NotificationsYou must be signed in to change notification settings
Fork28
Star151

Commitb1362f8

committed

Apply new/0006-Add-clause-PASSWORD-val-USING-protocol-to-CREATE-ALT.patch

1 parenta8007eb commitb1362f8Copy full SHA for b1362f8

File tree

4 files changed

+126

-7

lines changed

doc/src/sgml/ref
- alter_role.sgml
- create_role.sgml
src/backend
- commands
  - user.c
- parser
  - gram.y

4 files changed

+126

-7

lines changed

`‎doc/src/sgml/ref/alter_role.sgml`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@ ALTER ROLE <replaceable class="PARAMETER">role_specification</replaceable> [ WIT`
`34`	`34`	`\| BYPASSRLS \| NOBYPASSRLS`
`35`	`35`	`\| CONNECTION LIMIT <replaceable class="PARAMETER">connlimit</replaceable>`
`36`	`36`	`\| [ ENCRYPTED \| UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'`
	`37`	`+ \| PASSWORD ( '<replaceable class="PARAMETER">password</replaceable>' USING '<replaceable class="PARAMETER">method</replaceable>' )`
`37`	`38`	`\| VALID UNTIL '<replaceable class="PARAMETER">timestamp</replaceable>'`
`38`	`39`
`39`	`40`	`ALTER ROLE <replaceable class="PARAMETER">name</replaceable> RENAME TO <replaceable>new_name</replaceable>`
`@@ -169,6 +170,7 @@ ALTER ROLE { <replaceable class="PARAMETER">role_specification</replaceable> \| A`
`169`	`170`	`<term><literal>NOBYPASSRLS</literal></term>`
`170`	`171`	`<term><literal>CONNECTION LIMIT</literal> <replaceable class="parameter">connlimit</replaceable></term>`
`171`	`172`	`<term><literal>PASSWORD</> <replaceable class="parameter">password</replaceable></term>`
	`173`	`+ <term><literal>PASSWORD</> ( '<replaceable class="parameter">password</replaceable>' USING '<replaceable class="parameter">method</replaceable>' )</term>`
`172`	`174`	`<term><literal>ENCRYPTED</></term>`
`173`	`175`	`<term><literal>UNENCRYPTED</></term>`
`174`	`176`	`<term><literal>VALID UNTIL</literal> '<replaceable class="parameter">timestamp</replaceable>'</term>`
`@@ -279,6 +281,14 @@ ALTER ROLE davide WITH PASSWORD 'hu8jmn3';`
`279`	`281`	`</programlisting>`
`280`	`282`	`</para>`
`281`	`283`
	`284`	`+ <para>`
	`285`	`+ Change a role's password using MD5-encryption:`
	`286`	`+`
	`287`	`+<programlisting>`
	`288`	`+ALTER ROLE lionel WITH PASSWORD ('hu8jmn3' USING 'md5');`
	`289`	`+</programlisting>`
	`290`	`+ </para>`
	`291`	`+`
`282`	`292`	`<para>`
`283`	`293`	`Remove a role's password:`
`284`	`294`

`‎doc/src/sgml/ref/create_role.sgml`

Lines changed: 26 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@ CREATE ROLE <replaceable class="PARAMETER">name</replaceable> [ [ WITH ] <replac`
`34`	`34`	`\| BYPASSRLS \| NOBYPASSRLS`
`35`	`35`	`\| CONNECTION LIMIT <replaceable class="PARAMETER">connlimit</replaceable>`
`36`	`36`	`\| [ ENCRYPTED \| UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>'`
	`37`	`+ \| PASSWORD ( '<replaceable class="PARAMETER">password</replaceable>' USING '<replaceable class="PARAMETER">method</replaceable>' )`
`37`	`38`	`\| VALID UNTIL '<replaceable class="PARAMETER">timestamp</replaceable>'`
`38`	`39`	`\| IN ROLE <replaceable class="PARAMETER">role_name</replaceable> [, ...]`
`39`	`40`	`\| IN GROUP <replaceable class="PARAMETER">role_name</replaceable> [, ...]`
`@@ -244,6 +245,23 @@ CREATE ROLE <replaceable class="PARAMETER">name</replaceable> [ [ WITH ] <replac`
`244`	`245`	`</listitem>`
`245`	`246`	`</varlistentry>`
`246`	`247`
	`248`	`+ <varlistentry>`
	`249`	`+ <term><literal>PASSWORD</> ( '<replaceable class="parameter">password</replaceable>' USING '<replaceable class="parameter">method</replaceable>' )</term>`
	`250`	`+ <listitem>`
	`251`	`+ <para>`
	`252`	`+ Sets the role's password using the requested method. (A password`
	`253`	`+ is only of use for roles having the <literal>LOGIN</literal>`
	`254`	`+ attribute, but you can nonetheless define one for roles without it.)`
	`255`	`+ If you do not plan to use password authentication you can omit this`
	`256`	`+ option. The methods supported are <literal>md5</> to enforce`
	`257`	`+ a password to be MD5-encrypted, and <literal>plain</> to use an`
	`258`	`+ unencrypted password. If the password string is already in`
	`259`	`+ MD5-encrypted format, then it is stored encrypted even if`
	`260`	`+ <literal>plain</> is specified.`
	`261`	`+ </para>`
	`262`	`+ </listitem>`
	`263`	`+ </varlistentry>`
	`264`	`+`
`247`	`265`	`<varlistentry>`
`248`	`266`	`<term><literal>VALID UNTIL</literal> '<replaceable class="parameter">timestamp</replaceable>'</term>`
`249`	`267`	`<listitem>`
`@@ -425,6 +443,14 @@ CREATE USER davide WITH PASSWORD 'jw8s0F4';`
`425`	`443`	`that it implies <literal>LOGIN</>.)`
`426`	`444`	`</para>`
`427`	`445`
	`446`	`+ <para>`
	`447`	`+ Create a role with a MD5-encrypted password:`
	`448`	`+`
	`449`	`+<programlisting>`
	`450`	`+CREATE USER lionel WITH PASSWORD ('asdh7as' USING 'md5');`
	`451`	`+</programlisting>`
	`452`	`+ </para>`
	`453`	`+`
`428`	`454`	`<para>`
`429`	`455`	`Create a role with a password that is valid until the end of 2004.`
`430`	`456`	`After one second has ticked in 2005, the password is no longer`

