Skip to content

Commit ae93312

Browse files
committed
Apply 0006-Add-clause-PASSWORD-val-USING-protocol-to-CREATE-ALT.patch
1 parent 6e12e9d commit ae93312

File tree

4 files changed

+110
-7
lines changed

4 files changed

+110
-7
lines changed

doc/src/sgml/ref/alter_role.sgml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ ALTER ROLE <replaceable class="PARAMETER">role_specification</replaceable> [ WIT
3434
| BYPASSRLS | NOBYPASSRLS
3535
| CONNECTION LIMIT <replaceable class="PARAMETER">connlimit</replaceable>
3636
| [ ENCRYPTED | UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'
37+
| PASSWORD '<replaceable class="PARAMETER">password</replaceable>' USING '<replaceable class="PARAMETER">protocol</replaceable>'
3738
| VALID UNTIL '<replaceable class="PARAMETER">timestamp</replaceable>'
3839

3940
ALTER ROLE <replaceable class="PARAMETER">name</replaceable> RENAME TO <replaceable>new_name</replaceable>
@@ -169,6 +170,7 @@ ALTER ROLE { <replaceable class="PARAMETER">role_specification</replaceable> | A
169170
<term><literal>NOBYPASSRLS</literal></term>
170171
<term><literal>CONNECTION LIMIT</literal> <replaceable class="parameter">connlimit</replaceable></term>
171172
<term><literal>PASSWORD</> <replaceable class="parameter">password</replaceable></term>
173+
<term><literal>PASSWORD</> <replaceable class="parameter">password</replaceable> USING <replaceable class="parameter">protocol</replaceable></term>
172174
<term><literal>ENCRYPTED</></term>
173175
<term><literal>UNENCRYPTED</></term>
174176
<term><literal>VALID UNTIL</literal> '<replaceable class="parameter">timestamp</replaceable>'</term>

doc/src/sgml/ref/create_role.sgml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ CREATE ROLE <replaceable class="PARAMETER">name</replaceable> [ [ WITH ] <replac
3434
| BYPASSRLS | NOBYPASSRLS
3535
| CONNECTION LIMIT <replaceable class="PARAMETER">connlimit</replaceable>
3636
| [ ENCRYPTED | UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'
37+
| PASSWORD '<replaceable class="PARAMETER">password</replaceable>' USING '<replaceable class="PARAMETER">protocol</replaceable>'
3738
| VALID UNTIL '<replaceable class="PARAMETER">timestamp</replaceable>'
3839
| IN ROLE <replaceable class="PARAMETER">role_name</replaceable> [, ...]
3940
| IN GROUP <replaceable class="PARAMETER">role_name</replaceable> [, ...]
@@ -244,6 +245,23 @@ CREATE ROLE <replaceable class="PARAMETER">name</replaceable> [ [ WITH ] <replac
244245
</listitem>
245246
</varlistentry>
246247

248+
<varlistentry>
249+
<term><literal>PASSWORD</> <replaceable class="parameter">password</replaceable> USING <replaceable class="parameter">protocol</replaceable></term>
250+
<listitem>
251+
<para>
252+
Sets the role's password using the requested protocol. (A password
253+
is only of use for roles having the <literal>LOGIN</literal>
254+
attribute, but you can nonetheless define one for roles without it.)
255+
If you do not plan to use password authentication you can omit this
256+
option. The protocols supported are <literal>md5</> to enforce
257+
a password to be MD5-encrypted, and <literal>plain</> to use an
258+
unencrypted password. If the password string is already in
259+
MD5-encrypted format, then it is stored encrypted even if
260+
<literal>plain</> is specified.
261+
</para>
262+
</listitem>
263+
</varlistentry>
264+
247265
<varlistentry>
248266
<term><literal>VALID UNTIL</literal> '<replaceable class="parameter">timestamp</replaceable>'</term>
249267
<listitem>

src/backend/commands/user.c

Lines changed: 83 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -175,18 +175,58 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
175175

