@@ -55,6 +55,8 @@ static void AddRoleMems(const char *rolename, Oid roleid,
5555static void DelRoleMems (const char * rolename ,Oid roleid ,
5656List * memberSpecs ,List * memberIds ,
5757bool admin_opt );
58+ static char * encrypt_password (char * passwd ,char * rolname ,
59+ int passwd_type );
5860
5961
6062/* Check if current user has createrole privileges */
@@ -64,6 +66,48 @@ have_createrole_privilege(void)
6466return has_createrole_privilege (GetUserId ());
6567}
6668
69+ /*
70+ * Encrypt a password if necessary for insertion in pg_authid.
71+ *
72+ * If a password is found as already MD5-encrypted, no error is raised
73+ * to ease the dump and reload of such data. Returns a palloc'ed string
74+ * holding the encrypted password.
75+ */
76+ static char *
77+ encrypt_password (char * password ,char * rolname ,int passwd_type )
78+ {
79+ char * res ;
80+
81+ Assert (password != NULL );
82+
83+ /*
84+ * If a password is already identified as MD5-encrypted, it is used
85+ * as such. If the password given is not encrypted, adapt it depending
86+ * on the type wanted by the caller of this routine.
87+ */
88+ if (isMD5 (password ))
89+ res = pstrdup (password );
90+ else
91+ {
92+ switch (passwd_type )
93+ {
94+ case PASSWORD_TYPE_PLAINTEXT :
95+ res = pstrdup (password );
96+ break ;
97+ case PASSWORD_TYPE_MD5 :
98+ res = (char * )palloc (MD5_PASSWD_LEN + 1 );
99+ if (!pg_md5_encrypt (password ,rolname ,
100+ strlen (rolname ),
101+ res ))
102+ elog (ERROR ,"password encryption failed" );
103+ break ;
104+ default :
105+ Assert (0 );/* should not come here */
106+ }
107+ }
108+
109+ return res ;
110+ }
67111
68112/*
69113 * CREATE ROLE
@@ -81,7 +125,7 @@ CreateRole(CreateRoleStmt *stmt)
81125ListCell * option ;
82126char * password = NULL ;/* user password */
83127int password_type = Password_encryption ;
84- char encrypted_password [ MD5_PASSWD_LEN + 1 ] ;
128+ char * encrypted_passwd ;
85129bool issuper = false;/* Make the user a superuser? */
86130bool inherit = true;/* Auto inherit privileges? */
87131bool createrole = false;/* Can this user create roles? */
@@ -380,17 +424,13 @@ CreateRole(CreateRoleStmt *stmt)
380424
381425if (password )
382426{
383- if (password_type == PASSWORD_TYPE_PLAINTEXT || isMD5 (password ))
384- new_record [Anum_pg_authid_rolpassword - 1 ]=
385- CStringGetTextDatum (password );
386- else
387- {
388- if (!pg_md5_encrypt (password ,stmt -> role ,strlen (stmt -> role ),
389- encrypted_password ))
390- elog (ERROR ,"password encryption failed" );
391- new_record [Anum_pg_authid_rolpassword - 1 ]=
392- CStringGetTextDatum (encrypted_password );
393- }
427+ encrypted_passwd = encrypt_password (password ,
428+ stmt -> role ,
429+ password_type );
430+
431+ new_record [Anum_pg_authid_rolpassword - 1 ]=
432+ CStringGetTextDatum (encrypted_passwd );
433+ pfree (encrypted_passwd );
394434}
395435else
396436new_record_nulls [Anum_pg_authid_rolpassword - 1 ]= true;
@@ -493,7 +533,7 @@ AlterRole(AlterRoleStmt *stmt)
493533char * rolename = NULL ;
494534char * password = NULL ;/* user password */
495535int password_type = Password_encryption ;
496- char encrypted_password [ MD5_PASSWD_LEN + 1 ] ;
536+ char * encrypted_passwd ;
497537int issuper = -1 ;/* Make the user a superuser? */
498538int inherit = -1 ;/* Auto inherit privileges? */
499539int createrole = -1 ;/* Can this user create roles? */
@@ -791,18 +831,14 @@ AlterRole(AlterRoleStmt *stmt)
791831/* password */
792832if (password )
793833{
794- if (password_type == PASSWORD_TYPE_PLAINTEXT || isMD5 (password ))
795- new_record [Anum_pg_authid_rolpassword - 1 ]=
796- CStringGetTextDatum (password );
797- else
798- {
799- if (!pg_md5_encrypt (password ,rolename ,strlen (rolename ),
800- encrypted_password ))
801- elog (ERROR ,"password encryption failed" );
802- new_record [Anum_pg_authid_rolpassword - 1 ]=
803- CStringGetTextDatum (encrypted_password );
804- }
834+ encrypted_passwd = encrypt_password (password ,
835+ rolename ,
836+ password_type );
837+
838+ new_record [Anum_pg_authid_rolpassword - 1 ]=
839+ CStringGetTextDatum (encrypted_passwd );
805840new_record_repl [Anum_pg_authid_rolpassword - 1 ]= true;
841+ pfree (encrypted_passwd );
806842}
807843
808844/* unset password */