Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitae93312

Browse files
committed
Apply 0006-Add-clause-PASSWORD-val-USING-protocol-to-CREATE-ALT.patch
1 parent6e12e9d commitae93312

File tree

4 files changed

+110
-7
lines changed

4 files changed

+110
-7
lines changed

‎doc/src/sgml/ref/alter_role.sgml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ ALTER ROLE <replaceable class="PARAMETER">role_specification</replaceable> [ WIT
3434
| BYPASSRLS | NOBYPASSRLS
3535
| CONNECTION LIMIT <replaceable class="PARAMETER">connlimit</replaceable>
3636
| [ ENCRYPTED | UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'
37+
| PASSWORD '<replaceable class="PARAMETER">password</replaceable>' USING '<replaceable class="PARAMETER">protocol</replaceable>'
3738
| VALID UNTIL '<replaceable class="PARAMETER">timestamp</replaceable>'
3839

3940
ALTER ROLE <replaceable class="PARAMETER">name</replaceable> RENAME TO <replaceable>new_name</replaceable>
@@ -169,6 +170,7 @@ ALTER ROLE { <replaceable class="PARAMETER">role_specification</replaceable> | A
169170
<term><literal>NOBYPASSRLS</literal></term>
170171
<term><literal>CONNECTION LIMIT</literal> <replaceable class="parameter">connlimit</replaceable></term>
171172
<term><literal>PASSWORD</> <replaceable class="parameter">password</replaceable></term>
173+
<term><literal>PASSWORD</> <replaceable class="parameter">password</replaceable> USING <replaceable class="parameter">protocol</replaceable></term>
172174
<term><literal>ENCRYPTED</></term>
173175
<term><literal>UNENCRYPTED</></term>
174176
<term><literal>VALID UNTIL</literal> '<replaceable class="parameter">timestamp</replaceable>'</term>

‎doc/src/sgml/ref/create_role.sgml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ CREATE ROLE <replaceable class="PARAMETER">name</replaceable> [ [ WITH ] <replac
3434
| BYPASSRLS | NOBYPASSRLS
3535
| CONNECTION LIMIT <replaceable class="PARAMETER">connlimit</replaceable>
3636
| [ ENCRYPTED | UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'
37+
| PASSWORD '<replaceable class="PARAMETER">password</replaceable>' USING '<replaceable class="PARAMETER">protocol</replaceable>'
3738
| VALID UNTIL '<replaceable class="PARAMETER">timestamp</replaceable>'
3839
| IN ROLE <replaceable class="PARAMETER">role_name</replaceable> [, ...]
3940
| IN GROUP <replaceable class="PARAMETER">role_name</replaceable> [, ...]
@@ -244,6 +245,23 @@ CREATE ROLE <replaceable class="PARAMETER">name</replaceable> [ [ WITH ] <replac
244245
</listitem>
245246
</varlistentry>
246247

248+
<varlistentry>
249+
<term><literal>PASSWORD</> <replaceable class="parameter">password</replaceable> USING <replaceable class="parameter">protocol</replaceable></term>
250+
<listitem>
251+
<para>
252+
Sets the role's password using the requested protocol. (A password
253+
is only of use for roles having the <literal>LOGIN</literal>
254+
attribute, but you can nonetheless define one for roles without it.)
255+
If you do not plan to use password authentication you can omit this
256+
option. The protocols supported are <literal>md5</> to enforce
257+
a password to be MD5-encrypted, and <literal>plain</> to use an
258+
unencrypted password. If the password string is already in
259+
MD5-encrypted format, then it is stored encrypted even if
260+
<literal>plain</> is specified.
261+
</para>
262+
</listitem>
263+
</varlistentry>
264+
247265
<varlistentry>
248266
<term><literal>VALID UNTIL</literal> '<replaceable class="parameter">timestamp</replaceable>'</term>
249267
<listitem>

‎src/backend/commands/user.c

Lines changed: 83 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -175,18 +175,58 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
175175

176176
if (strcmp(defel->defname,"password")==0||
177177
strcmp(defel->defname,"encryptedPassword")==0||
178-
strcmp(defel->defname,"unencryptedPassword")==0)
178+
strcmp(defel->defname,"unencryptedPassword")==0||
179+
strcmp(defel->defname,"protocolPassword")==0)
179180
{
180181
if (dpassword)
181182
ereport(ERROR,
182183
(errcode(ERRCODE_SYNTAX_ERROR),
183184
errmsg("conflicting or redundant options"),
184185
parser_errposition(pstate,defel->location)));
185186
dpassword=defel;
186-
if (strcmp(defel->defname,"encryptedPassword")==0)
187+
if (strcmp(defel->defname,"password")==0)
188+
{
189+
/*
190+
* Password type is enforced with GUC password_encryption
191+
* here.
192+
*/
193+
if (dpassword&&dpassword->arg)
194+
password=strVal(dpassword->arg);
195+
}
196+
elseif (strcmp(defel->defname,"encryptedPassword")==0)
197+
{
187198
password_type=PASSWORD_TYPE_MD5;
199+
if (dpassword&&dpassword->arg)
200+
password=strVal(dpassword->arg);
201+
}
188202
elseif (strcmp(defel->defname,"unencryptedPassword")==0)
203+
{
189204
password_type=PASSWORD_TYPE_PLAINTEXT;
205+
if (dpassword&&dpassword->arg)
206+
password=strVal(dpassword->arg);
207+
}
208+
elseif (strcmp(defel->defname,"protocolPassword")==0)
209+
{
210+
/*
211+
* This is a list of two elements, the password is first and
212+
* then there is the protocol wanted by caller.
213+
*/
214+
if (dpassword&&dpassword->arg)
215+
{
216+
char*protocol=strVal(lsecond((List*)dpassword->arg));
217+
218+
password=strVal(linitial((List*)dpassword->arg));
219+
220+
if (strcmp(protocol,"md5")==0)
221+
password_type=PASSWORD_TYPE_MD5;
222+
elseif (strcmp(protocol,"plain")==0)
223+
password_type=PASSWORD_TYPE_PLAINTEXT;
224+
else
225+
ereport(ERROR,
226+
(errcode(ERRCODE_SYNTAX_ERROR),
227+
errmsg("unsupported password protocol %s",protocol)));
228+
}
229+
}
190230
}
191231
elseif (strcmp(defel->defname,"sysid")==0)
192232
{
@@ -306,8 +346,6 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
306346
defel->defname);
307347
}
308348

309-
if (dpassword&&dpassword->arg)
310-
password=strVal(dpassword->arg);
311349
if (dissuper)
312350
issuper=intVal(dissuper->arg)!=0;
313351
if (dinherit)
@@ -582,17 +620,57 @@ AlterRole(AlterRoleStmt *stmt)
582620

583621
if (strcmp(defel->defname,"password")==0||
584622
strcmp(defel->defname,"encryptedPassword")==0||
623+
strcmp(defel->defname,"protocolPassword")==0||
585624
strcmp(defel->defname,"unencryptedPassword")==0)
586625
{
587626
if (dpassword)
588627
ereport(ERROR,
589628
(errcode(ERRCODE_SYNTAX_ERROR),
590629
errmsg("conflicting or redundant options")));
591630
dpassword=defel;
592-
if (strcmp(defel->defname,"encryptedPassword")==0)
631+
if (strcmp(defel->defname,"password")==0)
632+
{
633+
/*
634+
* Password type is enforced with GUC password_encryption
635+
* here.
636+
*/
637+
if (dpassword&&dpassword->arg)
638+
password=strVal(dpassword->arg);
639+
}
640+
elseif (strcmp(defel->defname,"encryptedPassword")==0)
641+
{
593642
password_type=PASSWORD_TYPE_MD5;
643+
if (dpassword&&dpassword->arg)
644+
password=strVal(dpassword->arg);
645+
}
594646
elseif (strcmp(defel->defname,"unencryptedPassword")==0)
647+
{
595648
password_type=PASSWORD_TYPE_PLAINTEXT;
649+
if (dpassword&&dpassword->arg)
650+
password=strVal(dpassword->arg);
651+
}
652+
elseif (strcmp(defel->defname,"protocolPassword")==0)
653+
{
654+
/*
655+
* This is a list of two elements, the password is first and
656+
* then there is the protocol wanted by caller.
657+
*/
658+
if (dpassword&&dpassword->arg)
659+
{
660+
char*protocol=strVal(lsecond((List*)dpassword->arg));
661+
662+
if (strcmp(protocol,"md5")==0)
663+
password_type=PASSWORD_TYPE_MD5;
664+
elseif (strcmp(protocol,"plain")==0)
665+
password_type=PASSWORD_TYPE_PLAINTEXT;
666+
else
667+
ereport(ERROR,
668+
(errcode(ERRCODE_SYNTAX_ERROR),
669+
errmsg("unsupported password protocol %s",protocol)));
670+
671+
password=strVal(linitial((List*)dpassword->arg));
672+
}
673+
}
596674
}
597675
elseif (strcmp(defel->defname,"superuser")==0)
598676
{
@@ -680,8 +758,6 @@ AlterRole(AlterRoleStmt *stmt)
680758
defel->defname);
681759
}
682760

683-
if (dpassword&&dpassword->arg)
684-
password=strVal(dpassword->arg);
685761
if (dissuper)
686762
issuper=intVal(dissuper->arg);
687763
if (dinherit)

‎src/backend/parser/gram.y

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -934,6 +934,13 @@ AlterOptRoleElem:
934934
{
935935
$$ = makeDefElem("password",NULL,@1);
936936
}
937+
|PASSWORDSconstUSINGSconst
938+
{
939+
$$ = makeDefElem("protocolPassword",
940+
(Node *)list_make2(makeString($2),
941+
makeString($4)),
942+
@1);
943+
}
937944
|ENCRYPTEDPASSWORDSconst
938945
{
939946
$$ = makeDefElem("encryptedPassword",

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp