@@ -55,6 +55,8 @@ static void AddRoleMems(const char *rolename, Oid roleid,
5555static void DelRoleMems (const char * rolename , Oid roleid ,
5656 List * memberSpecs , List * memberIds ,
5757 bool admin_opt );
58+ static char * encrypt_password (char * passwd , char * rolname ,
59+ int passwd_type );
5860
5961
6062/* Check if current user has createrole privileges */
@@ -64,6 +66,49 @@ have_createrole_privilege(void)
6466 return has_createrole_privilege (GetUserId ());
6567}
6668
69+ /*
70+ * Encrypt a password if necessary for insertion in pg_authid.
71+ *
72+ * If a password is found as already MD5-encrypted, no error is raised
73+ * to ease the dump and reload of such data. Returns a palloc'ed string
74+ * holding the encrypted password if any transformation on the input
75+ * string has been done.
76+ */
77+ static char *
78+ encrypt_password (char * password , char * rolname , int passwd_type )
79+ {
80+ char * res ;
81+
82+ Assert (password != NULL );
83+
84+ /*
85+ * If a password is already identified as MD5-encrypted, it is used
86+ * as such. If the password given is not encrypted, adapt it depending
87+ * on the type wanted by the caller of this routine.
88+ */
89+ if (isMD5 (password ))
90+ res = password ;
91+ else
92+ {
93+ switch (passwd_type )
94+ {
95+ case PASSWORD_TYPE_PLAINTEXT :
96+ res = password ;
97+ break ;
98+ case PASSWORD_TYPE_MD5 :
99+ res = (char * ) palloc (MD5_PASSWD_LEN + 1 );
100+ if (!pg_md5_encrypt (password , rolname ,
101+ strlen (rolname ),
102+ res ))
103+ elog (ERROR , "password encryption failed" );
104+ break ;
105+ default :
106+ elog (ERROR , "incorrect password type" );
107+ }
108+ }
109+
110+ return res ;
111+ }
67112
68113/*
69114 * CREATE ROLE
@@ -81,7 +126,7 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
81126 ListCell * option ;
82127 char * password = NULL ; /* user password */
83128 int password_type = Password_encryption ;
84- char encrypted_password [ MD5_PASSWD_LEN + 1 ] ;
129+ char * encrypted_passwd ;
85130 bool issuper = false; /* Make the user a superuser? */
86131 bool inherit = true; /* Auto inherit privileges? */
87132 bool createrole = false; /* Can this user create roles? */
@@ -393,17 +438,12 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
393438
394439 if (password )
395440 {
396- if (password_type == PASSWORD_TYPE_PLAINTEXT || isMD5 (password ))
397- new_record [Anum_pg_authid_rolpassword - 1 ] =
398- CStringGetTextDatum (password );
399- else
400- {
401- if (!pg_md5_encrypt (password , stmt -> role , strlen (stmt -> role ),
402- encrypted_password ))
403- elog (ERROR , "password encryption failed" );
404- new_record [Anum_pg_authid_rolpassword - 1 ] =
405- CStringGetTextDatum (encrypted_password );
406- }
441+ encrypted_passwd = encrypt_password (password ,
442+ stmt -> role ,
443+ password_type );
444+
445+ new_record [Anum_pg_authid_rolpassword - 1 ] =
446+ CStringGetTextDatum (encrypted_passwd );
407447 }
408448 else
409449 new_record_nulls [Anum_pg_authid_rolpassword - 1 ] = true;
@@ -506,7 +546,7 @@ AlterRole(AlterRoleStmt *stmt)
506546 char * rolename = NULL ;
507547 char * password = NULL ; /* user password */
508548 int password_type = Password_encryption ;
509- char encrypted_password [ MD5_PASSWD_LEN + 1 ] ;
549+ char * encrypted_passwd ;
510550 int issuper = -1 ; /* Make the user a superuser? */
511551 int inherit = -1 ; /* Auto inherit privileges? */
512552 int createrole = -1 ; /* Can this user create roles? */
@@ -804,17 +844,12 @@ AlterRole(AlterRoleStmt *stmt)
804844 /* password */
805845 if (password )
806846 {
807- if (password_type == PASSWORD_TYPE_PLAINTEXT || isMD5 (password ))
808- new_record [Anum_pg_authid_rolpassword - 1 ] =
809- CStringGetTextDatum (password );
810- else
811- {
812- if (!pg_md5_encrypt (password , rolename , strlen (rolename ),
813- encrypted_password ))
814- elog (ERROR , "password encryption failed" );
815- new_record [Anum_pg_authid_rolpassword - 1 ] =
816- CStringGetTextDatum (encrypted_password );
817- }
847+ encrypted_passwd = encrypt_password (password ,
848+ rolename ,
849+ password_type );
850+
851+ new_record [Anum_pg_authid_rolpassword - 1 ] =
852+ CStringGetTextDatum (encrypted_passwd );
818853 new_record_repl [Anum_pg_authid_rolpassword - 1 ] = true;
819854 }
820855
0 commit comments