@@ -55,6 +55,8 @@ static void AddRoleMems(const char *rolename, Oid roleid,
5555static void DelRoleMems (const char * rolename , Oid roleid ,
5656 List * memberSpecs , List * memberIds ,
5757 bool admin_opt );
58+ static char * encrypt_password (char * passwd , char * rolname ,
59+ int passwd_type );
5860
5961
6062/* Check if current user has createrole privileges */
@@ -64,6 +66,48 @@ have_createrole_privilege(void)
6466 return has_createrole_privilege (GetUserId ());
6567}
6668
69+ /*
70+ * Encrypt a password if necessary for insertion in pg_authid.
71+ *
72+ * If a password is found as already MD5-encrypted, no error is raised
73+ * to ease the dump and reload of such data. Returns a palloc'ed string
74+ * holding the encrypted password.
75+ */
76+ static char *
77+ encrypt_password (char * password , char * rolname , int passwd_type )
78+ {
79+ char * res ;
80+
81+ Assert (password != NULL );
82+
83+ /*
84+ * If a password is already identified as MD5-encrypted, it is used
85+ * as such. If the password given is not encrypted, adapt it depending
86+ * on the type wanted by the caller of this routine.
87+ */
88+ if (isMD5 (password ))
89+ res = pstrdup (password );
90+ else
91+ {
92+ switch (passwd_type )
93+ {
94+ case PASSWORD_TYPE_PLAINTEXT :
95+ res = pstrdup (password );
96+ break ;
97+ case PASSWORD_TYPE_MD5 :
98+ res = (char * ) palloc (MD5_PASSWD_LEN + 1 );
99+ if (!pg_md5_encrypt (password , rolname ,
100+ strlen (rolname ),
101+ res ))
102+ elog (ERROR , "password encryption failed" );
103+ break ;
104+ default :
105+ Assert (0 ); /* should not come here */
106+ }
107+ }
108+
109+ return res ;
110+ }
67111
68112/*
69113 * CREATE ROLE
@@ -81,7 +125,7 @@ CreateRole(CreateRoleStmt *stmt)
81125 ListCell * option ;
82126 char * password = NULL ; /* user password */
83127 int password_type = Password_encryption ;
84- char encrypted_password [ MD5_PASSWD_LEN + 1 ] ;
128+ char * encrypted_passwd ;
85129 bool issuper = false; /* Make the user a superuser? */
86130 bool inherit = true; /* Auto inherit privileges? */
87131 bool createrole = false; /* Can this user create roles? */
@@ -380,17 +424,13 @@ CreateRole(CreateRoleStmt *stmt)
380424
381425 if (password )
382426 {
383- if (password_type == PASSWORD_TYPE_PLAINTEXT || isMD5 (password ))
384- new_record [Anum_pg_authid_rolpassword - 1 ] =
385- CStringGetTextDatum (password );
386- else
387- {
388- if (!pg_md5_encrypt (password , stmt -> role , strlen (stmt -> role ),
389- encrypted_password ))
390- elog (ERROR , "password encryption failed" );
391- new_record [Anum_pg_authid_rolpassword - 1 ] =
392- CStringGetTextDatum (encrypted_password );
393- }
427+ encrypted_passwd = encrypt_password (password ,
428+ stmt -> role ,
429+ password_type );
430+
431+ new_record [Anum_pg_authid_rolpassword - 1 ] =
432+ CStringGetTextDatum (encrypted_passwd );
433+ pfree (encrypted_passwd );
394434 }
395435 else
396436 new_record_nulls [Anum_pg_authid_rolpassword - 1 ] = true;
@@ -493,7 +533,7 @@ AlterRole(AlterRoleStmt *stmt)
493533 char * rolename = NULL ;
494534 char * password = NULL ; /* user password */
495535 int password_type = Password_encryption ;
496- char encrypted_password [ MD5_PASSWD_LEN + 1 ] ;
536+ char * encrypted_passwd ;
497537 int issuper = -1 ; /* Make the user a superuser? */
498538 int inherit = -1 ; /* Auto inherit privileges? */
499539 int createrole = -1 ; /* Can this user create roles? */
@@ -791,18 +831,14 @@ AlterRole(AlterRoleStmt *stmt)
791831 /* password */
792832 if (password )
793833 {
794- if (password_type == PASSWORD_TYPE_PLAINTEXT || isMD5 (password ))
795- new_record [Anum_pg_authid_rolpassword - 1 ] =
796- CStringGetTextDatum (password );
797- else
798- {
799- if (!pg_md5_encrypt (password , rolename , strlen (rolename ),
800- encrypted_password ))
801- elog (ERROR , "password encryption failed" );
802- new_record [Anum_pg_authid_rolpassword - 1 ] =
803- CStringGetTextDatum (encrypted_password );
804- }
834+ encrypted_passwd = encrypt_password (password ,
835+ rolename ,
836+ password_type );
837+
838+ new_record [Anum_pg_authid_rolpassword - 1 ] =
839+ CStringGetTextDatum (encrypted_passwd );
805840 new_record_repl [Anum_pg_authid_rolpassword - 1 ] = true;
841+ pfree (encrypted_passwd );
806842 }
807843
808844 /* unset password */
0 commit comments