LCOV - code coverage report
Current view: top level - src/bin/scripts - createuser.c (source / functions) Hit Total Coverage
Test: PostgreSQL 13beta1 Lines: 131 228 57.5 %
Date: 2020-06-03 10:06:28 Functions: 2 2 100.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*-------------------------------------------------------------------------
       2             :  *
       3             :  * createuser
       4             :  *
       5             :  * Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
       6             :  * Portions Copyright (c) 1994, Regents of the University of California
       7             :  *
       8             :  * src/bin/scripts/createuser.c
       9             :  *
      10             :  *-------------------------------------------------------------------------
      11             :  */
      12             : 
      13             : #include "postgres_fe.h"
      14             : #include "common.h"
      15             : #include "common/logging.h"
      16             : #include "fe_utils/simple_list.h"
      17             : #include "fe_utils/string_utils.h"
      18             : 
      19             : 
      20             : static void help(const char *progname);
      21             : 
      22             : int
      23          28 : main(int argc, char *argv[])
      24             : {
      25             :     static struct option long_options[] = {
      26             :         {"host", required_argument, NULL, 'h'},
      27             :         {"port", required_argument, NULL, 'p'},
      28             :         {"username", required_argument, NULL, 'U'},
      29             :         {"role", required_argument, NULL, 'g'},
      30             :         {"no-password", no_argument, NULL, 'w'},
      31             :         {"password", no_argument, NULL, 'W'},
      32             :         {"echo", no_argument, NULL, 'e'},
      33             :         {"createdb", no_argument, NULL, 'd'},
      34             :         {"no-createdb", no_argument, NULL, 'D'},
      35             :         {"superuser", no_argument, NULL, 's'},
      36             :         {"no-superuser", no_argument, NULL, 'S'},
      37             :         {"createrole", no_argument, NULL, 'r'},
      38             :         {"no-createrole", no_argument, NULL, 'R'},
      39             :         {"inherit", no_argument, NULL, 'i'},
      40             :         {"no-inherit", no_argument, NULL, 'I'},
      41             :         {"login", no_argument, NULL, 'l'},
      42             :         {"no-login", no_argument, NULL, 'L'},
      43             :         {"replication", no_argument, NULL, 1},
      44             :         {"no-replication", no_argument, NULL, 2},
      45             :         {"interactive", no_argument, NULL, 3},
      46             :         {"connection-limit", required_argument, NULL, 'c'},
      47             :         {"pwprompt", no_argument, NULL, 'P'},
      48             :         {"encrypted", no_argument, NULL, 'E'},
      49             :         {NULL, 0, NULL, 0}
      50             :     };
      51             : 
      52             :     const char *progname;
      53             :     int         optindex;
      54             :     int         c;
      55          28 :     const char *newuser = NULL;
      56          28 :     char       *host = NULL;
      57          28 :     char       *port = NULL;
      58          28 :     char       *username = NULL;
      59          28 :     SimpleStringList roles = {NULL, NULL};
      60          28 :     enum trivalue prompt_password = TRI_DEFAULT;
      61          28 :     bool        echo = false;
      62          28 :     bool        interactive = false;
      63          28 :     int         conn_limit = -2;    /* less than minimum valid value */
      64          28 :     bool        pwprompt = false;
      65          28 :     char       *newpassword = NULL;
      66             :     char        newuser_buf[128];
      67             :     char        newpassword_buf[100];
      68             : 
      69             :     /* Tri-valued variables.  */
      70          28 :     enum trivalue createdb = TRI_DEFAULT,
      71          28 :                 superuser = TRI_DEFAULT,
      72          28 :                 createrole = TRI_DEFAULT,
      73          28 :                 inherit = TRI_DEFAULT,
      74          28 :                 login = TRI_DEFAULT,
      75          28 :                 replication = TRI_DEFAULT;
      76             : 
      77             :     PQExpBufferData sql;
      78             : 
      79             :     PGconn     *conn;
      80             :     PGresult   *result;
      81             : 
      82          28 :     pg_logging_init(argv[0]);
      83          28 :     progname = get_progname(argv[0]);
      84          28 :     set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pgscripts"));
      85             : 
      86          28 :     handle_help_version_opts(argc, argv, "createuser", help);
      87             : 
      88          54 :     while ((c = getopt_long(argc, argv, "h:p:U:g:wWedDsSrRiIlLc:PE",
      89             :                             long_options, &optindex)) != -1)
      90             :     {
      91             :         char       *endptr;
      92             : 
      93          32 :         switch (c)
      94             :         {
      95           0 :             case 'h':
      96           0 :                 host = pg_strdup(optarg);
      97           0 :                 break;
      98           0 :             case 'p':
      99           0 :                 port = pg_strdup(optarg);
     100           0 :                 break;
     101          12 :             case 'U':
     102          12 :                 username = pg_strdup(optarg);
     103          12 :                 break;
     104           0 :             case 'g':
     105           0 :                 simple_string_list_append(&roles, optarg);
