h"
@@ -34,7 +35,7 @@
static void CheckPgUserAclNotNull(void);
-
+extern bool Password_encryption;
/*---------------------------------------------------------------------
* write_password_file / update_pg_pwd
@@ -201,72 +202,80 @@ CreateUser(CreateUserStmt *stmt)
int max_id = -1;
List *item, *option;
char *password = NULL; /* PostgreSQL user password */
+ bool encrypt_password = Password_encryption; /* encrypt password? */
+ char encrypted_password[MD5_PASSWD_LEN+1];
int sysid = 0; /* PgSQL system id (valid if havesysid) */
bool createdb = false; /* Can the user create databases? */
bool createuser = false; /* Can this user create users? */
List *groupElts = NIL; /* The groups the user is a member of */
char *validUntil = NULL; /* The time the login is valid until */
- DefElem *dpassword = NULL;
- DefElem *dsysid = NULL;
- DefElem *dcreatedb = NULL;
- DefElem *dcreateuser = NULL;
- DefElem *dgroupElts = NULL;
- DefElem *dvalidUntil = NULL;
+ DefElem *dpassword = NULL;
+ DefElem *dsysid = NULL;
+ DefElem *dcreatedb = NULL;
+ DefElem *dcreateuser = NULL;
+ DefElem *dgroupElts = NULL;
+ DefElem *dvalidUntil = NULL;
/* Extract options from the statement node tree */
foreach(option, stmt->options)
{
DefElem *defel = (DefElem *) lfirst(option);
- if (strcasecmp(defel->defname, "password") == 0) {
- if (dpassword)
- elog(ERROR, "CREATE USER: conflicting options");
- dpassword = defel;
- }
- else if (strcasecmp(defel->defname, "sysid") == 0) {
- if (dsysid)
- elog(ERROR, "CREATE USER: conflicting options");
- dsysid = defel;
- }
- else if (strcasecmp(defel->defname, "createdb") == 0) {
- if (dcreatedb)
- elog(ERROR, "CREATE USER: conflicting options");
- dcreatedb = defel;
- }
- else if (strcasecmp(defel->defname, "createuser") == 0) {
- if (dcreateuser)
- elog(ERROR, "CREATE USER: conflicting options");
- dcreateuser = defel;
- }
- else if (strcasecmp(defel->defname, "groupElts") == 0) {
- if (dgroupElts)
- elog(ERROR, "CREATE USER: conflicting options");
- dgroupElts = defel;
- }
- else if (strcasecmp(defel->defname, "validUntil") == 0) {
- if (dvalidUntil)
- elog(ERROR, "CREATE USER: conflicting options");
- dvalidUntil = defel;
- }
- else
- elog(ERROR,"CREATE USER: option \"%s\" not recognized",
- defel->defname);
- }
-
- if (dcreatedb)
+ if (strcasecmp(defel->defname, "password") == 0 ||
+ strcasecmp(defel->defname, "encryptedPassword") == 0 ||
+ strcasecmp(defel->defname, "unencryptedPassword") == 0) {
+ if (dpassword)
+ elog(ERROR, "CREATE USER: conflicting options");
+ dpassword = defel;
+ if (strcasecmp(defel->defname, "encryptedPassword") == 0)
+ encrypt_password = true;
+ else if (strcasecmp(defel->defname, "unencryptedPassword") == 0)
+ encrypt_password = false;
+ }
+ else if (strcasecmp(defel->defname, "sysid") == 0) {
+ if (dsysid)
+ elog(ERROR, "CREATE USER: conflicting options");
+ dsysid = defel;
+ }
+ else if (strcasecmp(defel->defname, "createdb") == 0) {
+ if (dcreatedb)
+ elog(ERROR, "CREATE USER: conflicting options");
+ dcreatedb = defel;
+ }
+ else if (strcasecmp(defel->defname, "createuser") == 0) {
+ if (dcreateuser)
+ elog(ERROR, "CREATE USER: conflicting options");
+ dcreateuser = defel;
+ }
+ else if (strcasecmp(defel->defname, "groupElts") == 0) {
+ if (dgroupElts)
+ elog(ERROR, "CREATE USER: conflicting options");
+ dgroupElts = defel;
+ }
+ else if (strcasecmp(defel->defname, "validUntil") == 0) {
+ if (dvalidUntil)
+ elog(ERROR, "CREATE USER: conflicting options");
+ dvalidUntil = defel;
+ }
+ else
+ elog(ERROR,"CREATE USER: option \"%s\" not recognized",
+ defel->defname);
+ }
+
+ if (dcreatedb)
createdb = intVal(dcreatedb->arg) != 0;
- if (dcreateuser)
+ if (dcreateuser)
createuser = intVal(dcreateuser->arg) != 0;
- if (dsysid)
+ if (dsysid)
{
sysid = intVal(dsysid->arg);
havesysid = true;
}
- if (dvalidUntil)
+ if (dvalidUntil)
validUntil = strVal(dvalidUntil->arg);
- if (dpassword)
+ if (dpassword)
password = strVal(dpassword->arg);
- if (dgroupElts)
+ if (dgroupElts)
groupElts = (List *) dgroupElts->arg;
/* Check some permissions first */
@@ -337,8 +346,18 @@ CreateUser(CreateUserStmt *stmt)
new_record[Anum_pg_shadow_usecatupd - 1] = BoolGetDatum(createuser);
if (password)
- new_record[Anum_pg_shadow_passwd - 1] =
- DirectFunctionCall1(textin, CStringGetDatum(password));
+ {
