LCOV - code coverage report
Current view: top level - src/bin/scripts - createuser.c (source / functions) Hit Total Coverage
Test: PostgreSQL 14devel Lines: 137 233 58.8 %
Date: 2021-01-26 02:06:48 Functions: 2 2 100.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*-------------------------------------------------------------------------
       2             :  *
       3             :  * createuser
       4             :  *
       5             :  * Portions Copyright (c) 1996-2021, PostgreSQL Global Development Group
       6             :  * Portions Copyright (c) 1994, Regents of the University of California
       7             :  *
       8             :  * src/bin/scripts/createuser.c
       9             :  *
      10             :  *-------------------------------------------------------------------------
      11             :  */
      12             : 
      13             : #include "postgres_fe.h"
      14             : #include "common.h"
      15             : #include "common/logging.h"
      16             : #include "common/string.h"
      17             : #include "fe_utils/simple_list.h"
      18             : #include "fe_utils/string_utils.h"
      19             : 
      20             : 
      21             : static void help(const char *progname);
      22             : 
      23             : int
      24          28 : main(int argc, char *argv[])
      25             : {
      26             :     static struct option long_options[] = {
      27             :         {"host", required_argument, NULL, 'h'},
      28             :         {"port", required_argument, NULL, 'p'},
      29             :         {"username", required_argument, NULL, 'U'},
      30             :         {"role", required_argument, NULL, 'g'},
      31             :         {"no-password", no_argument, NULL, 'w'},
      32             :         {"password", no_argument, NULL, 'W'},
      33             :         {"echo", no_argument, NULL, 'e'},
      34             :         {"createdb", no_argument, NULL, 'd'},
      35             :         {"no-createdb", no_argument, NULL, 'D'},
      36             :         {"superuser", no_argument, NULL, 's'},
      37             :         {"no-superuser", no_argument, NULL, 'S'},
      38             :         {"createrole", no_argument, NULL, 'r'},
      39             :         {"no-createrole", no_argument, NULL, 'R'},
      40             :         {"inherit", no_argument, NULL, 'i'},
      41             :         {"no-inherit", no_argument, NULL, 'I'},
      42             :         {"login", no_argument, NULL, 'l'},
      43             :         {"no-login", no_argument, NULL, 'L'},
      44             :         {"replication", no_argument, NULL, 1},
      45             :         {"no-replication", no_argument, NULL, 2},
      46             :         {"interactive", no_argument, NULL, 3},
      47             :         {"connection-limit", required_argument, NULL, 'c'},
      48             :         {"pwprompt", no_argument, NULL, 'P'},
      49             :         {"encrypted", no_argument, NULL, 'E'},
      50             :         {NULL, 0, NULL, 0}
      51             :     };
      52             : 
      53             :     const char *progname;
      54             :     int         optindex;
      55             :     int         c;
      56          28 :     const char *newuser = NULL;
      57          28 :     char       *host = NULL;
      58          28 :     char       *port = NULL;
      59          28 :     char       *username = NULL;
      60          28 :     SimpleStringList roles = {NULL, NULL};
      61          28 :     enum trivalue prompt_password = TRI_DEFAULT;
      62             :     ConnParams  cparams;
      63          28 :     bool        echo = false;
      64          28 :     bool        interactive = false;
      65          28 :     int         conn_limit = -2;    /* less than minimum valid value */
      66          28 :     bool        pwprompt = false;
      67          28 :     char       *newpassword = NULL;
      68             : 
      69             :     /* Tri-valued variables.  */
      70          28 :     enum trivalue createdb = TRI_DEFAULT,
      71          28 :                 superuser = TRI_DEFAULT,
      72          28 :                 createrole = TRI_DEFAULT,
      73          28 :                 inherit = TRI_DEFAULT,
      74          28 :                 login = TRI_DEFAULT,
      75          28 :                 replication = TRI_DEFAULT;
      76             : 
      77             :     PQExpBufferData sql;
      78             : 
      79             :     PGconn     *conn;
      80             :     PGresult   *result;
      81             : 
      82          28 :     pg_logging_init(argv[0]);
      83          28 :     progname = get_progname(argv[0]);
      84          28 :     set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pgscripts"));
      85             : 
      86          28 :     handle_help_version_opts(argc, argv, "createuser", help);
      87             : 
      88          54 :     while ((c = getopt_long(argc, argv, "h:p:U:g:wWedDsSrRiIlLc:PE",
      89             :                             long_options, &optindex)) != -1)
      90             :     {
      91             :         char       *endptr;
      92             : 
      93          32 :         switch (c)
      94             :         {
      95           0 :             case 'h':
      96           0 :                 host = pg_strdup(optarg);
      97           0 :                 break;
      98           0 :             case 'p':
      99           0 :                 port = pg_strdup(optarg);
     100           0 :                 break;
     101          12 :             case 'U':
     102          12 :                 username = pg_strdup(optarg);
     103          12 :                 break;
     104           0 :             case 'g':
     105           0 :                 simple_string_list_append(&roles, optarg);
     106           0 :                 break;
     107           0 :             case 'w':
     108           0 :                 prompt_password = TRI_NO;
     109           0 :                 break;
     110           0 :             case 'W':
     111           0 :                 prompt_password = TRI_YES;
     112           0 :                 break;
     113           0 :             case 'e':
     114           0 :                 echo = true;
     115           0 :                 break;
     116           0 :             case 'd':
     117           0 :                 createdb = TRI_YES;
     118           0 :                 break;
     119           0 :             case 'D':
     120           0 :                 createdb = TRI_NO;
     121           0 :                 break;
     122          14 :             case 's':
     123          14 :                 superuser = TRI_YES;
     124          14 :                 break;
     125           0 :             case 'S':
     126           0 :                 superuser = TRI_NO;
     127           0 :                 break;
     128           2 :             case 'r':
     129           2 :                 createrole = TRI_YES;
     130           2 :                 break;
     131           0 :             case 'R':
     132           0 :                 createrole = TRI_NO;
     133           0 :                 break;
     134           0 :             case 'i':
     135           0 :                 inherit = TRI_YES;
     136           0 :                 break;
     137           0 :             case 'I':
     138           0 :                 inherit = TRI_NO;
     139           0 :                 break;
     140           0 :             case 'l':
     141           0 :                 login = TRI_YES;
     142           0 :                 break;
     143           2 :             case 'L':
     144           2 :                 login = TRI_NO;
     145           2 :                 break;
     146           0 :             case 'c':
     147           0 :                 conn_limit = strtol(optarg, &endptr, 10);
     148           0 :                 if (*endptr != '\0' || conn_limit < -1) /* minimum valid value */
     149             :                 {
     150           0 :                     pg_log_error("invalid value for --connection-limit: %s",
     151             :                                  optarg);
     152           0 :                     exit(1);
     153             :                 }
     154           0 :                 break;
     155           0 :             case 'P':
     156           0 :                 pwprompt = true;
     157           0 :                 break;
     158           0 :             case 'E':
     159             :                 /* no-op, accepted for backward compatibility */
     160           0 :                 break;
     161           0 :             case 1:
     162           0 :                 replication = TRI_YES;
     163           0 :                 break;
     164           0 :             case 2:
     165           0 :                 replication = TRI_NO;
     166           0 :                 break;
     167           0 :             case 3:
     168           0 :                 interactive = true;
     169           0 :                 break;
     170           2 :             default:
     171           2 :                 fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
     172           2 :                 exit(1);
     173             :         }
     174             :     }
     175             : 
     176          22 :     switch (argc - optind)
     177             :     {
     178           0 :         case 0:
     179           0 :             break;
     180          22 :         case 1:
     181          22 :             newuser = argv[optind];
     182          22 :             break;
     183           0 :         default:
     184           0 :             pg_log_error("too many command-line arguments (first is \"%s\")",
     185             :                          argv[optind + 1]);
     186           0 :             fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
     187           0 :             exit(1);
     188             :     }
     189             : 
     190          22 :     if (newuser == NULL)
     191             :     {
     192           0 :         if (interactive)
     193             :         {
     194           0 :             newuser = simple_prompt("Enter name of role to add: ", true);
     195             :         }
     196             :         else
     197             :         {
     198           0 :             if (getenv("PGUSER"))
     199           0 :                 newuser = getenv("PGUSER");
     200             :             else
     201           0 :                 newuser = get_user_name_or_exit(progname);
     202             :         }
     203             :     }
     204             : 
     205          22 :     if (pwprompt)
     206             :     {
     207             :         char       *pw2;
     208             : 
     209           0 :         newpassword = simple_prompt("Enter password for new role: ", false);
     210           0 :         pw2 = simple_prompt("Enter it again: ", false);
     211           0 :         if (strcmp(newpassword, pw2) != 0)
     212             :         {
     213           0 :             fprintf(stderr, _("Passwords didn't match.\n"));
     214           0 :             exit(1);
     215             :         }
     216           0 :         free(pw2);
     217             :     }
     218             : 
     219          22 :     if (superuser == 0)
     220             :     {
     221           8 :         if (interactive && yesno_prompt("Shall the new role be a superuser?"))
