int main(int argc, char *argv[]) { static struct option long_options[] = { {"host", required_argument, NULL, 'h'}, {"port", required_argument, NULL, 'p'}, {"username", required_argument, NULL, 'U'}, {"role", required_argument, NULL, 'g'}, {"no-password", no_argument, NULL, 'w'}, {"password", no_argument, NULL, 'W'}, {"echo", no_argument, NULL, 'e'}, {"createdb", no_argument, NULL, 'd'}, {"no-createdb", no_argument, NULL, 'D'}, {"superuser", no_argument, NULL, 's'}, {"no-superuser", no_argument, NULL, 'S'}, {"createrole", no_argument, NULL, 'r'}, {"no-createrole", no_argument, NULL, 'R'}, {"inherit", no_argument, NULL, 'i'}, {"no-inherit", no_argument, NULL, 'I'}, {"login", no_argument, NULL, 'l'}, {"no-login", no_argument, NULL, 'L'}, {"replication", no_argument, NULL, 1}, {"no-replication", no_argument, NULL, 2}, {"interactive", no_argument, NULL, 3}, /* adduser is obsolete, undocumented spelling of superuser */ {"adduser", no_argument, NULL, 'a'}, {"no-adduser", no_argument, NULL, 'A'}, {"connection-limit", required_argument, NULL, 'c'}, {"pwprompt", no_argument, NULL, 'P'}, {"encrypted", no_argument, NULL, 'E'}, {NULL, 0, NULL, 0} }; const char *progname; int optindex; int c; const char *newuser = NULL; char *host = NULL; char *port = NULL; char *username = NULL; SimpleStringList roles = {NULL, NULL}; enum trivalue prompt_password = TRI_DEFAULT; bool echo = false; bool interactive = false; char *conn_limit = NULL; bool pwprompt = false; char *newpassword = NULL; char newuser_buf[128]; char newpassword_buf[100]; /* Tri-valued variables. */ enum trivalue createdb = TRI_DEFAULT, superuser = TRI_DEFAULT, createrole = TRI_DEFAULT, inherit = TRI_DEFAULT, login = TRI_DEFAULT, replication = TRI_DEFAULT; PQExpBufferData sql; PGconn *conn; PGresult *result; progname = get_progname(argv[0]); set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pgscripts")); handle_help_version_opts(argc, argv, "createuser", help); while ((c = getopt_long(argc, argv, "h:p:U:g:wWedDsSaArRiIlLc:PE", long_options, &optindex)) != -1) { switch (c) { case 'h': host = pg_strdup(optarg); break; case 'p': port = pg_strdup(optarg); break; case 'U': username = pg_strdup(optarg); break; case 'g': simple_string_list_append(&roles, optarg); break; case 'w': prompt_password = TRI_NO; break; case 'W': prompt_password = TRI_YES; break; case 'e': echo = true; break; case 'd': createdb = TRI_YES; break; case 'D': createdb = TRI_NO; break; case 's': case 'a': superuser = TRI_YES; break; case 'S': case 'A': superuser = TRI_NO; break; case 'r': createrole = TRI_YES; break; case 'R': createrole = TRI_NO; break; case 'i': inherit = TRI_YES; break; case 'I': inherit = TRI_NO; break; case 'l': login = TRI_YES; break; case 'L': login = TRI_NO; break; case 'c': conn_limit = pg_strdup(optarg); break; case 'P': pwprompt = true; break; case 'E': /* no-op, accepted for backward compatibility */ break; case 1: replication = TRI_YES; break; case 2: replication = TRI_NO; break; case 3: interactive = true; break; default: fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname); exit(1); } } switch (argc - optind) { case 0: break; case 1: newuser = argv[optind]; break; default: fprintf(stderr, _("%s: too many command-line arguments (first is \"%s\")\n"), progname, argv[optind + 1]); fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname); exit(1); } if (newuser == NULL) { if (interactive) { simple_prompt("Enter name of role to add: ", newuser_buf, sizeof(newuser_buf), true); newuser = newuser_buf; } else { if (getenv("PGUSER")) newuser = getenv("PGUSER"); else newuser = get_user_name_or_exit(progname); } } if (pwprompt) { char pw2[100]; simple_prompt("Enter password for new role: ", newpassword_buf, sizeof(newpassword_buf), false); simple_prompt("Enter it again: ", pw2, sizeof(pw2), false); if (strcmp(newpassword_buf, pw2) != 0) { fprintf(stderr, _("Passwords didn't match.\n")); exit(1); } newpassword = newpassword_buf; } if (superuser == 0) { if (interactive && yesno_prompt("Shall the new role be a superuser?")) superuser = TRI_YES; else superuser = TRI_NO; } if (superuser == TRI_YES) { /* Not much point in trying to restrict a superuser */ createdb = TRI_YES; createrole = TRI_YES; } if (createdb == 0) { if (interactive && yesno_prompt("Shall the new role be allowed to create databases?")) createdb = TRI_YES; else createdb = TRI_NO; } if (createrole == 0) { if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?")) createrole = TRI_YES; else createrole = TRI_NO; } if (inherit == 0) inherit = TRI_YES; if (login == 0) login = TRI_YES; conn = connectDatabase("postgres", host, port, username, prompt_password, progname, echo, false, false); initPQExpBuffer(&sql); printfPQExpBuffer(&sql, "CREATE ROLE %s", fmtId(newuser)); if (newpassword) { char *encrypted_password; appendPQExpBufferStr(&sql, " PASSWORD "); encrypted_password = PQencryptPasswordConn(conn, newpassword, newuser, NULL); if (!encrypted_password) { fprintf(stderr, _("%s: password encryption failed: %s"), progname, PQerrorMessage(conn)); exit(1); } appendStringLiteralConn(&sql, encrypted_password, conn); PQfreemem(encrypted_password); } if (superuser == TRI_YES) appendPQExpBufferStr(&sql, " SUPERUSER"); if (superuser == TRI_NO) appendPQExpBufferStr(&sql, " NOSUPERUSER"); if (createdb == TRI_YES) appendPQExpBufferStr(&sql, " CREATEDB"); if (createdb == TRI_NO) appendPQExpBufferStr(&sql, " NOCREATEDB"); if (createrole == TRI_YES) appendPQExpBufferStr(&sql, " CREATEROLE"); if (createrole == TRI_NO) appendPQExpBufferStr(&sql, " NOCREATEROLE"); if (inherit == TRI_YES) appendPQExpBufferStr(&sql, " INHERIT"); if (inherit == TRI_NO) appendPQExpBufferStr(&sql, " NOINHERIT"); if (login == TRI_YES) appendPQExpBufferStr(&sql, " LOGIN"); if (login == TRI_NO) appendPQExpBufferStr(&sql, " NOLOGIN"); if (replication == TRI_YES) appendPQExpBufferStr(&sql, " REPLICATION"); if (replication == TRI_NO) appendPQExpBufferStr(&sql, " NOREPLICATION"); if (conn_limit != NULL) appendPQExpBuffer(&sql, " CONNECTION LIMIT %s", conn_limit); if (roles.head != NULL) { SimpleStringListCell *cell; appendPQExpBufferStr(&sql, " IN ROLE "); for (cell = roles.head; cell; cell = cell->next) { if (cell->next) appendPQExpBuffer(&sql, "%s,", fmtId(cell->val)); else appendPQExpBufferStr(&sql, fmtId(cell->val)); } } appendPQExpBufferChar(&sql, ';'); if (echo) printf("%s\n", sql.data); result = PQexec(conn, sql.data); if (PQresultStatus(result) != PGRES_COMMAND_OK) { fprintf(stderr, _("%s: creation of new role failed: %s"), progname, PQerrorMessage(conn)); PQfinish(conn); exit(1); } PQclear(result); PQfinish(conn); exit(0); }
static PyObject * psyco_encrypt_password(PyObject *self, PyObject *args, PyObject *kwargs) { char *encrypted = NULL; PyObject *password = NULL, *user = NULL; PyObject *scope = Py_None, *algorithm = Py_None; PyObject *res = NULL; connectionObject *conn = NULL; static char *kwlist[] = {"password", "user", "scope", "algorithm", NULL}; if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OO|OO", kwlist, &password, &user, &scope, &algorithm)) { return NULL; } /* for ensure_bytes */ Py_INCREF(user); Py_INCREF(password); Py_INCREF(algorithm); if (scope != Py_None) { if (PyObject_TypeCheck(scope, &cursorType)) { conn = ((cursorObject*)scope)->conn; } else if (PyObject_TypeCheck(scope, &connectionType)) { conn = (connectionObject*)scope; } else { PyErr_SetString(PyExc_TypeError, "the scope must be a connection or a cursor"); goto exit; } } if (!(user = psycopg_ensure_bytes(user))) { goto exit; } if (!(password = psycopg_ensure_bytes(password))) { goto exit; } if (algorithm != Py_None) { if (!(algorithm = psycopg_ensure_bytes(algorithm))) { goto exit; } } /* If we have to encrypt md5 we can use the libpq < 10 API */ if (algorithm != Py_None && strcmp(Bytes_AS_STRING(algorithm), "md5") == 0) { encrypted = PQencryptPassword( Bytes_AS_STRING(password), Bytes_AS_STRING(user)); } /* If the algorithm is not md5 we have to use the API available from * libpq 10. */ else { #if PG_VERSION_NUM >= 100000 if (!conn) { PyErr_SetString(ProgrammingError, "password encryption (other than 'md5' algorithm)" " requires a connection or cursor"); goto exit; } /* TODO: algo = None will block: forbid on async/green conn? */ encrypted = PQencryptPasswordConn(conn->pgconn, Bytes_AS_STRING(password), Bytes_AS_STRING(user), algorithm != Py_None ? Bytes_AS_STRING(algorithm) : NULL); #else PyErr_SetString(NotSupportedError, "password encryption (other than 'md5' algorithm)" " requires libpq 10"); goto exit; #endif } if (encrypted) { res = Text_FromUTF8(encrypted); } else { const char *msg = PQerrorMessage(conn->pgconn); PyErr_Format(ProgrammingError, "password encryption failed: %s", msg ? msg : "no reason given"); goto exit; } exit: if (encrypted) { PQfreemem(encrypted); } Py_XDECREF(user); Py_XDECREF(password); Py_XDECREF(algorithm); return res; }