+ if (!encrypt_password || isMD5(password))
+ new_record[Anum_pg_shadow_passwd - 1] =
+ DirectFunctionCall1(textin, CStringGetDatum(password));
+ else
+ {
+ if (!EncryptMD5(password, stmt->user, encrypted_password))
+ elog(ERROR, "CREATE USER: password encryption failed");
+ new_record[Anum_pg_shadow_passwd - 1] =
+ DirectFunctionCall1(textin, CStringGetDatum(encrypted_password));
+ }
+ }
if (validUntil)
new_record[Anum_pg_shadow_valuntil - 1] =
DirectFunctionCall1(nabstimein, CStringGetDatum(validUntil));
@@ -418,6 +437,8 @@ AlterUser(AlterUserStmt *stmt)
bool null;
List *option;
char *password = NULL; /* PostgreSQL user password */
+ bool encrypt_password = Password_encryption; /* encrypt password? */
+ char encrypted_password[MD5_PASSWD_LEN+1];
int createdb = -1; /* Can the user create databases? */
int createuser = -1; /* Can this user create users? */
char *validUntil = NULL; /* The time the login is valid until */
@@ -431,10 +452,16 @@ AlterUser(AlterUserStmt *stmt)
{
DefElem *defel = (DefElem *) lfirst(option);
- if (strcasecmp(defel->defname, "password") == 0) {
+ if (strcasecmp(defel->defname, "password") == 0 ||
+ strcasecmp(defel->defname, "encryptedPassword") == 0 ||
+ strcasecmp(defel->defname, "unencryptedPassword") == 0) {
if (dpassword)
elog(ERROR, "ALTER USER: conflicting options");
dpassword = defel;
+ if (strcasecmp(defel->defname, "encryptedPassword") == 0)
+ encrypt_password = true;
+ else if (strcasecmp(defel->defname, "unencryptedPassword") == 0)
+ encrypt_password = false;
}
else if (strcasecmp(defel->defname, "createdb") == 0) {
if (dcreatedb)
@@ -445,17 +472,17 @@ AlterUser(AlterUserStmt *stmt)
if (dcreateuser)
elog(ERROR, "ALTER USER: conflicting options");
dcreateuser = defel;
- }
+ }
else if (strcasecmp(defel->defname, "validUntil") == 0) {
if (dvalidUntil)
elog(ERROR, "ALTER USER: conflicting options");
dvalidUntil = defel;
}
- else
+ else
elog(ERROR,"ALTER USER: option \"%s\" not recognized",
defel->defname);
}
-
+
if (dcreatedb)
createdb = intVal(dcreatedb->arg);
if (dcreateuser)
@@ -464,8 +491,8 @@ AlterUser(AlterUserStmt *stmt)
validUntil = strVal(dvalidUntil->arg);
if (dpassword)
password = strVal(dpassword->arg);
-
- if (password)
+
+ if (password)
CheckPgUserAclNotNull();
/* must be superuser or just want to change your own password */
@@ -552,8 +579,16 @@ AlterUser(AlterUserStmt *stmt)
/* password */
if (password)
{
- new_record[Anum_pg_shadow_passwd - 1] =
- DirectFunctionCall1(textin, CStringGetDatum(password));
+ if (!encrypt_password || isMD5(password))
+ new_record[Anum_pg_shadow_passwd - 1] =
+ DirectFunctionCall1(textin, CStringGetDatum(password));
+ else
+ {
+ if (!EncryptMD5(password, stmt->user, encrypted_password))
+ elog(ERROR, "CREATE USER: password encryption failed");
+ new_record[Anum_pg_shadow_passwd - 1] =
+ DirectFunctionCall1(textin, CStringGetDatum(encrypted_password));
+ }
new_record_nulls[Anum_pg_shadow_passwd - 1] = ' ';
}
else
@@ -793,40 +828,40 @@ CreateGroup(CreateGroupStmt *stmt)
Datum new_record[Natts_pg_group];
char new_record_nulls[Natts_pg_group];
List *item,
- *option,
+ *option,
*newlist = NIL;
ArrayType *userarray;
- int sysid = 0;
- List *userElts = NIL;
- DefElem *dsysid = NULL;
- DefElem *duserElts = NULL;
+ int sysid = 0;
+ List *userElts = NIL;
+ DefElem *dsysid = NULL;
+ DefElem *duserElts = NULL;
foreach(option, stmt->options)
{
DefElem *defel = (DefElem *) lfirst(option);
- if (strcasecmp(defel->defname, "sysid") == 0) {
- if (dsysid)
- elog(ERROR, "CREATE GROUP: conflicting options");
- dsysid = defel;
- }
- else if (strcasecmp(defel->defname, "userElts") == 0) {
- if (duserElts)
- elog(ERROR, "CREATE GROUP: conflicting options");
- duserElts = defel;
- }
- else
- elog(ERROR,"CREATE GROUP: option \"%s\" not recognized",
- defel->defname);
- }
-
- if (dsysid)
+ if (strcasecmp(defel->defname, "sysid") == 0) {
+ if (dsysid)
+ elog(ERROR, "CREATE GROUP: conflicting options");
+ dsysid = defel;
+ }
+ else if (strcasecmp(defel->defname, "userElts") == 0) {
+ if (duserElts)
+ elog(ERROR, "CREATE GROUP: conflicting options");
+ duserElts = defel;
+ }
+ else
+ elog(ERROR,"CREATE GROUP: option \"%s\" not recognized",
+ defel->defname);
+ }
+
+ if (dsysid)
{
sysid = intVal(dsysid->arg);
havesysid = true;
}
- if (duserElts)
+ if (duserElts)
userElts = (List *) duserElts->arg;
/*