     222           0 :             superuser = TRI_YES;
     223             :         else
     224           8 :             superuser = TRI_NO;
     225             :     }
     226             : 
     227          22 :     if (superuser == TRI_YES)
     228             :     {
     229             :         /* Not much point in trying to restrict a superuser */
     230          14 :         createdb = TRI_YES;
     231          14 :         createrole = TRI_YES;
     232             :     }
     233             : 
     234          22 :     if (createdb == 0)
     235             :     {
     236           8 :         if (interactive && yesno_prompt("Shall the new role be allowed to create databases?"))
     237           0 :             createdb = TRI_YES;
     238             :         else
     239           8 :             createdb = TRI_NO;
     240             :     }
     241             : 
     242          22 :     if (createrole == 0)
     243             :     {
     244           6 :         if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?"))
     245           0 :             createrole = TRI_YES;
     246             :         else
     247           6 :             createrole = TRI_NO;
     248             :     }
     249             : 
     250          22 :     if (inherit == 0)
     251          22 :         inherit = TRI_YES;
     252             : 
     253          22 :     if (login == 0)
     254          20 :         login = TRI_YES;
     255             : 
     256          22 :     cparams.dbname = NULL;      /* this program lacks any dbname option... */
     257          22 :     cparams.pghost = host;
     258          22 :     cparams.pgport = port;
     259          22 :     cparams.pguser = username;
     260          22 :     cparams.prompt_password = prompt_password;
     261          22 :     cparams.override_dbname = NULL;
     262             : 
     263          22 :     conn = connectMaintenanceDatabase(&cparams, progname, echo);
     264             : 
     265          22 :     initPQExpBuffer(&sql);
     266             : 
     267          22 :     printfPQExpBuffer(&sql, "CREATE ROLE %s", fmtId(newuser));
     268          22 :     if (newpassword)
     269             :     {
     270             :         char       *encrypted_password;
     271             : 
     272           0 :         appendPQExpBufferStr(&sql, " PASSWORD ");
     273             : 
     274           0 :         encrypted_password = PQencryptPasswordConn(conn,
     275             :                                                    newpassword,
     276             :                                                    newuser,
     277             :                                                    NULL);
     278           0 :         if (!encrypted_password)
     279             :         {
     280           0 :             pg_log_error("password encryption failed: %s",
     281             :                          PQerrorMessage(conn));
     282           0 :             exit(1);
     283             :         }
     284           0 :         appendStringLiteralConn(&sql, encrypted_password, conn);
     285           0 :         PQfreemem(encrypted_password);
     286             :     }
     287          22 :     if (superuser == TRI_YES)
     288          14 :         appendPQExpBufferStr(&sql, " SUPERUSER");
     289          22 :     if (superuser == TRI_NO)
     290           8 :         appendPQExpBufferStr(&sql, " NOSUPERUSER");
     291          22 :     if (createdb == TRI_YES)
     292          14 :         appendPQExpBufferStr(&sql, " CREATEDB");
     293          22 :     if (createdb == TRI_NO)
     294           8 :         appendPQExpBufferStr(&sql, " NOCREATEDB");
     295          22 :     if (createrole == TRI_YES)
     296          16 :         appendPQExpBufferStr(&sql, " CREATEROLE");
     297          22 :     if (createrole == TRI_NO)
     298           6 :         appendPQExpBufferStr(&sql, " NOCREATEROLE");
     299          22 :     if (inherit == TRI_YES)
     300          22 :         appendPQExpBufferStr(&sql, " INHERIT");
     301          22 :     if (inherit == TRI_NO)
     302           0 :         appendPQExpBufferStr(&sql, " NOINHERIT");
     303          22 :     if (login == TRI_YES)
     304          20 :         appendPQExpBufferStr(&sql, " LOGIN");
     305          22 :     if (login == TRI_NO)
     306           2 :         appendPQExpBufferStr(&sql, " NOLOGIN");
     307          22 :     if (replication == TRI_YES)
     308           0 :         appendPQExpBufferStr(&sql, " REPLICATION");
     309          22 :     if (replication == TRI_NO)
     310           0 :         appendPQExpBufferStr(&sql, " NOREPLICATION");
     311          22 :     if (conn_limit >= -1)
     312           0 :         appendPQExpBuffer(&sql, " CONNECTION LIMIT %d", conn_limit);