     106           0 :                 break;
     107           0 :             case 'w':
     108           0 :                 prompt_password = TRI_NO;
     109           0 :                 break;
     110           0 :             case 'W':
     111           0 :                 prompt_password = TRI_YES;
     112           0 :                 break;
     113           0 :             case 'e':
     114           0 :                 echo = true;
     115           0 :                 break;
     116           0 :             case 'd':
     117           0 :                 createdb = TRI_YES;
     118           0 :                 break;
     119           0 :             case 'D':
     120           0 :                 createdb = TRI_NO;
     121           0 :                 break;
     122          14 :             case 's':
     123          14 :                 superuser = TRI_YES;
     124          14 :                 break;
     125           0 :             case 'S':
     126           0 :                 superuser = TRI_NO;
     127           0 :                 break;
     128           2 :             case 'r':
     129           2 :                 createrole = TRI_YES;
     130           2 :                 break;
     131           0 :             case 'R':
     132           0 :                 createrole = TRI_NO;
     133           0 :                 break;
     134           0 :             case 'i':
     135           0 :                 inherit = TRI_YES;
     136           0 :                 break;
     137           0 :             case 'I':
     138           0 :                 inherit = TRI_NO;
     139           0 :                 break;
     140           0 :             case 'l':
     141           0 :                 login = TRI_YES;
     142           0 :                 break;
     143           2 :             case 'L':
     144           2 :                 login = TRI_NO;
     145           2 :                 break;
     146           0 :             case 'c':
     147           0 :                 conn_limit = strtol(optarg, &endptr, 10);
     148           0 :                 if (*endptr != '\0' || conn_limit < -1) /* minimum valid value */
     149             :                 {
     150           0 :                     pg_log_error("invalid value for --connection-limit: %s",
     151             :                                  optarg);
     152           0 :                     exit(1);
     153             :                 }
     154           0 :                 break;
     155           0 :             case 'P':
     156           0 :                 pwprompt = true;
     157           0 :                 break;
     158           0 :             case 'E':
     159             :                 /* no-op, accepted for backward compatibility */
     160           0 :                 break;
     161           0 :             case 1:
     162           0 :                 replication = TRI_YES;
     163           0 :                 break;
     164           0 :             case 2:
     165           0 :                 replication = TRI_NO;
     166           0 :                 break;
     167           0 :             case 3:
     168           0 :                 interactive = true;
     169           0 :                 break;
     170           2 :             default:
     171           2 :                 fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
     172           2 :                 exit(1);
     173             :         }
     174             :     }
     175             : 
     176          22 :     switch (argc - optind)
     177             :     {
     178           0 :         case 0:
     179           0 :             break;
     180          22 :         case 1:
     181          22 :             newuser = argv[optind];
     182          22 :             break;
     183           0 :         default:
     184           0 :             pg_log_error("too many command-line arguments (first is \"%s\")",
     185             :                          argv[optind + 1]);
     186           0 :             fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
     187           0 :             exit(1);
     188             :     }
     189             : 
     190          22 :     if (newuser == NULL)
     191             :     {
     192           0 :         if (interactive)
     193             :         {
     194           0 :             simple_prompt("Enter name of role to add: ",
     195             :                           newuser_buf, sizeof(newuser_buf), true);
     196           0 :             newuser = newuser_buf;
     197             :         }
     198             :         else
     199             :         {
     200           0 :             if (getenv("PGUSER"))
     201           0 :                 newuser = getenv("PGUSER");
     202             :             else
     203           0 :                 newuser = get_user_name_or_exit(progname);
     204             :         }
     205             :     }
     206             : 
     207          22 :     if (pwprompt)
     208             :     {
     209             :         char        pw2[100];
     210             : 
     211           0 :         simple_prompt("Enter password for new role: ",
     212             :                       newpassword_buf, sizeof(newpassword_buf), false);
     213           0 :         simple_prompt("Enter it again: ", pw2, sizeof(pw2), false);
     214           0 :         if (strcmp(newpassword_buf, pw2) != 0)
     215             :         {
     216           0 :             fprintf(stderr, _("Passwords didn't match.\n"));
     217           0 :             exit(1);
     218             :         }
     219           0 :         newpassword = newpassword_buf;
     220             :     }
     221             : 
     222          22 :     if (superuser == 0)
     223             :     {
     224           8 :         if (interactive && yesno_prompt("Shall the new role be a superuser?"))