176176
if (strcmp(defel->defname, "password") == 0 ||
177177
strcmp(defel->defname, "encryptedPassword") == 0 ||
178-
strcmp(defel->defname, "unencryptedPassword") == 0)
178+
strcmp(defel->defname, "unencryptedPassword") == 0 ||
179+
strcmp(defel->defname, "protocolPassword") == 0)
179180
{
180181
if (dpassword)
181182
ereport(ERROR,
182183
(errcode(ERRCODE_SYNTAX_ERROR),
183184
errmsg("conflicting or redundant options"),
184185
parser_errposition(pstate, defel->location)));
185186
dpassword = defel;
186-
if (strcmp(defel->defname, "encryptedPassword") == 0)
187+
if (strcmp(defel->defname, "password") == 0)
188+
{
189+
/*
190+
* Password type is enforced with GUC password_encryption
191+
* here.
192+
*/
193+
if (dpassword && dpassword->arg)
194+
password = strVal(dpassword->arg);
195+
}
196+
else if (strcmp(defel->defname, "encryptedPassword") == 0)
197+
{
187198
password_type = PASSWORD_TYPE_MD5;
199+
if (dpassword && dpassword->arg)
200+
password = strVal(dpassword->arg);
201+
}
188202
else if (strcmp(defel->defname, "unencryptedPassword") == 0)
203+
{
189204
password_type = PASSWORD_TYPE_PLAINTEXT;
205+
if (dpassword && dpassword->arg)
206+
password = strVal(dpassword->arg);
207+
}
208+
else if (strcmp(defel->defname, "protocolPassword") == 0)
209+
{
210+
/*
211+
* This is a list of two elements, the password is first and
212+
* then there is the protocol wanted by caller.
213+
*/
214+
if (dpassword && dpassword->arg)
215+
{
216+
char *protocol = strVal(lsecond((List *) dpassword->arg));
217+
218+
password = strVal(linitial((List *) dpassword->arg));
219+
220+
if (strcmp(protocol, "md5") == 0)
221+
password_type = PASSWORD_TYPE_MD5;
222+
else if (strcmp(protocol, "plain") == 0)
223+
password_type = PASSWORD_TYPE_PLAINTEXT;
224+
else
225+
ereport(ERROR,
226+
(errcode(ERRCODE_SYNTAX_ERROR),
227+
errmsg("unsupported password protocol %s", protocol)));
228+
}
229+
}
190230
}
191231
else if (strcmp(defel->defname, "sysid") == 0)
192232
{
@@ -306,8 +346,6 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
306346
defel->defname);
307347
}
308348

309-
if (dpassword && dpassword->arg)
310-
password = strVal(dpassword->arg);
311349
if (dissuper)
312350
issuper = intVal(dissuper->arg) != 0;
313351
if (dinherit)
@@ -582,17 +620,57 @@ AlterRole(AlterRoleStmt *stmt)
582620

583621
if (strcmp(defel->defname, "password") == 0 ||
584622
strcmp(defel->defname, "encryptedPassword") == 0 ||
623+
strcmp(defel->defname, "protocolPassword") == 0 ||
585624
strcmp(defel->defname, "unencryptedPassword") == 0)
586625
{
587626
if (dpassword)
588627
ereport(ERROR,
589628
(errcode(ERRCODE_SYNTAX_ERROR),
590629
errmsg("conflicting or redundant options")));
591630
dpassword = defel;
592-
if (strcmp(defel->defname, "encryptedPassword") == 0)
631+
if (strcmp(defel->defname, "password") == 0)
632+
{
633+
/*
634+
* Password type is enforced with GUC password_encryption
635+
* here.
636+
*/
637+
if (dpassword && dpassword->arg)
638+
password = strVal(dpassword->arg);
639+
}
640+
else if (strcmp(defel->defname, "encryptedPassword") == 0)
641+
{
593642
password_type = PASSWORD_TYPE_MD5;
643+
if (dpassword && dpassword->arg)
644+
password = strVal(dpassword->arg);
645+
}
594646
else if (strcmp(defel->defname, "unencryptedPassword") == 0)
647+
{
595648
password_type = PASSWORD_TYPE_PLAINTEXT;
649+
if (dpassword && dpassword->arg)
650+
password = strVal(dpassword->arg);
651+
}
652+
else if (strcmp(defel->defname, "protocolPassword") == 0)
653+
{
654+
/*
655+
* This is a list of two elements, the password is first and
656+
* then there is the protocol wanted by caller.
657+
*/
658+
if (dpassword && dpassword->arg)
659+
{
660+
char *protocol = strVal(lsecond((List *) dpassword->arg));
661+
662+
if (strcmp(protocol, "md5") == 0)
663+
password_type = PASSWORD_TYPE_MD5;
664+
else if (strcmp(protocol, "plain") == 0)
665+
password_type = PASSWORD_TYPE_PLAINTEXT;
666+
else
667+
ereport(ERROR,
668+
(errcode(ERRCODE_SYNTAX_ERROR),
669+
errmsg("unsupported password protocol %s", protocol)));
670+
671+
password = strVal(linitial((List *) dpassword->arg));
672+
}
673+
}
596674
}
597675
else if (strcmp(defel->defname, "superuser") == 0)
598676
{
@@ -680,8 +758,6 @@ AlterRole(AlterRoleStmt *stmt)
680758
defel->defname);
681759
}
682760

683-
if (dpassword && dpassword->arg)
684-
password = strVal(dpassword->arg);
685761
if (dissuper)
686762
issuper = intVal(dissuper->arg);
687763
if (dinherit)

src/backend/parser/gram.y

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -934,6 +934,13 @@ AlterOptRoleElem:
934934
{
935935
$$ = makeDefElem("password", NULL, @1);
936936
}
937+
| PASSWORD Sconst USING Sconst
938+
{
939+
$$ = makeDefElem("protocolPassword",
940+
(Node *)list_make2(makeString($2),
941+
makeString($4)),
942+
@1);
943+
}
937944
| ENCRYPTED PASSWORD Sconst
938945
{
939946
$$ = makeDefElem("encryptedPassword",

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy