Replace pg_shadow and pg_group by new role-capable catalogs pg_authid

and pg_auth_members. There are still many loose ends to finish in this patch (no documentation, no regression tests, no pg_dump support for instance). But I'm going to commit it now anyway so that Alvaro can make some progress on shared dependencies. The catalog changes should be pretty much done.
2025-07-24 14:22:24 +03:00 · 2005-06-28 05:09:14 +00:00
parent 977530d8da
commit 7762619e95
96 changed files with 3338 additions and 3240 deletions
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@ -9,7 +9,7 @@
 * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.62 2005/02/20 04:45:57 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.63 2005/06/28 05:08:56 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -29,7 +29,7 @@


 int
-md5_crypt_verify(const Port *port, const char *user, char *client_pass)
+md5_crypt_verify(const Port *port, const char *role, char *client_pass)
 {
 	char	   *shadow_pass = NULL,
 			   *valuntil = NULL,
@ -39,13 +39,11 @@ md5_crypt_verify(const Port *port, const char *user, char *client_pass)
 	ListCell   *token;
 	char	   *crypt_client_pass = client_pass;

-	if ((line = get_user_line(user)) == NULL)
+	if ((line = get_role_line(role)) == NULL)
 		return STATUS_ERROR;

-	/* Skip over username and usesysid */
+	/* Skip over rolename */
 	token = list_head(*line);
-	if (token)
-		token = lnext(token);
 	if (token)
 		token = lnext(token);
 	if (token)
@ -146,17 +144,28 @@ md5_crypt_verify(const Port *port, const char *user, char *client_pass)
 		/*
 		 * Password OK, now check to be sure we are not past valuntil
 		 */
-		AbsoluteTime vuntil;
-
 		if (valuntil == NULL || *valuntil == '\0')
-			vuntil = INVALID_ABSTIME;
-		else
-			vuntil = DatumGetAbsoluteTime(DirectFunctionCall1(abstimein,
-											 CStringGetDatum(valuntil)));
-		if (vuntil != INVALID_ABSTIME && vuntil < GetCurrentAbsoluteTime())
-			retval = STATUS_ERROR;
-		else
 			retval = STATUS_OK;
+		else
+		{
+			TimestampTz vuntil;
+			AbsoluteTime sec;
+			int			usec;
+			TimestampTz curtime;
+
+			vuntil = DatumGetTimestampTz(DirectFunctionCall3(timestamptz_in,
+								CStringGetDatum(valuntil),
+								ObjectIdGetDatum(InvalidOid),
+								Int32GetDatum(-1)));
+
+			sec = GetCurrentAbsoluteTimeUsec(&usec);
+			curtime = AbsoluteTimeUsecToTimestampTz(sec, usec);
+
+			if (vuntil < curtime)
+				retval = STATUS_ERROR;
+			else
+				retval = STATUS_OK;
+		}
 	}

 	if (port->auth_method == uaMD5)