     225           0 :             superuser = TRI_YES;
     226             :         else
     227           8 :             superuser = TRI_NO;
     228             :     }
     229             : 
     230          22 :     if (superuser == TRI_YES)
     231             :     {
     232             :         /* Not much point in trying to restrict a superuser */
     233          14 :         createdb = TRI_YES;
     234          14 :         createrole = TRI_YES;
     235             :     }
     236             : 
     237          22 :     if (createdb == 0)
     238             :     {
     239           8 :         if (interactive && yesno_prompt("Shall the new role be allowed to create databases?"))
     240           0 :             createdb = TRI_YES;
     241             :         else
     242           8 :             createdb = TRI_NO;
     243             :     }
     244             : 
     245          22 :     if (createrole == 0)
     246             :     {
     247           6 :         if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?"))
     248           0 :             createrole = TRI_YES;
     249             :         else
     250           6 :             createrole = TRI_NO;
     251             :     }
     252             : 
     253          22 :     if (inherit == 0)
     254          22 :         inherit = TRI_YES;
     255             : 
     256          22 :     if (login == 0)
     257          20 :         login = TRI_YES;
     258             : 
     259          22 :     conn = connectDatabase("postgres", host, port, username, prompt_password,
     260             :                            progname, echo, false, false);
     261             : 
     262          22 :     initPQExpBuffer(&sql);
     263             : 
     264          22 :     printfPQExpBuffer(&sql, "CREATE ROLE %s", fmtId(newuser));
     265          22 :     if (newpassword)
     266             :     {
     267             :         char       *encrypted_password;
     268             : 
     269           0 :         appendPQExpBufferStr(&sql, " PASSWORD ");
     270             : 
     271           0 :         encrypted_password = PQencryptPasswordConn(conn,
     272             :                                                    newpassword,
     273             :                                                    newuser,
     274             :                                                    NULL);
     275           0 :         if (!encrypted_password)
     276             :         {
     277           0 :             pg_log_error("password encryption failed: %s",
     278             :                          PQerrorMessage(conn));
     279           0 :             exit(1);
     280             :         }
     281           0 :         appendStringLiteralConn(&sql, encrypted_password, conn);
     282           0 :         PQfreemem(encrypted_password);
     283             :     }
     284          22 :     if (superuser == TRI_YES)
     285          14 :         appendPQExpBufferStr(&sql, " SUPERUSER");
     286          22 :     if (superuser == TRI_NO)
     287           8 :         appendPQExpBufferStr(&sql, " NOSUPERUSER");
     288          22 :     if (createdb == TRI_YES)
     289          14 :         appendPQExpBufferStr(&sql, " CREATEDB");
     290          22 :     if (createdb == TRI_NO)
     291           8 :         appendPQExpBufferStr(&sql, " NOCREATEDB");
     292          22 :     if (createrole == TRI_YES)
     293          16 :         appendPQExpBufferStr(&sql, " CREATEROLE");
     294          22 :     if (createrole == TRI_NO)
     295           6 :         appendPQExpBufferStr(&sql, " NOCREATEROLE");
     296          22 :     if (inherit == TRI_YES)
     297          22 :         appendPQExpBufferStr(&sql, " INHERIT");
     298          22 :     if (inherit == TRI_NO)
     299           0 :         appendPQExpBufferStr(&sql, " NOINHERIT");
     300          22 :     if (login == TRI_YES)
     301          20 :         appendPQExpBufferStr(&sql, " LOGIN");
     302          22 :     if (login == TRI_NO)
     303           2 :         appendPQExpBufferStr(&sql, " NOLOGIN");
     304          22 :     if (replication == TRI_YES)
     305           0 :         appendPQExpBufferStr(&sql, " REPLICATION");
     306          22 :     if (replication == TRI_NO)
     307           0 :         appendPQExpBufferStr(&sql, " NOREPLICATION");
     308          22 :     if (conn_limit >= -1)
     309           0 :         appendPQExpBuffer(&sql, " CONNECTION LIMIT %d", conn_limit);
     310          22 :     if (roles.head != NULL)
     311             :     {
     312             :         SimpleStringListCell *cell;
