LCOV - code coverage report
Current view: top level - src/bin/scripts - createuser.c (source / functions) Hit Total Coverage
Test: PostgreSQL 17devel Lines: 201 278 72.3 %
Date: 2024-05-19 08:10:29 Functions: 2 2 100.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*-------------------------------------------------------------------------
       2             :  *
       3             :  * createuser
       4             :  *
       5             :  * Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
       6             :  * Portions Copyright (c) 1994, Regents of the University of California
       7             :  *
       8             :  * src/bin/scripts/createuser.c
       9             :  *
      10             :  *-------------------------------------------------------------------------
      11             :  */
      12             : 
      13             : #include "postgres_fe.h"
      14             : 
      15             : #include <limits.h>
      16             : 
      17             : #include "common.h"
      18             : #include "common/logging.h"
      19             : #include "common/string.h"
      20             : #include "fe_utils/option_utils.h"
      21             : #include "fe_utils/simple_list.h"
      22             : #include "fe_utils/string_utils.h"
      23             : 
      24             : 
      25             : static void help(const char *progname);
      26             : 
      27             : int
      28          50 : main(int argc, char *argv[])
      29             : {
      30             :     static struct option long_options[] = {
      31             :         {"with-admin", required_argument, NULL, 'a'},
      32             :         {"connection-limit", required_argument, NULL, 'c'},
      33             :         {"createdb", no_argument, NULL, 'd'},
      34             :         {"no-createdb", no_argument, NULL, 'D'},
      35             :         {"echo", no_argument, NULL, 'e'},
      36             :         {"encrypted", no_argument, NULL, 'E'},
      37             :         {"role", required_argument, NULL, 'g'},
      38             :         {"member-of", required_argument, NULL, 'g'},
      39             :         {"host", required_argument, NULL, 'h'},
      40             :         {"inherit", no_argument, NULL, 'i'},
      41             :         {"no-inherit", no_argument, NULL, 'I'},
      42             :         {"login", no_argument, NULL, 'l'},
      43             :         {"no-login", no_argument, NULL, 'L'},
      44             :         {"with-member", required_argument, NULL, 'm'},
      45             :         {"port", required_argument, NULL, 'p'},
      46             :         {"pwprompt", no_argument, NULL, 'P'},
      47             :         {"createrole", no_argument, NULL, 'r'},
      48             :         {"no-createrole", no_argument, NULL, 'R'},
      49             :         {"superuser", no_argument, NULL, 's'},
      50             :         {"no-superuser", no_argument, NULL, 'S'},
      51             :         {"username", required_argument, NULL, 'U'},
      52             :         {"valid-until", required_argument, NULL, 'v'},
      53             :         {"no-password", no_argument, NULL, 'w'},
      54             :         {"password", no_argument, NULL, 'W'},
      55             :         {"replication", no_argument, NULL, 1},
      56             :         {"no-replication", no_argument, NULL, 2},
      57             :         {"interactive", no_argument, NULL, 3},
      58             :         {"bypassrls", no_argument, NULL, 4},
      59             :         {"no-bypassrls", no_argument, NULL, 5},
      60             :         {NULL, 0, NULL, 0}
      61             :     };
      62             : 
      63             :     const char *progname;
      64             :     int         optindex;
      65             :     int         c;
      66          50 :     const char *newuser = NULL;
      67          50 :     char       *host = NULL;
      68          50 :     char       *port = NULL;
      69          50 :     char       *username = NULL;
      70          50 :     SimpleStringList roles = {NULL, NULL};
      71          50 :     SimpleStringList members = {NULL, NULL};
      72          50 :     SimpleStringList admins = {NULL, NULL};
      73          50 :     enum trivalue prompt_password = TRI_DEFAULT;
      74             :     ConnParams  cparams;
      75          50 :     bool        echo = false;
      76          50 :     bool        interactive = false;
      77          50 :     int         conn_limit = -2;    /* less than minimum valid value */
      78          50 :     bool        pwprompt = false;
      79          50 :     char       *newpassword = NULL;
      80          50 :     char       *pwexpiry = NULL;
      81             : 
      82             :     /* Tri-valued variables.  */
      83          50 :     enum trivalue createdb = TRI_DEFAULT,
      84          50 :                 superuser = TRI_DEFAULT,
      85          50 :                 createrole = TRI_DEFAULT,
      86          50 :                 inherit = TRI_DEFAULT,
      87          50 :                 login = TRI_DEFAULT,
