database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-12 21:01:52 +03:00
Code Activity

* User management commands no longer user pg_exec_query_dest -> more robust

Browse Source 
* Let unprivileged users change their own passwords.

* The password is now an Sconst in the parser, which better reflects its text datatype and also
forces users to quote them.

* If your password is NULL you won't be written to the password file, meaning you can't connect
until you have a password set up (if you use password authentication).

* When you drop a user that owns a database you get an error. The database is not gone.
This commit is contained in:
Peter Eisentraut
2000-01-14 22:11:38 +00:00
parent 2af360ed1c
commit 4ceb2d0cb6
18 changed files with 1153 additions and 781 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/backend/commands/copy.c
View File

@ -6,7 +6,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.94 1999/12/16 22:19:41 wieck Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.95 2000/01/14 22:11:33 petere Exp $
*
*-------------------------------------------------------------------------
*/
@ -97,7 +97,11 @@ CopySendData(void *databuf, int datasize, FILE *fp)
fe_eof = true;
}
else
{
fwrite(databuf, datasize, 1, fp);
if (ferror(fp))
elog(ERROR, "CopySendData: %s", strerror(errno));
}
}
static void
@ -219,7 +223,7 @@ CopyDonePeek(FILE *fp, int c, int pickup)
void
DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
char *filename, char *delim, char *null_print, int fileumask)
char *filename, char *delim, char *null_print)
{
/*----------------------------------------------------------------------------
Either unload or reload contents of class <relname>, depending on <from>.
@ -235,11 +239,6 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
If in the text format, delimit columns with delimiter <delim> and print
NULL values as <null_print>.
<fileumask> is the umask(2) setting to use while creating an output file.
This should usually be more liberal than the backend's normal 077 umask,
but not always (in particular, "pg_pwd" should be written with 077!).
Up through version 6.5, <fileumask> was always 000, which was foolhardy.
When loading in the text format from an input stream (as opposed to
a file), recognize a "." on a line by itself as EOF. Also recognize
a stream EOF. When unloading in the text format to an output stream,
@ -272,12 +271,11 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
result = pg_aclcheck(relname, UserName, required_access);
if (result != ACLCHECK_OK)
elog(ERROR, "%s: %s", relname, aclcheck_error_strings[result]);
else if (!pipe && !superuser())
if (!pipe && !superuser())
elog(ERROR, "You must have Postgres superuser privilege to do a COPY "
"directly to or from a file. Anyone can COPY to stdout or "
"from stdin. Psql's \\copy command also works for anyone.");
else
{
if (from)
{ /* copy from file to database */
if (rel->rd_rel->relkind == RELKIND_SEQUENCE)
@ -324,7 +322,7 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
{
mode_t oumask; /* Pre-existing umask value */
oumask = umask((mode_t) fileumask);
oumask = umask((mode_t) 022);
#ifndef __CYGWIN32__
fp = AllocateFile(filename, "w");
#else
@ -350,7 +348,6 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
if (IsUnderPostmaster)
pq_endcopyout(false);
}
}
/*
* Close the relation. If reading, we can release the AccessShareLock

