PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
createuser.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * createuser
4  *
5  * Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group
6  * Portions Copyright (c) 1994, Regents of the University of California
7  *
8  * src/bin/scripts/createuser.c
9  *
10  *-------------------------------------------------------------------------
11  */
12 
13 #include "postgres_fe.h"
14 #include "common.h"
15 #include "fe_utils/simple_list.h"
16 #include "fe_utils/string_utils.h"
17 
18 
19 static void help(const char *progname);
20 
21 int
22 main(int argc, char *argv[])
23 {
24  static struct option long_options[] = {
25  {"host", required_argument, NULL, 'h'},
26  {"port", required_argument, NULL, 'p'},
27  {"username", required_argument, NULL, 'U'},
28  {"role", required_argument, NULL, 'g'},
29  {"no-password", no_argument, NULL, 'w'},
30  {"password", no_argument, NULL, 'W'},
31  {"echo", no_argument, NULL, 'e'},
32  {"createdb", no_argument, NULL, 'd'},
33  {"no-createdb", no_argument, NULL, 'D'},
34  {"superuser", no_argument, NULL, 's'},
35  {"no-superuser", no_argument, NULL, 'S'},
36  {"createrole", no_argument, NULL, 'r'},
37  {"no-createrole", no_argument, NULL, 'R'},
38  {"inherit", no_argument, NULL, 'i'},
39  {"no-inherit", no_argument, NULL, 'I'},
40  {"login", no_argument, NULL, 'l'},
41  {"no-login", no_argument, NULL, 'L'},
42  {"replication", no_argument, NULL, 1},
43  {"no-replication", no_argument, NULL, 2},
44  {"interactive", no_argument, NULL, 3},
45  /* adduser is obsolete, undocumented spelling of superuser */
46  {"adduser", no_argument, NULL, 'a'},
47  {"no-adduser", no_argument, NULL, 'A'},
48  {"connection-limit", required_argument, NULL, 'c'},
49  {"pwprompt", no_argument, NULL, 'P'},
50  {"encrypted", no_argument, NULL, 'E'},
51  {"unencrypted", no_argument, NULL, 'N'},
52  {NULL, 0, NULL, 0}
53  };
54 
55  const char *progname;
56  int optindex;
57  int c;
58  const char *newuser = NULL;
59  char *host = NULL;
60  char *port = NULL;
61  char *username = NULL;
62  SimpleStringList roles = {NULL, NULL};
63  enum trivalue prompt_password = TRI_DEFAULT;
64  bool echo = false;
65  bool interactive = false;
66  char *conn_limit = NULL;
67  bool pwprompt = false;
68  char *newpassword = NULL;
69  char newuser_buf[128];
70  char newpassword_buf[100];
71 
72  /* Tri-valued variables. */
75  createrole = TRI_DEFAULT,
76  inherit = TRI_DEFAULT,
78  replication = TRI_DEFAULT,
79  encrypted = TRI_DEFAULT;
80 
81  PQExpBufferData sql;
82 
83  PGconn *conn;
84  PGresult *result;
85 
86  progname = get_progname(argv[0]);
87  set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pgscripts"));
88 
89  handle_help_version_opts(argc, argv, "createuser", help);
90 
91  while ((c = getopt_long(argc, argv, "h:p:U:g:wWedDsSaArRiIlLc:PEN",
92  long_options, &optindex)) != -1)
93  {
94  switch (c)
95  {
96  case 'h':
97  host = pg_strdup(optarg);
98  break;
99  case 'p':
100  port = pg_strdup(optarg);
101  break;
102  case 'U':
103  username = pg_strdup(optarg);
104  break;
105  case 'g':
107  break;
108  case 'w':
109  prompt_password = TRI_NO;
110  break;
111  case 'W':
112  prompt_password = TRI_YES;
113  break;
114  case 'e':
115  echo = true;
116  break;
117  case 'd':
118  createdb = TRI_YES;
119  break;
120  case 'D':
121  createdb = TRI_NO;
122  break;
123  case 's':
124  case 'a':
125  superuser = TRI_YES;
126  break;
127  case 'S':
128  case 'A':
129  superuser = TRI_NO;
130  break;
131  case 'r':
132  createrole = TRI_YES;
133  break;
134  case 'R':
135  createrole = TRI_NO;
136  break;
137  case 'i':
138  inherit = TRI_YES;
139  break;
140  case 'I':
141  inherit = TRI_NO;
142  break;
143  case 'l':
144  login = TRI_YES;
145  break;
146  case 'L':
147  login = TRI_NO;
148  break;
149  case 'c':
150  conn_limit = pg_strdup(optarg);
151  break;
152  case 'P':
153  pwprompt = true;
154  break;
155  case 'E':
156  encrypted = TRI_YES;
157  break;
158  case 'N':
159  encrypted = TRI_NO;
160  break;
161  case 1:
162  replication = TRI_YES;
163  break;
164  case 2:
165  replication = TRI_NO;
166  break;
167  case 3:
168  interactive = true;
169  break;
170  default:
171  fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
172  exit(1);
173  }
174  }
175 
176  switch (argc - optind)
177  {
178  case 0:
179  break;
180  case 1:
181  newuser = argv[optind];
182  break;
183  default:
184  fprintf(stderr, _("%s: too many command-line arguments (first is \"%s\")\n"),
185  progname, argv[optind + 1]);
186  fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
187  exit(1);
188  }
189 
190  if (newuser == NULL)
191  {
192  if (interactive)
193  {
194  simple_prompt("Enter name of role to add: ",
195  newuser_buf, sizeof(newuser_buf), true);
196  newuser = newuser_buf;
197  }
198  else
199  {
200  if (getenv("PGUSER"))
201  newuser = getenv("PGUSER");
202  else
203  newuser = get_user_name_or_exit(progname);
204  }
205  }
206 
207  if (pwprompt)
208  {
209  char pw2[100];
210 
211  simple_prompt("Enter password for new role: ",
212  newpassword_buf, sizeof(newpassword_buf), false);
213  simple_prompt("Enter it again: ", pw2, sizeof(pw2), false);
214  if (strcmp(newpassword_buf, pw2) != 0)
215  {
216  fprintf(stderr, _("Passwords didn't match.\n"));
217  exit(1);
218  }
219  newpassword = newpassword_buf;
220  }
221 
222  if (superuser == 0)
223  {
224  if (interactive && yesno_prompt("Shall the new role be a superuser?"))
225  superuser = TRI_YES;
226  else
227  superuser = TRI_NO;
228  }
229 
230  if (superuser == TRI_YES)
231  {
232  /* Not much point in trying to restrict a superuser */
233  createdb = TRI_YES;
234  createrole = TRI_YES;
235  }
236 
237  if (createdb == 0)
238  {
239  if (interactive && yesno_prompt("Shall the new role be allowed to create databases?"))
240  createdb = TRI_YES;
241  else
242  createdb = TRI_NO;
243  }
244 
245  if (createrole == 0)
246  {
247  if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?"))
248  createrole = TRI_YES;
249  else
250  createrole = TRI_NO;
251  }
252 
253  if (inherit == 0)
254  inherit = TRI_YES;
255 
256  if (login == 0)
257  login = TRI_YES;
258 
259  conn = connectDatabase("postgres", host, port, username, prompt_password,
260  progname, false, false);
261 
262  initPQExpBuffer(&sql);
263 
264  printfPQExpBuffer(&sql, "CREATE ROLE %s", fmtId(newuser));
265  if (newpassword)
266  {
267  if (encrypted == TRI_YES)
268  appendPQExpBufferStr(&sql, " ENCRYPTED");
269  if (encrypted == TRI_NO)
270  appendPQExpBufferStr(&sql, " UNENCRYPTED");
271  appendPQExpBufferStr(&sql, " PASSWORD ");
272 
273  if (encrypted != TRI_NO)
274  {
275  char *encrypted_password;
276 
277  encrypted_password = PQencryptPassword(newpassword,
278  newuser);
279  if (!encrypted_password)
280  {
281  fprintf(stderr, _("Password encryption failed.\n"));
282  exit(1);
283  }
284  appendStringLiteralConn(&sql, encrypted_password, conn);
285  PQfreemem(encrypted_password);
286  }
287  else
288  appendStringLiteralConn(&sql, newpassword, conn);
289  }
290  if (superuser == TRI_YES)
291  appendPQExpBufferStr(&sql, " SUPERUSER");
292  if (superuser == TRI_NO)
293  appendPQExpBufferStr(&sql, " NOSUPERUSER");
294  if (createdb == TRI_YES)
295  appendPQExpBufferStr(&sql, " CREATEDB");
296  if (createdb == TRI_NO)
297  appendPQExpBufferStr(&sql, " NOCREATEDB");
298  if (createrole == TRI_YES)
299  appendPQExpBufferStr(&sql, " CREATEROLE");
300  if (createrole == TRI_NO)
301  appendPQExpBufferStr(&sql, " NOCREATEROLE");
302  if (inherit == TRI_YES)
303  appendPQExpBufferStr(&sql, " INHERIT");
304  if (inherit == TRI_NO)
305  appendPQExpBufferStr(&sql, " NOINHERIT");
306  if (login == TRI_YES)
307  appendPQExpBufferStr(&sql, " LOGIN");
308  if (login == TRI_NO)
309  appendPQExpBufferStr(&sql, " NOLOGIN");
310  if (replication == TRI_YES)
311  appendPQExpBufferStr(&sql, " REPLICATION");
312  if (replication == TRI_NO)
313  appendPQExpBufferStr(&sql, " NOREPLICATION");
314  if (conn_limit != NULL)
315  appendPQExpBuffer(&sql, " CONNECTION LIMIT %s", conn_limit);
316  if (roles.head != NULL)
317  {
318  SimpleStringListCell *cell;
319 
320  appendPQExpBufferStr(&sql, " IN ROLE ");
321 
322  for (cell = roles.head; cell; cell = cell->next)
323  {
324  if (cell->next)
325  appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
326  else
327  appendPQExpBuffer(&sql, "%s", fmtId(cell->val));
328  }
329  }
330  appendPQExpBufferChar(&sql, ';');
331 
332  if (echo)
333  printf("%s\n", sql.data);
334  result = PQexec(conn, sql.data);
335 
336  if (PQresultStatus(result) != PGRES_COMMAND_OK)
337  {
338  fprintf(stderr, _("%s: creation of new role failed: %s"),
339  progname, PQerrorMessage(conn));
340  PQfinish(conn);
341  exit(1);
342  }
343 
344  PQclear(result);
345  PQfinish(conn);
346  exit(0);
347 }
348 
349 
350 static void
351 help(const char *progname)
352 {
353  printf(_("%s creates a new PostgreSQL role.\n\n"), progname);
354  printf(_("Usage:\n"));
355  printf(_(" %s [OPTION]... [ROLENAME]\n"), progname);
356  printf(_("\nOptions:\n"));
357  printf(_(" -c, --connection-limit=N connection limit for role (default: no limit)\n"));
358  printf(_(" -d, --createdb role can create new databases\n"));
359  printf(_(" -D, --no-createdb role cannot create databases (default)\n"));
360  printf(_(" -e, --echo show the commands being sent to the server\n"));
361  printf(_(" -E, --encrypted encrypt stored password\n"));
362  printf(_(" -g, --role=ROLE new role will be a member of this role\n"));
363  printf(_(" -i, --inherit role inherits privileges of roles it is a\n"
364  " member of (default)\n"));
365  printf(_(" -I, --no-inherit role does not inherit privileges\n"));
366  printf(_(" -l, --login role can login (default)\n"));
367  printf(_(" -L, --no-login role cannot login\n"));
368  printf(_(" -N, --unencrypted do not encrypt stored password\n"));
369  printf(_(" -P, --pwprompt assign a password to new role\n"));
370  printf(_(" -r, --createrole role can create new roles\n"));
371  printf(_(" -R, --no-createrole role cannot create roles (default)\n"));
372  printf(_(" -s, --superuser role will be superuser\n"));
373  printf(_(" -S, --no-superuser role will not be superuser (default)\n"));
374  printf(_(" -V, --version output version information, then exit\n"));
375  printf(_(" --interactive prompt for missing role name and attributes rather\n"
376  " than using defaults\n"));
377  printf(_(" --replication role can initiate replication\n"));
378  printf(_(" --no-replication role cannot initiate replication\n"));
379  printf(_(" -?, --help show this help, then exit\n"));
380  printf(_("\nConnection options:\n"));
