Skip to content

Commit 98b3c3c

Browse files
peterepetere
committed
Allow CREATE/ALTER ROLE PASSWORD NULL to allow restoring the default state
of having no password.
1 parent dcc7da8 commit 98b3c3c

File tree

3 files changed

+24
-10
lines changed

3 files changed

+24
-10
lines changed

doc/src/sgml/ref/create_role.sgml

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$PostgreSQL: pgsql/doc/src/sgml/ref/create_role.sgml,v 1.5 2005/12/18 02:17:16 petere Exp $
2+
$PostgreSQL: pgsql/doc/src/sgml/ref/create_role.sgml,v 1.6 2005/12/23 16:46:39 petere Exp $
33
PostgreSQL documentation
44
-->
55

@@ -188,10 +188,13 @@ where <replaceable class="PARAMETER">option</replaceable> can be:
188188
<listitem>
189189
<para>
190190
Sets the role's password. (A password is only of use for
191-
roles having the <literal>LOGIN</literal> attribute, but you can
192-
nonetheless define one for roles without it.)
193-
If you do not plan to use password
194-
authentication you can omit this option.
191+
roles having the <literal>LOGIN</literal> attribute, but you
192+
can nonetheless define one for roles without it.) If you do
193+
not plan to use password authentication you can omit this
194+
option. If no password is specified, the password will be set
195+
to null and password authentication will always fail for that
196+
user. A null password can optionally be written explicitly as
197+
<literal>PASSWORD NULL</literal>.
195198
</para>
196199
</listitem>
197200
</varlistentry>

src/backend/commands/user.c

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
* Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
77
* Portions Copyright (c) 1994, Regents of the University of California
88
*
9-
* $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.166 2005/11/22 18:17:09 momjian Exp $
9+
* $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.167 2005/12/23 16:46:39 petere Exp $
1010
*
1111
*-------------------------------------------------------------------------
1212
*/
@@ -225,7 +225,7 @@ CreateRole(CreateRoleStmt *stmt)
225225
defel->defname);
226226
}
227227

228-
if (dpassword)
228+
if (dpassword && dpassword->arg)
229229
password = strVal(dpassword->arg);
230230
if (dissuper)
231231
issuper = intVal(dissuper->arg) != 0;
@@ -517,7 +517,7 @@ AlterRole(AlterRoleStmt *stmt)
517517
defel->defname);
518518
}
519519

520-
if (dpassword)
520+
if (dpassword && dpassword->arg)
521521
password = strVal(dpassword->arg);
522522
if (dissuper)
523523
issuper = intVal(dissuper->arg);
@@ -573,7 +573,7 @@ AlterRole(AlterRoleStmt *stmt)
573573
!dconnlimit &&
574574
!rolemembers &&
575575
!validUntil &&
576-
password &&
576+
dpassword &&
577577
roleid == GetUserId()))
578578
ereport(ERROR,
579579
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
@@ -651,6 +651,13 @@ AlterRole(AlterRoleStmt *stmt)
651651
new_record_repl[Anum_pg_authid_rolpassword - 1] = 'r';
652652
}
653653

654+
/* unset password */
655+
if (dpassword && dpassword->arg == NULL)
656+
{
657+
new_record_repl[Anum_pg_authid_rolpassword - 1] = 'r';
658+
new_record_nulls[Anum_pg_authid_rolpassword - 1] = 'n';
659+
}
660+
654661
/* valid until */
655662
if (validUntil)
656663
{

src/backend/parser/gram.y

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*
1212
*
1313
* IDENTIFICATION
14-
* $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.517 2005/12/11 10:54:27 neilc Exp $
14+
* $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.518 2005/12/23 16:46:39 petere Exp $
1515
*
1616
* HISTORY
1717
* AUTHOR DATE MAJOR EVENT
@@ -616,6 +616,10 @@ OptRoleElem:
616616
$$ = makeDefElem("password",
617617
(Node *)makeString($2));
618618
}
619+
| PASSWORD NULL_P
620+
{
621+
$$ = makeDefElem("password", NULL);
622+
}
619623
| ENCRYPTED PASSWORD Sconst
620624
{
621625
$$ = makeDefElem("encryptedPassword",

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy