Update the createuser utility for the ROLEs world. Alvaro Herrera

2025-07-02 09:02:37 +03:00 · 2005-08-14 20:16:03 +00:00
parent e36de18191
commit 8ae0d476a9
2 changed files with 243 additions and 108 deletions
--- a/src/bin/scripts/createuser.c
+++ b/src/bin/scripts/createuser.c
@ -5,7 +5,7 @@
 * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/bin/scripts/createuser.c,v 1.17 2005/06/21 04:02:33 tgl Exp $
+ * $PostgreSQL: pgsql/src/bin/scripts/createuser.c,v 1.18 2005/08/14 20:16:03 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -30,9 +30,18 @@ main(int argc, char *argv[])
 		{"quiet", no_argument, NULL, 'q'},
 		{"createdb", no_argument, NULL, 'd'},
 		{"no-createdb", no_argument, NULL, 'D'},
+		{"superuser", no_argument, NULL, 's'},
+		{"no-superuser", no_argument, NULL, 'S'},
+		{"createrole", no_argument, NULL, 'r'},
+		{"no-createrole", no_argument, NULL, 'R'},
+		{"inherit", no_argument, NULL, 'i'},
+		{"no-inherit", no_argument, NULL, 'I'},
+		{"login", no_argument, NULL, 'l'},
+		{"no-login", no_argument, NULL, 'L'},
+		/* adduser is obsolete, undocumented spelling of superuser */
 		{"adduser", no_argument, NULL, 'a'},
 		{"no-adduser", no_argument, NULL, 'A'},
-		{"sysid", required_argument, NULL, 'i'},
+		{"conn-limit", required_argument, NULL, 'c'},
 		{"pwprompt", no_argument, NULL, 'P'},
 		{"encrypted", no_argument, NULL, 'E'},
 		{"unencrypted", no_argument, NULL, 'N'},
@ -51,8 +60,11 @@ main(int argc, char *argv[])
 	bool		echo = false;
 	bool		quiet = false;
 	int			createdb = 0;
-	int			adduser = 0;
-	char	   *sysid = NULL;
+	int			superuser = 0;
+	int			createrole = 0;
+	int			inherit = 0;
+	int			login = 0;
+	char	   *conn_limit = NULL;
 	bool		pwprompt = false;
 	int			encrypted = 0;	/* 0 uses server default */
 	char	   *newpassword = NULL;
@ -67,7 +79,8 @@ main(int argc, char *argv[])

 	handle_help_version_opts(argc, argv, "createuser", help);

-	while ((c = getopt_long(argc, argv, "h:p:U:WeqaAdDi:PEN", long_options, &optindex)) != -1)
+	while ((c = getopt_long(argc, argv, "h:p:U:WeqdDsSaArRiIlLc:PEN",
+							long_options, &optindex)) != -1)
 	{
 		switch (c)
 		{
@ -89,20 +102,40 @@ main(int argc, char *argv[])
 			case 'q':
 				quiet = true;
 				break;
-			case 'a':
-				adduser = +1;
-				break;
-			case 'A':
-				adduser = -1;
-				break;
 			case 'd':
 				createdb = +1;
 				break;
 			case 'D':
 				createdb = -1;
 				break;
+			case 's':
+			case 'a':
+				superuser = +1;
+				break;
+			case 'S':
+			case 'A':
+				superuser = -1;
+				break;
+			case 'r':
+				createrole = +1;
+				break;
+			case 'R':
+				createrole = -1;
+				break;
 			case 'i':
-				sysid = optarg;
+				inherit = +1;
+				break;
+			case 'I':
+				inherit = -1;
+				break;
+			case 'l':
+				login = +1;
+				break;
+			case 'L':
+				login = -1;
+				break;
+			case 'c':
+				conn_limit = optarg;
 				break;
 			case 'P':
 				pwprompt = true;
@ -133,26 +166,15 @@ main(int argc, char *argv[])
 			exit(1);
 	}

-	if (sysid)
-	{
-		char	   *endptr;
-
-		if (strtol(sysid, &endptr, 10) <= 0 || *endptr != '\0')
-		{
-			fprintf(stderr, _("%s: user ID must be a positive number\n"), progname);
-			exit(1);
-		}
-	}
-
 	if (newuser == NULL)
-		newuser = simple_prompt("Enter name of user to add: ", 128, true);
+		newuser = simple_prompt("Enter name of role to add: ", 128, true);

 	if (pwprompt)
 	{
 		char	   *pw1,
 				   *pw2;

-		pw1 = simple_prompt("Enter password for new user: ", 100, false);
+		pw1 = simple_prompt("Enter password for new role: ", 100, false);
 		pw2 = simple_prompt("Enter it again: ", 100, false);
 		if (strcmp(pw1, pw2) != 0)
 		{
@ -163,33 +185,61 @@ main(int argc, char *argv[])
 		free(pw2);
 	}

+	if (superuser == 0)
+	{
+		char	   *reply;
+
+		reply = simple_prompt("Shall the new role be a superuser? (y/n) ", 1, true);
+		if (check_yesno_response(reply) == 1)
+			superuser = +1;
+		else
+			superuser = -1;
+	}
+
+	if (superuser == +1)
+	{
+		/* Not much point in trying to restrict a superuser */
+		createdb = +1;
+		createrole = +1;
+	}
+
 	if (createdb == 0)
 	{
 		char	   *reply;

-		reply = simple_prompt("Shall the new user be allowed to create databases? (y/n) ", 1, true);
+		reply = simple_prompt("Shall the new role be allowed to create databases? (y/n) ", 1, true);
 		if (check_yesno_response(reply) == 1)
 			createdb = +1;
 		else
 			createdb = -1;
 	}

-	if (adduser == 0)
+	if (createrole == 0)
 	{
 		char	   *reply;

-		reply = simple_prompt("Shall the new user be allowed to create more new users? (y/n) ", 1, true);
+		reply = simple_prompt("Shall the new role be allowed to create more new roles? (y/n) ", 1, true);
 		if (check_yesno_response(reply) == 1)
-			adduser = +1;
+			createrole = +1;
 		else
-			adduser = -1;
+			createrole = -1;
+	}
+
+	if (inherit == 0)
+	{
+		/* silently default to YES */
+		inherit = +1;
+	}
+
+	if (login == 0)
+	{
+		/* silently default to YES */
+		login = +1;
 	}

 	initPQExpBuffer(&sql);

-	printfPQExpBuffer(&sql, "CREATE USER %s", fmtId(newuser));
-	if (sysid)
-		appendPQExpBuffer(&sql, " SYSID %s", sysid);
+	printfPQExpBuffer(&sql, "CREATE ROLE %s", fmtId(newuser));
 	if (newpassword)
 	{
 		if (encrypted == +1)
@ -199,14 +249,28 @@ main(int argc, char *argv[])
 		appendPQExpBuffer(&sql, " PASSWORD ");
 		appendStringLiteral(&sql, newpassword, false);
 	}
+	if (superuser == +1)
+		appendPQExpBuffer(&sql, " SUPERUSER");
+	if (superuser == -1)
+		appendPQExpBuffer(&sql, " NOSUPERUSER");
 	if (createdb == +1)
 		appendPQExpBuffer(&sql, " CREATEDB");
 	if (createdb == -1)
 		appendPQExpBuffer(&sql, " NOCREATEDB");
-	if (adduser == +1)
-		appendPQExpBuffer(&sql, " CREATEUSER");
-	if (adduser == -1)
-		appendPQExpBuffer(&sql, " NOCREATEUSER");
+	if (createrole == +1)
+		appendPQExpBuffer(&sql, " CREATEROLE");
+	if (createrole == -1)
+		appendPQExpBuffer(&sql, " NOCREATEROLE");
+	if (inherit == +1)
+		appendPQExpBuffer(&sql, " INHERIT");
+	if (inherit == -1)
+		appendPQExpBuffer(&sql, " NOINHERIT");
+	if (login == +1)
+		appendPQExpBuffer(&sql, " LOGIN");
+	if (login == -1)
+		appendPQExpBuffer(&sql, " NOLOGIN");
+	if (conn_limit != NULL)
+		appendPQExpBuffer(&sql, " CONNECTION LIMIT %s", conn_limit);
 	appendPQExpBuffer(&sql, ";\n");

 	conn = connectDatabase("postgres", host, port, username, password, progname);
@ -217,7 +281,7 @@ main(int argc, char *argv[])

 	if (PQresultStatus(result) != PGRES_COMMAND_OK)
 	{
-		fprintf(stderr, _("%s: creation of new user failed: %s"),
+		fprintf(stderr, _("%s: creation of new role failed: %s"),
 				progname, PQerrorMessage(conn));
 		PQfinish(conn);
 		exit(1);
@ -226,7 +290,7 @@ main(int argc, char *argv[])
 	PQfinish(conn);
 	if (!quiet)
 	{
-		puts("CREATE USER");
+		puts("CREATE ROLE");
 		fflush(stdout);
 	}
 	exit(0);
@ -236,18 +300,25 @@ main(int argc, char *argv[])
 static void
 help(const char *progname)
 {
-	printf(_("%s creates a new PostgreSQL user.\n\n"), progname);
+	printf(_("%s creates a new PostgreSQL role.\n\n"), progname);
 	printf(_("Usage:\n"));
 	printf(_("  %s [OPTION]... [USERNAME]\n"), progname);
 	printf(_("\nOptions:\n"));
-	printf(_("  -a, --adduser             user can add new users\n"));
-	printf(_("  -A, --no-adduser          user cannot add new users\n"));
-	printf(_("  -d, --createdb            user can create new databases\n"));
-	printf(_("  -D, --no-createdb         user cannot create databases\n"));
-	printf(_("  -P, --pwprompt            assign a password to new user\n"));
+	printf(_("  -s, --superuser           role will be superuser\n"));
+	printf(_("  -S, --no-superuser        role will not be superuser\n"));
+	printf(_("  -d, --createdb            role can create new databases\n"));
+	printf(_("  -D, --no-createdb         role cannot create databases\n"));
+	printf(_("  -r, --createrole          role can create new roles\n"));
+	printf(_("  -R, --no-createrole       role cannot create roles\n"));
+	printf(_("  -l, --login               role can login (default)\n"));
+	printf(_("  -L, --no-login            role cannot login\n"));
+	printf(_("  -i, --inherit             role inherits permissions of roles\n"));
+	printf(_("                            it is a member of (default)\n"));
+	printf(_("  -I, --no-inherit          role does not inherit permissions\n"));
+	printf(_("  -c, --conn-limit=N        max connections for role (default: no limit)\n"));
+	printf(_("  -P, --pwprompt            assign a password to new role\n"));
 	printf(_("  -E, --encrypted           encrypt stored password\n"));
 	printf(_("  -N, --unencrypted         do not encrypt stored password\n"));
-	printf(_("  -i, --sysid=SYSID         select sysid for new user\n"));
 	printf(_("  -e, --echo                show the commands being sent to the server\n"));
 	printf(_("  -q, --quiet               don't write any messages\n"));
 	printf(_("  --help                    show this help, then exit\n"));
@ -257,7 +328,7 @@ help(const char *progname)
 	printf(_("  -p, --port=PORT           database server port\n"));
 	printf(_("  -U, --username=USERNAME   user name to connect as (not the one to create)\n"));
 	printf(_("  -W, --password            prompt for password to connect\n"));
-	printf(_("\nIf one of -a, -A, -d, -D, and USERNAME is not specified, you will\n"
-			 "be prompted interactively.\n"));
+	printf(_("\nIf one of -s, -S, -d, -D, -r, -R and USERNAME is not specified,\n"
+			 "you will be prompted interactively.\n"));
 	printf(_("\nReport bugs to <pgsql-bugs@postgresql.org>.\n"));
 }