     313             : 
     314           0 :         appendPQExpBufferStr(&sql, " IN ROLE ");
     315             : 
     316           0 :         for (cell = roles.head; cell; cell = cell->next)
     317             :         {
     318           0 :             if (cell->next)
     319           0 :                 appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
     320             :             else
     321           0 :                 appendPQExpBufferStr(&sql, fmtId(cell->val));
     322             :         }
     323             :     }
     324          22 :     appendPQExpBufferChar(&sql, ';');
     325             : 
     326          22 :     if (echo)
     327           0 :         printf("%s\n", sql.data);
     328          22 :     result = PQexec(conn, sql.data);
     329             : 
     330          22 :     if (PQresultStatus(result) != PGRES_COMMAND_OK)
     331             :     {
     332           2 :         pg_log_error("creation of new role failed: %s", PQerrorMessage(conn));
     333           2 :         PQfinish(conn);
     334           2 :         exit(1);
     335             :     }
     336             : 
     337          20 :     PQclear(result);
     338          20 :     PQfinish(conn);
     339          20 :     exit(0);
     340             : }
     341             : 
     342             : 
     343             : static void
     344           2 : help(const char *progname)
     345             : {
     346           2 :     printf(_("%s creates a new PostgreSQL role.\n\n"), progname);
     347           2 :     printf(_("Usage:\n"));
     348           2 :     printf(_("  %s [OPTION]... [ROLENAME]\n"), progname);
     349           2 :     printf(_("\nOptions:\n"));
     350           2 :     printf(_("  -c, --connection-limit=N  connection limit for role (default: no limit)\n"));
     351           2 :     printf(_("  -d, --createdb            role can create new databases\n"));
     352           2 :     printf(_("  -D, --no-createdb         role cannot create databases (default)\n"));
     353           2 :     printf(_("  -e, --echo                show the commands being sent to the server\n"));
     354           2 :     printf(_("  -g, --role=ROLE           new role will be a member of this role\n"));
     355           2 :     printf(_("  -i, --inherit             role inherits privileges of roles it is a\n"
     356             :              "                            member of (default)\n"));
     357           2 :     printf(_("  -I, --no-inherit          role does not inherit privileges\n"));
     358           2 :     printf(_("  -l, --login               role can login (default)\n"));
     359           2 :     printf(_("  -L, --no-login            role cannot login\n"));
     360           2 :     printf(_("  -P, --pwprompt            assign a password to new role\n"));
     361           2 :     printf(_("  -r, --createrole          role can create new roles\n"));
     362           2 :     printf(_("  -R, --no-createrole       role cannot create roles (default)\n"));
     363           2 :     printf(_("  -s, --superuser           role will be superuser\n"));
     364           2 :     printf(_("  -S, --no-superuser        role will not be superuser (default)\n"));
     365           2 :     printf(_("  -V, --version             output version information, then exit\n"));
     366           2 :     printf(_("  --interactive             prompt for missing role name and attributes rather\n"
     367             :              "                            than using defaults\n"));
     368           2 :     printf(_("  --replication             role can initiate replication\n"));
     369           2 :     printf(_("  --no-replication          role cannot initiate replication\n"));
     370           2 :     printf(_("  -?, --help                show this help, then exit\n"));
     371           2 :     printf(_("\nConnection options:\n"));
     372           2 :     printf(_("  -h, --host=HOSTNAME       database server host or socket directory\n"));
     373           2 :     printf(_("  -p, --port=PORT           database server port\n"));
     374           2 :     printf(_("  -U, --username=USERNAME   user name to connect as (not the one to create)\n"));
     375           2 :     printf(_("  -w, --no-password         never prompt for password\n"));
     376           2 :     printf(_("  -W, --password            force password prompt\n"));
     377           2 :     printf(_("\nReport bugs to <%s>.\n"), PACKAGE_BUGREPORT);
     378           2 :     printf(_("%s home page: <%s>\n"), PACKAGE_NAME, PACKAGE_URL);
     379           2 : }

Generated by: LCOV version 1.13