`‎src/backend/commands/user.c`

Lines changed: 83 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -176,18 +176,58 @@ CreateRole(ParseState pstate, CreateRoleStmt stmt)`
`176`	`176`
`177`	`177`	`if (strcmp(defel->defname,"password")==0\|\|`
`178`	`178`	`strcmp(defel->defname,"encryptedPassword")==0\|\|`
`179`		`-strcmp(defel->defname,"unencryptedPassword")==0)`
	`179`	`+strcmp(defel->defname,"unencryptedPassword")==0\|\|`
	`180`	`+strcmp(defel->defname,"methodPassword")==0)`
`180`	`181`	`{`
`181`	`182`	`if (dpassword)`
`182`	`183`	`ereport(ERROR,`
`183`	`184`	`(errcode(ERRCODE_SYNTAX_ERROR),`
`184`	`185`	`errmsg("conflicting or redundant options"),`
`185`	`186`	`parser_errposition(pstate,defel->location)));`
`186`	`187`	`dpassword=defel;`
`187`		`-if (strcmp(defel->defname,"encryptedPassword")==0)`
	`188`	`+if (strcmp(defel->defname,"password")==0)`
	`189`	`+{`
	`190`	`+/*`
	`191`	`+ * Password type is enforced with GUC password_encryption`
	`192`	`+ * here.`
	`193`	`+ */`
	`194`	`+if (dpassword&&dpassword->arg)`
	`195`	`+password=strVal(dpassword->arg);`
	`196`	`+}`
	`197`	`+elseif (strcmp(defel->defname,"encryptedPassword")==0)`
	`198`	`+{`
`188`	`199`	`password_type=PASSWORD_TYPE_MD5;`
	`200`	`+if (dpassword&&dpassword->arg)`
	`201`	`+password=strVal(dpassword->arg);`
	`202`	`+}`
`189`	`203`	`elseif (strcmp(defel->defname,"unencryptedPassword")==0)`
	`204`	`+{`
`190`	`205`	`password_type=PASSWORD_TYPE_PLAINTEXT;`
	`206`	`+if (dpassword&&dpassword->arg)`
	`207`	`+password=strVal(dpassword->arg);`
	`208`	`+}`
	`209`	`+elseif (strcmp(defel->defname,"methodPassword")==0)`
	`210`	`+{`
	`211`	`+/*`
	`212`	`+ * This is a list of two elements, the password is first and`
	`213`	`+ * then there is the method wanted by caller.`
	`214`	`+ */`
	`215`	`+if (dpassword&&dpassword->arg)`
	`216`	`+{`
	`217`	`+charmethod=strVal(lsecond((List)dpassword->arg));`
	`218`	`+`
	`219`	`+password=strVal(linitial((List*)dpassword->arg));`
	`220`	`+`
	`221`	`+if (strcmp(method,"md5")==0)`
	`222`	`+password_type=PASSWORD_TYPE_MD5;`
	`223`	`+elseif (strcmp(method,"plain")==0)`
	`224`	`+password_type=PASSWORD_TYPE_PLAINTEXT;`
	`225`	`+else`
	`226`	`+ereport(ERROR,`
	`227`	`+(errcode(ERRCODE_SYNTAX_ERROR),`
	`228`	`+errmsg("unsupported password method %s",method)));`
	`229`	`+}`
	`230`	`+}`
`191`	`231`	`}`
`192`	`232`	`elseif (strcmp(defel->defname,"sysid")==0)`
`193`	`233`	`{`
`@@ -307,8 +347,6 @@ CreateRole(ParseState pstate, CreateRoleStmt stmt)`
`307`	`347`	`defel->defname);`
`308`	`348`	`}`
`309`	`349`
`310`		`-if (dpassword&&dpassword->arg)`
`311`		`-password=strVal(dpassword->arg);`
`312`	`350`	`if (dissuper)`
`313`	`351`	`issuper=intVal(dissuper->arg)!=0;`
`314`	`352`	`if (dinherit)`
`@@ -582,17 +620,57 @@ AlterRole(AlterRoleStmt *stmt)`
`582`	`620`
`583`	`621`	`if (strcmp(defel->defname,"password")==0\|\|`
`584`	`622`	`strcmp(defel->defname,"encryptedPassword")==0\|\|`
	`623`	`+strcmp(defel->defname,"methodPassword")==0\|\|`
`585`	`624`	`strcmp(defel->defname,"unencryptedPassword")==0)`
`586`	`625`	`{`
`587`	`626`	`if (dpassword)`
`588`	`627`	`ereport(ERROR,`
`589`	`628`	`(errcode(ERRCODE_SYNTAX_ERROR),`
`590`	`629`	`errmsg("conflicting or redundant options")));`
`591`	`630`	`dpassword=defel;`
`592`		`-if (strcmp(defel->defname,"encryptedPassword")==0)`
	`631`	`+if (strcmp(defel->defname,"password")==0)`
	`632`	`+{`
	`633`	`+/*`
	`634`	`+ * Password type is enforced with GUC password_encryption`
	`635`	`+ * here.`
	`636`	`+ */`
	`637`	`+if (dpassword&&dpassword->arg)`
	`638`	`+password=strVal(dpassword->arg);`
	`639`	`+}`
	`640`	`+elseif (strcmp(defel->defname,"encryptedPassword")==0)`
	`641`	`+{`
`593`	`642`	`password_type=PASSWORD_TYPE_MD5;`
	`643`	`+if (dpassword&&dpassword->arg)`
	`644`	`+password=strVal(dpassword->arg);`
	`645`	`+}`
`594`	`646`	`elseif (strcmp(defel->defname,"unencryptedPassword")==0)`
	`647`	`+{`
`595`	`648`	`password_type=PASSWORD_TYPE_PLAINTEXT;`
	`649`	`+if (dpassword&&dpassword->arg)`
	`650`	`+password=strVal(dpassword->arg);`
	`651`	`+}`
	`652`	`+elseif (strcmp(defel->defname,"methodPassword")==0)`
	`653`	`+{`
	`654`	`+/*`
	`655`	`+ * This is a list of two elements, the password is first and`
	`656`	`+ * then there is the method wanted by caller.`
	`657`	`+ */`
	`658`	`+if (dpassword&&dpassword->arg)`
	`659`	`+{`
	`660`	`+charmethod=strVal(lsecond((List)dpassword->arg));`
	`661`	`+`
	`662`	`+if (strcmp(method,"md5")==0)`
	`663`	`+password_type=PASSWORD_TYPE_MD5;`
	`664`	`+elseif (strcmp(method,"plain")==0)`
	`665`	`+password_type=PASSWORD_TYPE_PLAINTEXT;`
	`666`	`+else`
	`667`	`+ereport(ERROR,`
	`668`	`+(errcode(ERRCODE_SYNTAX_ERROR),`
	`669`	`+errmsg("unsupported password method %s",method)));`
	`670`	`+`
	`671`	`+password=strVal(linitial((List*)dpassword->arg));`
	`672`	`+}`
	`673`	`+}`
`596`	`674`	`}`
`597`	`675`	`elseif (strcmp(defel->defname,"superuser")==0)`
`598`	`676`	`{`
`@@ -680,8 +758,6 @@ AlterRole(AlterRoleStmt *stmt)`
`680`	`758`	`defel->defname);`
`681`	`759`	`}`
`682`	`760`
`683`		`-if (dpassword&&dpassword->arg)`
`684`		`-password=strVal(dpassword->arg);`
`685`	`761`	`if (dissuper)`
`686`	`762`	`issuper=intVal(dissuper->arg);`
`687`	`763`	`if (dinherit)`

`‎src/backend/parser/gram.y`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -936,6 +936,13 @@ AlterOptRoleElem:`
`936`	`936`	`{`
`937`	`937`	`$$ = makeDefElem("password",NULL,@1);`
`938`	`938`	`}`
	`939`	`+\|PASSWORD'('SconstUSINGSconst')'`
	`940`	`+{`
	`941`	`+$$ = makeDefElem("methodPassword",`
	`942`	`+ (Node *)list_make2(makeString($3),`
	`943`	`+makeString($5)),`
	`944`	`+ @1);`
	`945`	`+}`
`939`	`946`	`\|ENCRYPTEDPASSWORDSconst`
`940`	`947`	`{`
`941`	`948`	`$$ = makeDefElem("encryptedPassword",`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitb1362f8

File tree

4 files changed

4 files changed

`‎doc/src/sgml/ref/alter_role.sgml`

`‎doc/src/sgml/ref/create_role.sgml`

`‎src/backend/commands/user.c`

`‎src/backend/parser/gram.y`

0 commit comments