941
src/backend/commands/user.c
View File

File diff suppressed because it is too large Load Diff

94
src/backend/parser/gram.y
View File

@ -10,7 +10,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.124 2000/01/13 18:26:07 petere Exp $
* $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.125 2000/01/14 22:11:34 petere Exp $
*
* HISTORY
* AUTHOR DATE MAJOR EVENT
@ -90,7 +90,6 @@ static Node *doNegate(Node *n);
char chr;
char *str;
bool boolean;
bool* pboolean; /* for pg_shadow privileges */
List *list;
Node *node;
Value *value;
@ -137,11 +136,11 @@ static Node *doNegate(Node *n);
%type <ival> opt_lock, lock_type
%type <boolean> opt_lmode
%type <pboolean> user_createdb_clause, user_createuser_clause
%type <ival> user_createdb_clause, user_createuser_clause
%type <str> user_passwd_clause
%type <ival> sysid_clause
%type <str> user_valid_clause
%type <list> user_group_list, user_group_clause, users_in_new_group_clause
%type <list> user_list, user_group_clause, users_in_new_group_clause
%type <boolean> TriggerActionTime, TriggerForSpec, PLangTrusted
@ -459,8 +458,8 @@ CreateUserStmt: CREATE USER UserId
n->user = $3;
n->sysid = -1;
n->password = NULL;
n->createdb = $4;
n->createuser = $5;
n->createdb = $4 == +1 ? true : false;
n->createuser = $5 == +1 ? true : false;
n->groupElts = $6;
n->validUntil = $7;
$$ = (Node *)n;
@ -473,8 +472,8 @@ CreateUserStmt: CREATE USER UserId
n->user = $3;
n->sysid = $5;
n->password = $6;
n->createdb = $7;
n->createuser = $8;
n->createdb = $7 == +1 ? true : false;
n->createuser = $8 == +1 ? true : false;
n->groupElts = $9;
n->validUntil = $10;
$$ = (Node *)n;
@ -489,30 +488,26 @@ CreateUserStmt: CREATE USER UserId
*****************************************************************************/
AlterUserStmt: ALTER USER UserId user_createdb_clause
user_createuser_clause user_group_clause user_valid_clause
user_createuser_clause user_valid_clause
{
AlterUserStmt *n = makeNode(AlterUserStmt);
n->user = $3;
n->sysid = -1;
n->password = NULL;
n->createdb = $4;
n->createuser = $5;
n->groupElts = $6;
n->validUntil = $7;
n->validUntil = $6;
$$ = (Node *)n;
}
| ALTER USER UserId WITH sysid_clause user_passwd_clause
| ALTER USER UserId WITH PASSWORD Sconst
user_createdb_clause
user_createuser_clause user_group_clause user_valid_clause
user_createuser_clause user_valid_clause
{
AlterUserStmt *n = makeNode(AlterUserStmt);
n->user = $3;
n->sysid = $5;
n->password = $6;
n->createdb = $7;
n->createuser = $8;
n->groupElts = $9;
n->validUntil = $10;
n->validUntil = $9;
$$ = (Node *)n;
}
;
@ -524,53 +519,38 @@ AlterUserStmt: ALTER USER UserId user_createdb_clause
*
*****************************************************************************/
DropUserStmt: DROP USER UserId
DropUserStmt: DROP USER user_list
{
DropUserStmt *n = makeNode(DropUserStmt);
n->user = $3;
n->users = $3;
$$ = (Node *)n;
}
;
user_passwd_clause: PASSWORD UserId { $$ = $2; }
user_passwd_clause: PASSWORD Sconst { $$ = $2; }
| /*EMPTY*/ { $$ = NULL; }
;
sysid_clause: SYSID Iconst { $$ = $2; }
sysid_clause: SYSID Iconst
{
if ($2 <= 0)
elog(ERROR, "sysid must be positive");
$$ = $2;
}
| /*EMPTY*/ { $$ = -1; }
;
user_createdb_clause: CREATEDB
{
bool* b;
$$ = (b = (bool*)palloc(sizeof(bool)));
*b = true;
}
| NOCREATEDB
{
bool* b;
$$ = (b = (bool*)palloc(sizeof(bool)));
*b = false;
}
| /*EMPTY*/ { $$ = NULL; }
user_createdb_clause: CREATEDB { $$ = +1; }
| NOCREATEDB { $$ = -1; }
| /*EMPTY*/ { $$ = 0; }
;
user_createuser_clause: CREATEUSER
{
bool* b;
$$ = (b = (bool*)palloc(sizeof(bool)));
*b = true;
}
| NOCREATEUSER
{
bool* b;
$$ = (b = (bool*)palloc(sizeof(bool)));
*b = false;
}
| /*EMPTY*/ { $$ = NULL; }
user_createuser_clause: CREATEUSER { $$ = +1; }
| NOCREATEUSER { $$ = -1; }
| /*EMPTY*/ { $$ = 0; }
;
user_group_list: user_group_list ',' UserId
user_list: user_list ',' UserId
{
$$ = lcons((void*)makeString($3), $1);
}
@ -580,7 +560,7 @@ user_group_list: user_group_list ',' UserId
}
;
user_group_clause: IN GROUP user_group_list { $$ = $3; }
user_group_clause: IN GROUP user_list { $$ = $3; }
| /*EMPTY*/ { $$ = NULL; }
;
@ -615,7 +595,7 @@ CreateGroupStmt: CREATE GROUP UserId
}
;
users_in_new_group_clause: USER user_group_list { $$ = $2; }
users_in_new_group_clause: USER user_list { $$ = $2; }
| /* EMPTY */ { $$ = NULL; }
;
@ -626,17 +606,7 @@ users_in_new_group_clause: USER user_group_list { $$ = $2; }
*
*****************************************************************************/
AlterGroupStmt: ALTER GROUP UserId WITH SYSID Iconst
{
AlterGroupStmt *n = makeNode(AlterGroupStmt);
n->name = $3;
n->sysid = $6;
n->action = 0;
n->listUsers = NULL;
$$ = (Node *)n;
}
|
ALTER GROUP UserId ADD USER user_group_list
AlterGroupStmt: ALTER GROUP UserId ADD USER user_list
{
AlterGroupStmt *n = makeNode(AlterGroupStmt);
n->name = $3;
@ -646,7 +616,7 @@ AlterGroupStmt: ALTER GROUP UserId WITH SYSID Iconst
$$ = (Node *)n;
}
|
ALTER GROUP UserId DROP USER user_group_list
ALTER GROUP UserId DROP USER user_list
{
AlterGroupStmt *n = makeNode(AlterGroupStmt);
n->name = $3;