381  printf(_(" -h, --host=HOSTNAME database server host or socket directory\n"));
382  printf(_(" -p, --port=PORT database server port\n"));
383  printf(_(" -U, --username=USERNAME user name to connect as (not the one to create)\n"));
384  printf(_(" -w, --no-password never prompt for password\n"));
385  printf(_(" -W, --password force password prompt\n"));
386  printf(_("\nReport bugs to <pgsql-bugs@postgresql.org>.\n"));
387 }
char * PQerrorMessage(const PGconn *conn)
Definition: fe-connect.c:5959
void printfPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:234
bool yesno_prompt(const char *question)
Definition: common.c:265
const char * fmtId(const char *rawid)
Definition: string_utils.c:66
const char * get_progname(const char *argv0)
Definition: path.c:453
int getopt_long(int argc, char *const argv[], const char *optstring, const struct option *longopts, int *longindex)
Definition: getopt_long.c:57
void appendPQExpBufferStr(PQExpBuffer str, const char *data)
Definition: pqexpbuffer.c:385
void PQfinish(PGconn *conn)
Definition: fe-connect.c:3516
bool superuser(void)
Definition: superuser.c:47
static bool pwprompt
Definition: initdb.c:130
const char * progname
Definition: pg_standby.c:37
ExecStatusType PQresultStatus(const PGresult *res)
Definition: fe-exec.c:2596
#define required_argument
Definition: getopt_long.h:25
int optind
Definition: getopt.c:51
PGconn * conn
Definition: streamutil.c:42
void appendPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:262
char * c
void simple_prompt(const char *prompt, char *destination, size_t destlen, bool echo)
Definition: sprompt.c:37
struct SimpleStringListCell * next
Definition: simple_list.h:34
char * pg_strdup(const char *in)
Definition: fe_memutils.c:85
int main(int argc, char *argv[])
Definition: createuser.c:22
static int port
Definition: pg_regress.c:87
void handle_help_version_opts(int argc, char *argv[], const char *fixed_progname, help_handler hlp)
Definition: common.c:35
trivalue
Definition: vacuumlo.c:31
#define no_argument
Definition: getopt_long.h:24
#define PG_TEXTDOMAIN(domain)
Definition: c.h:1012
void simple_string_list_append(SimpleStringList *list, const char *val)
Definition: simple_list.c:63
void appendPQExpBufferChar(PQExpBuffer str, char ch)
Definition: pqexpbuffer.c:396
static char * username
Definition: initdb.c:129
void PQclear(PGresult *res)
Definition: fe-exec.c:650
#define NULL
Definition: c.h:226
static PGconn * connectDatabase(const char *dbname, const char *connstr, const char *pghost, const char *pgport, const char *pguser, trivalue prompt_password, bool fail_on_error)
Definition: pg_dumpall.c:1812
SimpleStringListCell * head
Definition: simple_list.h:42
void appendStringLiteralConn(PQExpBuffer buf, const char *str, PGconn *conn)
Definition: string_utils.c:298
Oid createdb(ParseState *pstate, const CreatedbStmt *stmt)
Definition: dbcommands.c:99
void set_pglocale_pgservice(const char *argv0, const char *app)
Definition: exec.c:550
char * optarg
Definition: getopt.c:53
char val[FLEXIBLE_ARRAY_MEMBER]
Definition: simple_list.h:37
PGresult * PQexec(PGconn *conn, const char *query)
Definition: fe-exec.c:1846
static void help(const char *progname)
Definition: createuser.c:351
#define _(x)
Definition: elog.c:84
void PQfreemem(void *ptr)
Definition: fe-exec.c:3200
void initPQExpBuffer(PQExpBuffer str)
Definition: pqexpbuffer.c:89
char * PQencryptPassword(const char *passwd, const char *user)
Definition: fe-auth.c:817
char * login
Definition: pgbench.c:182
const char * get_user_name_or_exit(const char *progname)
Definition: username.c:74