      88          50 :                 replication = TRI_DEFAULT,
      89          50 :                 bypassrls = TRI_DEFAULT;
      90             : 
      91             :     PQExpBufferData sql;
      92             : 
      93             :     PGconn     *conn;
      94             :     PGresult   *result;
      95             : 
      96          50 :     pg_logging_init(argv[0]);
      97          50 :     progname = get_progname(argv[0]);
      98          50 :     set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pgscripts"));
      99             : 
     100          50 :     handle_help_version_opts(argc, argv, "createuser", help);
     101             : 
     102         104 :     while ((c = getopt_long(argc, argv, "a:c:dDeEg:h:iIlLm:p:PrRsSU:v:wW",
     103             :                             long_options, &optindex)) != -1)
     104             :     {
     105          60 :         switch (c)
     106             :         {
     107           6 :             case 'a':
     108           6 :                 simple_string_list_append(&admins, optarg);
     109           6 :                 break;
     110           0 :             case 'c':
     111           0 :                 if (!option_parse_int(optarg, "-c/--connection-limit",
     112             :                                       -1, INT_MAX, &conn_limit))
     113           0 :                     exit(1);
     114           0 :                 break;
     115           0 :             case 'd':
     116           0 :                 createdb = TRI_YES;
     117           0 :                 break;
     118           0 :             case 'D':
     119           0 :                 createdb = TRI_NO;
     120           0 :                 break;
     121           0 :             case 'e':
     122           0 :                 echo = true;
     123           0 :                 break;
     124           0 :             case 'E':
     125             :                 /* no-op, accepted for backward compatibility */
     126           0 :                 break;
     127           6 :             case 'g':
     128           6 :                 simple_string_list_append(&roles, optarg);
     129           6 :                 break;
     130           0 :             case 'h':
     131           0 :                 host = pg_strdup(optarg);
     132           0 :                 break;
     133           0 :             case 'i':
     134           0 :                 inherit = TRI_YES;
     135           0 :                 break;
     136           0 :             case 'I':
     137           0 :                 inherit = TRI_NO;
     138           0 :                 break;
     139           0 :             case 'l':
     140           0 :                 login = TRI_YES;
     141           0 :                 break;
     142           2 :             case 'L':
     143           2 :                 login = TRI_NO;
     144           2 :                 break;
     145           8 :             case 'm':
     146           8 :                 simple_string_list_append(&members, optarg);
     147           8 :                 break;
     148           0 :             case 'p':
     149           0 :                 port = pg_strdup(optarg);
     150           0 :                 break;
     151           0 :             case 'P':
     152           0 :                 pwprompt = true;
     153           0 :                 break;
     154           2 :             case 'r':
     155           2 :                 createrole = TRI_YES;
     156           2 :                 break;
     157           0 :             case 'R':
     158           0 :                 createrole = TRI_NO;
     159           0 :                 break;
     160          14 :             case 's':
     161          14 :                 superuser = TRI_YES;
     162          14 :                 break;
     163           0 :             case 'S':
     164           0 :                 superuser = TRI_NO;
     165           0 :                 break;
     166          12 :             case 'U':
     167          12 :                 username = pg_strdup(optarg);
     168          12 :                 break;
     169           2 :             case 'v':
     170           2 :                 pwexpiry = pg_strdup(optarg);
     171           2 :                 break;
     172           0 :             case 'w':
     173           0 :                 prompt_password = TRI_NO;
     174           0 :                 break;
     175           0 :             case 'W':
     176           0 :                 prompt_password = TRI_YES;
     177           0 :                 break;
     178           2 :             case 1:
     179           2 :                 replication = TRI_YES;
     180           2 :                 break;
     181           0 :             case 2:
     182           0 :                 replication = TRI_NO;
     183           0 :                 break;
     184           0 :             case 3:
     185           0 :                 interactive = true;
     186           0 :                 break;
     187           2 :             case 4:
     188           2 :                 bypassrls = TRI_YES;
     189           2 :                 break;
     190           2 :             case 5:
     191           2 :                 bypassrls = TRI_NO;
     192           2 :                 break;
     193           2 :             default:
     194             :                 /* getopt_long already emitted a complaint */
     195           2 :                 pg_log_error_hint("Try \"%s --help\" for more information.", progname);
     196           2 :                 exit(1);
     197             :         }
     198             :     }
     199             : 
     200          44 :     switch (argc - optind)
     201             :     {
     202           0 :         case 0:
     203           0 :             break;
     204          42 :         case 1:
     205          42 :             newuser = argv[optind];
     206          42 :             break;
     207           2 :         default:
     208           2 :             pg_log_error("too many command-line arguments (first is \"%s\")",
     209             :                          argv[optind + 1]);
     210           2 :             pg_log_error_hint("Try \"%s --help\" for more information.", progname);
     211           2 :             exit(1);
     212             :     }
     213             : 
     214          42 :     if (newuser == NULL)
     215             :     {
     216           0 :         if (interactive)
     217             :         {
     218           0 :             newuser = simple_prompt("Enter name of role to add: ", true);
     219             :         }
     220             :         else
     221             :         {
     222           0 :             if (getenv("PGUSER"))
     223           0 :                 newuser = getenv("PGUSER");
     224             :             else
     225           0 :                 newuser = get_user_name_or_exit(progname);
     226             :         }
     227             :     }
     228             : 
     229          42 :     if (pwprompt)
     230             :     {
     231             :         char       *pw2;
     232             : 
     233           0 :         newpassword = simple_prompt("Enter password for new role: ", false);
     234           0 :         pw2 = simple_prompt("Enter it again: ", false);
     235           0 :         if (strcmp(newpassword, pw2) != 0)
     236             :         {
     237           0 :             fprintf(stderr, _("Passwords didn't match.\n"));
     238           0 :             exit(1);
     239             :         }
     240           0 :         free(pw2);
     241             :     }
     242             : 
     243          42 :     if (superuser == TRI_DEFAULT)
     244             :     {
     245          28 :         if (interactive && yesno_prompt("Shall the new role be a superuser?"))
     246           0 :             superuser = TRI_YES;
     247             :         else
     248          28 :             superuser = TRI_NO;
     249             :     }
     250             : 
     251          42 :     if (superuser == TRI_YES)
     252             :     {
     253             :         /* Not much point in trying to restrict a superuser */
     254          14 :         createdb = TRI_YES;
     255          14 :         createrole = TRI_YES;
     256             :     }
     257             : 
     258          42 :     if (createdb == TRI_DEFAULT)
     259             :     {
     260          28 :         if (interactive && yesno_prompt("Shall the new role be allowed to create databases?"))
     261           0 :             createdb = TRI_YES;
     262             :         else
     263          28 :             createdb = TRI_NO;
     264             :     }
     265             : 
     266          42 :     if (createrole == TRI_DEFAULT)
     267             :     {
     268          26 :         if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?"))
     269           0 :             createrole = TRI_YES;
     270             :         else
     271          26 :             createrole = TRI_NO;
     272             :     }
     273             : 
     274          42 :     if (bypassrls == TRI_DEFAULT)
     275          38 :         bypassrls = TRI_NO;
     276             : 
     277          42 :     if (replication == TRI_DEFAULT)
     278          40 :         replication = TRI_NO;
     279             : 
     280          42 :     if (inherit == TRI_DEFAULT)
     281          42 :         inherit = TRI_YES;
     282             : 
     283          42 :     if (login == TRI_DEFAULT)
     284          40 :         login = TRI_YES;
     285             : 
     286          42 :     cparams.dbname = NULL;      /* this program lacks any dbname option... */
     287          42 :     cparams.pghost = host;
     288          42 :     cparams.pgport = port;
     289          42 :     cparams.pguser = username;
     290          42 :     cparams.prompt_password = prompt_password;
     291          42 :     cparams.override_dbname = NULL;
     292             : 
     293          42 :     conn = connectMaintenanceDatabase(&cparams, progname, echo);
     294             : 