20
src/backend/tcop/utility.c
View File

@ -9,7 +9,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.77 2000/01/13 18:26:10 petere Exp $
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.78 2000/01/14 22:11:35 petere Exp $
*
*-------------------------------------------------------------------------
*/
@ -266,11 +266,7 @@ ProcessUtility(Node *parsetree,
*/
stmt->filename,
stmt->delimiter,
stmt->null_print,
/*
* specify 022 umask while writing files with COPY.
*/
0022);
stmt->null_print);
}
break;
@ -775,21 +771,21 @@ ProcessUtility(Node *parsetree,
PS_SET_STATUS(commandTag = "CREATE USER");
CHECK_IF_ABORTED();
DefineUser((CreateUserStmt *) parsetree, dest);
CreateUser((CreateUserStmt *) parsetree);
break;
case T_AlterUserStmt:
PS_SET_STATUS(commandTag = "ALTER USER");
CHECK_IF_ABORTED();
AlterUser((AlterUserStmt *) parsetree, dest);
AlterUser((AlterUserStmt *) parsetree);
break;
case T_DropUserStmt:
PS_SET_STATUS(commandTag = "DROP USER");
CHECK_IF_ABORTED();
RemoveUser(((DropUserStmt *) parsetree)->user, dest);
DropUser((DropUserStmt *) parsetree);
break;
case T_LockStmt:
@ -810,21 +806,21 @@ ProcessUtility(Node *parsetree,
PS_SET_STATUS(commandTag = "CREATE GROUP");
CHECK_IF_ABORTED();
CreateGroup((CreateGroupStmt *) parsetree, dest);
CreateGroup((CreateGroupStmt *) parsetree);
break;
case T_AlterGroupStmt:
PS_SET_STATUS(commandTag = "ALTER GROUP");
CHECK_IF_ABORTED();
AlterGroup((AlterGroupStmt *) parsetree, dest);
AlterGroup((AlterGroupStmt *) parsetree, "ALTER GROUP");
break;
case T_DropGroupStmt:
PS_SET_STATUS(commandTag = "DROP GROUP");
CHECK_IF_ABORTED();
DropGroup((DropGroupStmt *) parsetree, dest);
DropGroup((DropGroupStmt *) parsetree);
break;
/*

7
src/backend/utils/misc/superuser.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/misc/superuser.c,v 1.12 1999/11/24 16:52:45 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/misc/superuser.c,v 1.13 2000/01/14 22:11:36 petere Exp $
*
* DESCRIPTION
* See superuser().
@ -18,6 +18,7 @@
#include "postgres.h"
#include "catalog/pg_shadow.h"
#include "utils/syscache.h"
#include "miscadmin.h"
bool
superuser(void)
@ -26,12 +27,10 @@ superuser(void)
The Postgres user running this command has Postgres superuser
privileges.
--------------------------------------------------------------------------*/
extern char *UserName; /* defined in global.c */
HeapTuple utup;
utup = SearchSysCacheTuple(SHADOWNAME,
PointerGetDatum(UserName),
PointerGetDatum(GetPgUserName()),
0, 0, 0);
Assert(utup != NULL);
return ((Form_pg_shadow) GETSTRUCT(utup))->usesuper;