     313          22 :     if (roles.head != NULL)
     314             :     {
     315             :         SimpleStringListCell *cell;
     316             : 
     317           0 :         appendPQExpBufferStr(&sql, " IN ROLE ");
     318             : 
     319           0 :         for (cell = roles.head; cell; cell = cell->next)
     320             :         {
     321           0 :             if (cell->next)
     322           0 :                 appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
     323             :             else
     324           0 :                 appendPQExpBufferStr(&sql, fmtId(cell->val));
     325             :         }
     326             :     }
     327          22 :     appendPQExpBufferChar(&sql, ';');
     328             : 
     329          22 :     if (echo)
     330           0 :         printf("%s\n", sql.data);
     331          22 :     result = PQexec(conn, sql.data);
     332             : 
     333          22 :     if (PQresultStatus(result) != PGRES_COMMAND_OK)
     334             :     {
     335           2 :         pg_log_error("creation of new role failed: %s", PQerrorMessage(conn));
     336           2 :         PQfinish(conn);
     337           2 :         exit(1);
     338             :     }
     339             : 
     340          20 :     PQclear(result);
     341          20 :     PQfinish(conn);
     342          20 :     exit(0);
     343             : }
     344             : 
     345             : 
     346             : static void
     347           2 : help(const char *progname)
     348             : {
     349           2 :     printf(_("%s creates a new PostgreSQL role.\n\n"), progname);
     350           2 :     printf(_("Usage:\n"));
     351           2 :     printf(_("  %s [OPTION]... [ROLENAME]\n"), progname);
     352           2 :     printf(_("\nOptions:\n"));
     353           2 :     printf(_("  -c, --connection-limit=N  connection limit for role (default: no limit)\n"));
     354           2 :     printf(_("  -d, --createdb            role can create new databases\n"));
     355           2 :     printf(_("  -D, --no-createdb         role cannot create databases (default)\n"));
     356           2 :     printf(_("  -e, --echo                show the commands being sent to the server\n"));
     357           2 :     printf(_("  -g, --role=ROLE           new role will be a member of this role\n"));
     358           2 :     printf(_("  -i, --inherit             role inherits privileges of roles it is a\n"
     359             :              "                            member of (default)\n"));
     360           2 :     printf(_("  -I, --no-inherit          role does not inherit privileges\n"));
     361           2 :     printf(_("  -l, --login               role can login (default)\n"));
     362           2 :     printf(_("  -L, --no-login            role cannot login\n"));
     363           2 :     printf(_("  -P, --pwprompt            assign a password to new role\n"));
     364           2 :     printf(_("  -r, --createrole          role can create new roles\n"));
     365           2 :     printf(_("  -R, --no-createrole       role cannot create roles (default)\n"));
     366           2 :     printf(_("  -s, --superuser           role will be superuser\n"));
     367           2 :     printf(_("  -S, --no-superuser        role will not be superuser (default)\n"));
     368           2 :     printf(_("  -V, --version             output version information, then exit\n"));
     369           2 :     printf(_("  --interactive             prompt for missing role name and attributes rather\n"
     370             :              "                            than using defaults\n"));
     371           2 :     printf(_("  --replication             role can initiate replication\n"));
     372           2 :     printf(_("  --no-replication          role cannot initiate replication\n"));
     373           2 :     printf(_("  -?, --help                show this help, then exit\n"));
     374           2 :     printf(_("\nConnection options:\n"));
     375           2 :     printf(_("  -h, --host=HOSTNAME       database server host or socket directory\n"));
     376           2 :     printf(_("  -p, --port=PORT           database server port\n"));
     377           2 :     printf(_("  -U, --username=USERNAME   user name to connect as (not the one to create)\n"));
     378           2 :     printf(_("  -w, --no-password         never prompt for password\n"));
     379           2 :     printf(_("  -W, --password            force password prompt\n"));
     380           2 :     printf(_("\nReport bugs to <%s>.\n"), PACKAGE_BUGREPORT);
     381           2 :     printf(_("%s home page: <%s>\n"), PACKAGE_NAME, PACKAGE_URL);
     382           2 : }

Generated by: LCOV version 1.13