     295          42 :     initPQExpBuffer(&sql);
     296             : 
     297          42 :     printfPQExpBuffer(&sql, "CREATE ROLE %s", fmtId(newuser));
     298          42 :     if (newpassword)
     299             :     {
     300             :         char       *encrypted_password;
     301             : 
     302           0 :         appendPQExpBufferStr(&sql, " PASSWORD ");
     303             : 
     304           0 :         encrypted_password = PQencryptPasswordConn(conn,
     305             :                                                    newpassword,
     306             :                                                    newuser,
     307             :                                                    NULL);
     308           0 :         if (!encrypted_password)
     309           0 :             pg_fatal("password encryption failed: %s",
     310             :                      PQerrorMessage(conn));
     311           0 :         appendStringLiteralConn(&sql, encrypted_password, conn);
     312           0 :         PQfreemem(encrypted_password);
     313             :     }
     314          42 :     if (superuser == TRI_YES)
     315          14 :         appendPQExpBufferStr(&sql, " SUPERUSER");
     316          42 :     if (superuser == TRI_NO)
     317          28 :         appendPQExpBufferStr(&sql, " NOSUPERUSER");
     318          42 :     if (createdb == TRI_YES)
     319          14 :         appendPQExpBufferStr(&sql, " CREATEDB");
     320          42 :     if (createdb == TRI_NO)
     321          28 :         appendPQExpBufferStr(&sql, " NOCREATEDB");
     322          42 :     if (createrole == TRI_YES)
     323          16 :         appendPQExpBufferStr(&sql, " CREATEROLE");
     324          42 :     if (createrole == TRI_NO)
     325          26 :         appendPQExpBufferStr(&sql, " NOCREATEROLE");
     326          42 :     if (inherit == TRI_YES)
     327          42 :         appendPQExpBufferStr(&sql, " INHERIT");
     328          42 :     if (inherit == TRI_NO)
     329           0 :         appendPQExpBufferStr(&sql, " NOINHERIT");
     330          42 :     if (login == TRI_YES)
     331          40 :         appendPQExpBufferStr(&sql, " LOGIN");
     332          42 :     if (login == TRI_NO)
     333           2 :         appendPQExpBufferStr(&sql, " NOLOGIN");
     334          42 :     if (replication == TRI_YES)
     335           2 :         appendPQExpBufferStr(&sql, " REPLICATION");
     336          42 :     if (replication == TRI_NO)
     337          40 :         appendPQExpBufferStr(&sql, " NOREPLICATION");
     338          42 :     if (bypassrls == TRI_YES)
     339           2 :         appendPQExpBufferStr(&sql, " BYPASSRLS");
     340          42 :     if (bypassrls == TRI_NO)
     341          40 :         appendPQExpBufferStr(&sql, " NOBYPASSRLS");
     342          42 :     if (conn_limit >= -1)
     343           0 :         appendPQExpBuffer(&sql, " CONNECTION LIMIT %d", conn_limit);
     344          42 :     if (pwexpiry != NULL)
     345             :     {
     346           2 :         appendPQExpBufferStr(&sql, " VALID UNTIL ");
     347           2 :         appendStringLiteralConn(&sql, pwexpiry, conn);
     348             :     }
     349          42 :     if (roles.head != NULL)
     350             :     {
     351             :         SimpleStringListCell *cell;
     352             : 
     353           6 :         appendPQExpBufferStr(&sql, " IN ROLE ");
     354             : 
     355          12 :         for (cell = roles.head; cell; cell = cell->next)
     356             :         {
     357           6 :             if (cell->next)
     358           0 :                 appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
     359             :             else
     360           6 :                 appendPQExpBufferStr(&sql, fmtId(cell->val));
     361             :         }
     362             :     }
     363          42 :     if (members.head != NULL)
     364             :     {
     365             :         SimpleStringListCell *cell;
     366             : 
     367           4 :         appendPQExpBufferStr(&sql, " ROLE ");
     368             : 
     369          10 :         for (cell = members.head; cell; cell = cell->next)
     370             :         {
     371           6 :             if (cell->next)
     372           2 :                 appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
     373             :             else
     374           4 :                 appendPQExpBufferStr(&sql, fmtId(cell->val));
     375             :         }
     376             :     }
     377          42 :     if (admins.head != NULL)
     378             :     {
     379             :         SimpleStringListCell *cell;
     380             : 
     381           4 :         appendPQExpBufferStr(&sql, " ADMIN ");
     382             : 
     383          10 :         for (cell = admins.head; cell; cell = cell->next)
     384             :         {
     385           6 :             if (cell->next)
     386           2 :                 appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
     387             :             else
     388           4 :                 appendPQExpBufferStr(&sql, fmtId(cell->val));
     389             :         }
     390             :     }
     391             : 
     392          42 :     appendPQExpBufferChar(&sql, ';');
     393             : 
     394          42 :     if (echo)
     395           0 :         printf("%s\n", sql.data);
     396          42 :     result = PQexec(conn, sql.data);
     397             : 
     398          42 :     if (PQresultStatus(result) != PGRES_COMMAND_OK)
     399             :     {
     400           2 :         pg_log_error("creation of new role failed: %s", PQerrorMessage(conn));
     401           2 :         PQfinish(conn);
     402           2 :         exit(1);
     403             :     }
     404             : 
     405          40 :     PQclear(result);
     406          40 :     PQfinish(conn);
     407          40 :     exit(0);
     408             : }
     409             : 
     410             : 
     411             : static void
     412           2 : help(const char *progname)
     413             : {
     414           2 :     printf(_("%s creates a new PostgreSQL role.\n\n"), progname);
     415           2 :     printf(_("Usage:\n"));
     416           2 :     printf(_("  %s [OPTION]... [ROLENAME]\n"), progname);
     417           2 :     printf(_("\nOptions:\n"));
     418           2 :     printf(_("  -a, --with-admin=ROLE     ROLE will be a member of new role with admin\n"
     419             :              "                            option\n"));
     420           2 :     printf(_("  -c, --connection-limit=N  connection limit for role (default: no limit)\n"));
     421           2 :     printf(_("  -d, --createdb            role can create new databases\n"));
     422           2 :     printf(_("  -D, --no-createdb         role cannot create databases (default)\n"));
     423           2 :     printf(_("  -e, --echo                show the commands being sent to the server\n"));
     424           2 :     printf(_("  -g, --member-of=ROLE      new role will be a member of ROLE\n"));
     425           2 :     printf(_("  --role=ROLE               (same as --member-of, deprecated)\n"));
     426           2 :     printf(_("  -i, --inherit             role inherits privileges of roles it is a\n"
     427             :              "                            member of (default)\n"));
     428           2 :     printf(_("  -I, --no-inherit          role does not inherit privileges\n"));
     429           2 :     printf(_("  -l, --login               role can login (default)\n"));
     430           2 :     printf(_("  -L, --no-login            role cannot login\n"));
     431           2 :     printf(_("  -m, --with-member=ROLE    ROLE will be a member of new role\n"));
     432           2 :     printf(_("  -P, --pwprompt            assign a password to new role\n"));
     433           2 :     printf(_("  -r, --createrole          role can create new roles\n"));
     434           2 :     printf(_("  -R, --no-createrole       role cannot create roles (default)\n"));
     435           2 :     printf(_("  -s, --superuser           role will be superuser\n"));
     436           2 :     printf(_("  -S, --no-superuser        role will not be superuser (default)\n"));
     437           2 :     printf(_("  -v, --valid-until=TIMESTAMP\n"
     438             :              "                            password expiration date and time for role\n"));
     439           2 :     printf(_("  -V, --version             output version information, then exit\n"));
     440           2 :     printf(_("  --interactive             prompt for missing role name and attributes rather\n"
     441             :              "                            than using defaults\n"));
     442           2 :     printf(_("  --bypassrls               role can bypass row-level security (RLS) policy\n"));
     443           2 :     printf(_("  --no-bypassrls            role cannot bypass row-level security (RLS) policy\n"
     444             :              "                            (default)\n"));
     445           2 :     printf(_("  --replication             role can initiate replication\n"));
     446           2 :     printf(_("  --no-replication          role cannot initiate replication (default)\n"));
     447           2 :     printf(_("  -?, --help                show this help, then exit\n"));
     448           2 :     printf(_("\nConnection options:\n"));
     449           2 :     printf(_("  -h, --host=HOSTNAME       database server host or socket directory\n"));
     450           2 :     printf(_("  -p, --port=PORT           database server port\n"));
     451           2 :     printf(_("  -U, --username=USERNAME   user name to connect as (not the one to create)\n"));
     452           2 :     printf(_("  -w, --no-password         never prompt for password\n"));
     453           2 :     printf(_("  -W, --password            force password prompt\n"));
     454           2 :     printf(_("\nReport bugs to <%s>.\n"), PACKAGE_BUGREPORT);
     455           2 :     printf(_("%s home page: <%s>\n"), PACKAGE_NAME, PACKAGE_URL);
     456           2 : }

Generated by: LCOV version 1.14