@@ -55,6 +55,8 @@ static void AddRoleMems(const char *rolename, Oid roleid,
5555static void DelRoleMems (const char * rolename ,Oid roleid ,
5656List * memberSpecs ,List * memberIds ,
5757bool admin_opt );
58+ static char * encrypt_password (char * passwd ,char * rolname ,
59+ int passwd_type );
5860
5961
6062/* Check if current user has createrole privileges */
@@ -64,6 +66,49 @@ have_createrole_privilege(void)
6466return has_createrole_privilege (GetUserId ());
6567}
6668
69+ /*
70+ * Encrypt a password if necessary for insertion in pg_authid.
71+ *
72+ * If a password is found as already MD5-encrypted, no error is raised
73+ * to ease the dump and reload of such data. Returns a palloc'ed string
74+ * holding the encrypted password if any transformation on the input
75+ * string has been done.
76+ */
77+ static char *
78+ encrypt_password (char * password ,char * rolname ,int passwd_type )
79+ {
80+ char * res ;
81+
82+ Assert (password != NULL );
83+
84+ /*
85+ * If a password is already identified as MD5-encrypted, it is used
86+ * as such. If the password given is not encrypted, adapt it depending
87+ * on the type wanted by the caller of this routine.
88+ */
89+ if (isMD5 (password ))
90+ res = password ;
91+ else
92+ {
93+ switch (passwd_type )
94+ {
95+ case PASSWORD_TYPE_PLAINTEXT :
96+ res = password ;
97+ break ;
98+ case PASSWORD_TYPE_MD5 :
99+ res = (char * )palloc (MD5_PASSWD_LEN + 1 );
100+ if (!pg_md5_encrypt (password ,rolname ,
101+ strlen (rolname ),
102+ res ))
103+ elog (ERROR ,"password encryption failed" );
104+ break ;
105+ default :
106+ elog (ERROR ,"incorrect password type" );
107+ }
108+ }
109+
110+ return res ;
111+ }
67112
68113/*
69114 * CREATE ROLE
@@ -81,7 +126,7 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
81126ListCell * option ;
82127char * password = NULL ;/* user password */
83128int password_type = Password_encryption ;
84- char encrypted_password [ MD5_PASSWD_LEN + 1 ] ;
129+ char * encrypted_passwd ;
85130bool issuper = false;/* Make the user a superuser? */
86131bool inherit = true;/* Auto inherit privileges? */
87132bool createrole = false;/* Can this user create roles? */
@@ -393,17 +438,12 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
393438
394439if (password )
395440{
396- if (password_type == PASSWORD_TYPE_PLAINTEXT || isMD5 (password ))
397- new_record [Anum_pg_authid_rolpassword - 1 ]=
398- CStringGetTextDatum (password );
399- else
400- {
401- if (!pg_md5_encrypt (password ,stmt -> role ,strlen (stmt -> role ),
402- encrypted_password ))
403- elog (ERROR ,"password encryption failed" );
404- new_record [Anum_pg_authid_rolpassword - 1 ]=
405- CStringGetTextDatum (encrypted_password );
406- }
441+ encrypted_passwd = encrypt_password (password ,
442+ stmt -> role ,
443+ password_type );
444+
445+ new_record [Anum_pg_authid_rolpassword - 1 ]=
446+ CStringGetTextDatum (encrypted_passwd );
407447}
408448else
409449new_record_nulls [Anum_pg_authid_rolpassword - 1 ]= true;
@@ -506,7 +546,7 @@ AlterRole(AlterRoleStmt *stmt)
506546char * rolename = NULL ;
507547char * password = NULL ;/* user password */
508548int password_type = Password_encryption ;
509- char encrypted_password [ MD5_PASSWD_LEN + 1 ] ;
549+ char * encrypted_passwd ;
510550int issuper = -1 ;/* Make the user a superuser? */
511551int inherit = -1 ;/* Auto inherit privileges? */
512552int createrole = -1 ;/* Can this user create roles? */
@@ -804,17 +844,12 @@ AlterRole(AlterRoleStmt *stmt)
804844/* password */
805845if (password )
806846{
807- if (password_type == PASSWORD_TYPE_PLAINTEXT || isMD5 (password ))
808- new_record [Anum_pg_authid_rolpassword - 1 ]=
809- CStringGetTextDatum (password );
810- else
811- {
812- if (!pg_md5_encrypt (password ,rolename ,strlen (rolename ),
813- encrypted_password ))
814- elog (ERROR ,"password encryption failed" );
815- new_record [Anum_pg_authid_rolpassword - 1 ]=
816- CStringGetTextDatum (encrypted_password );
817- }
847+ encrypted_passwd = encrypt_password (password ,
848+ rolename ,
849+ password_type );
850+
851+ new_record [Anum_pg_authid_rolpassword - 1 ]=
852+ CStringGetTextDatum (encrypted_passwd );
818853new_record_repl [Anum_pg_authid_rolpassword - 1 ]= true;
819854}
820855