4
src/bin/scripts/createuser
View File

@ -8,7 +8,7 @@
#
#
# IDENTIFICATION
# $Header: /cvsroot/pgsql/src/bin/scripts/Attic/createuser,v 1.5 2000/01/12 19:36:36 petere Exp $
# $Header: /cvsroot/pgsql/src/bin/scripts/Attic/createuser,v 1.6 2000/01/14 22:11:36 petere Exp $
#
# Note - this should NOT be setuid.
#
@ -193,7 +193,7 @@ QUERY="CREATE USER \"$NewUser\""
SUBQUERY=
[ "$SysID" ] && SUBQUERY="$SUBQUERY SYSID $SysID"
[ "$Password" ] && SUBQUERY="$SUBQUERY PASSWORD \"$Password\""
[ "$Password" ] && SUBQUERY="$SUBQUERY PASSWORD '$Password'"
[ "$SUBQUERY" ] && QUERY="$QUERY WITH $SUBQUERY"
[ "$CanCreateDb" = t ] && QUERY="$QUERY CREATEDB"

4
src/include/commands/copy.h
View File

@ -6,7 +6,7 @@
*
* Copyright (c) 1994, Regents of the University of California
*
* $Id: copy.h,v 1.7 1999/12/14 00:08:19 momjian Exp $
* $Id: copy.h,v 1.8 2000/01/14 22:11:37 petere Exp $
*
*-------------------------------------------------------------------------
*/
@ -15,6 +15,6 @@
void DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
char *filename, char *delim, char *null_print, int fileumask);
char *filename, char *delim, char *null_print);
#endif /* COPY_H */

14
src/include/commands/user.h
View File

@ -11,15 +11,15 @@
#define USER_H
#include "nodes/parsenodes.h"
#include "tcop/dest.h"
#include "access/htup.h"
extern void DefineUser(CreateUserStmt *stmt, CommandDest);
extern void AlterUser(AlterUserStmt *stmt, CommandDest);
extern void RemoveUser(char *user, CommandDest);
extern void CreateUser(CreateUserStmt *stmt);
extern void AlterUser(AlterUserStmt *stmt);
extern void DropUser(DropUserStmt *stmt);
extern void CreateGroup(CreateGroupStmt *stmt, CommandDest dest);
extern void AlterGroup(AlterGroupStmt *stmt, CommandDest dest);
extern void DropGroup(DropGroupStmt *stmt, CommandDest dest);
extern void CreateGroup(CreateGroupStmt *stmt);
extern void AlterGroup(AlterGroupStmt *stmt, const char * tag);
extern void DropGroup(DropGroupStmt *stmt);
extern HeapTuple update_pg_pwd(void);

20
src/include/nodes/parsenodes.h
View File

@ -6,7 +6,7 @@
*
* Copyright (c) 1994, Regents of the University of California
*
* $Id: parsenodes.h,v 1.92 1999/12/16 17:24:19 momjian Exp $
* $Id: parsenodes.h,v 1.93 2000/01/14 22:11:38 petere Exp $
*
*-------------------------------------------------------------------------
*/
@ -270,18 +270,26 @@ typedef struct CreateUserStmt
char *user; /* PostgreSQL user login */
char *password; /* PostgreSQL user password */
int sysid; /* PgSQL system id (-1 if don't care) */
bool *createdb; /* Can the user create databases? */
bool *createuser; /* Can this user create users? */
bool createdb; /* Can the user create databases? */
bool createuser; /* Can this user create users? */
List *groupElts; /* The groups the user is a member of */
char *validUntil; /* The time the login is valid until */
} CreateUserStmt;
typedef CreateUserStmt AlterUserStmt;
typedef struct AlterUserStmt
{
NodeTag type;
char *user; /* PostgreSQL user login */
char *password; /* PostgreSQL user password */
int createdb; /* Can the user create databases? */
int createuser; /* Can this user create users? */
char *validUntil; /* The time the login is valid until */
} AlterUserStmt;
typedef struct DropUserStmt
{
NodeTag type;
char *user; /* PostgreSQL user login */
List *users; /* List of users to remove */
} DropUserStmt;
@ -301,7 +309,7 @@ typedef struct AlterGroupStmt
{
NodeTag type;
char *name; /* name of group to alter */
int action; /* +1 = add, -1 = drop, 0 = other (HACK!) */
int action; /* +1 = add, -1 = drop user */
int sysid; /* sysid change */
List *listUsers; /* list of users to add/drop */
} AlterGroupStmt;