PostgreSQL Source Code  git master
createuser.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * createuser
4  *
5  * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
6  * Portions Copyright (c) 1994, Regents of the University of California
7  *
8  * src/bin/scripts/createuser.c
9  *
10  *-------------------------------------------------------------------------
11  */
12 
13 #include "postgres_fe.h"
14 
15 #include <limits.h>
16 
17 #include "common.h"
18 #include "common/logging.h"
19 #include "common/string.h"
20 #include "fe_utils/option_utils.h"
21 #include "fe_utils/simple_list.h"
22 #include "fe_utils/string_utils.h"
23 
24 
25 static void help(const char *progname);
26 
27 int
28 main(int argc, char *argv[])
29 {
30  static struct option long_options[] = {
31  {"admin", required_argument, NULL, 'a'},
32  {"connection-limit", required_argument, NULL, 'c'},
33  {"createdb", no_argument, NULL, 'd'},
34  {"no-createdb", no_argument, NULL, 'D'},
35  {"echo", no_argument, NULL, 'e'},
36  {"encrypted", no_argument, NULL, 'E'},
37  {"role", required_argument, NULL, 'g'},
38  {"host", required_argument, NULL, 'h'},
39  {"inherit", no_argument, NULL, 'i'},
40  {"no-inherit", no_argument, NULL, 'I'},
41  {"login", no_argument, NULL, 'l'},
42  {"no-login", no_argument, NULL, 'L'},
43  {"member", required_argument, NULL, 'm'},
44  {"port", required_argument, NULL, 'p'},
45  {"pwprompt", no_argument, NULL, 'P'},
46  {"createrole", no_argument, NULL, 'r'},
47  {"no-createrole", no_argument, NULL, 'R'},
48  {"superuser", no_argument, NULL, 's'},
49  {"no-superuser", no_argument, NULL, 'S'},
50  {"username", required_argument, NULL, 'U'},
51  {"valid-until", required_argument, NULL, 'v'},
52  {"no-password", no_argument, NULL, 'w'},
53  {"password", no_argument, NULL, 'W'},
54  {"replication", no_argument, NULL, 1},
55  {"no-replication", no_argument, NULL, 2},
56  {"interactive", no_argument, NULL, 3},
57  {"bypassrls", no_argument, NULL, 4},
58  {"no-bypassrls", no_argument, NULL, 5},
59  {NULL, 0, NULL, 0}
60  };
61 
62  const char *progname;
63  int optindex;
64  int c;
65  const char *newuser = NULL;
66  char *host = NULL;
67  char *port = NULL;
68  char *username = NULL;
69  SimpleStringList roles = {NULL, NULL};
70  SimpleStringList members = {NULL, NULL};
71  SimpleStringList admins = {NULL, NULL};
72  enum trivalue prompt_password = TRI_DEFAULT;
73  ConnParams cparams;
74  bool echo = false;
75  bool interactive = false;
76  int conn_limit = -2; /* less than minimum valid value */
77  bool pwprompt = false;
78  char *newpassword = NULL;
79  char *pwexpiry = NULL;
80 
81  /* Tri-valued variables. */
82  enum trivalue createdb = TRI_DEFAULT,
83  superuser = TRI_DEFAULT,
84  createrole = TRI_DEFAULT,
85  inherit = TRI_DEFAULT,
86  login = TRI_DEFAULT,
87  replication = TRI_DEFAULT,
88  bypassrls = TRI_DEFAULT;
89 
90  PQExpBufferData sql;
91 
92  PGconn *conn;
93  PGresult *result;
94 
95  pg_logging_init(argv[0]);
96  progname = get_progname(argv[0]);
97  set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pgscripts"));
98 
99  handle_help_version_opts(argc, argv, "createuser", help);
100 
101  while ((c = getopt_long(argc, argv, "a:c:dDeEg:h:iIlLm:p:PrRsSU:v:wW",
102  long_options, &optindex)) != -1)
103  {
104  switch (c)
105  {
106  case 'a':
107  simple_string_list_append(&admins, optarg);
108  break;
109  case 'c':
110  if (!option_parse_int(optarg, "-c/--connection-limit",
111  -1, INT_MAX, &conn_limit))
112  exit(1);
113  break;
114  case 'd':
115  createdb = TRI_YES;
116  break;
117  case 'D':
118  createdb = TRI_NO;
119  break;
120  case 'e':
121  echo = true;
122  break;
123  case 'E':
124  /* no-op, accepted for backward compatibility */
125  break;
126  case 'g':
127  simple_string_list_append(&roles, optarg);
128  break;
129  case 'h':
130  host = pg_strdup(optarg);
131  break;
132  case 'i':
133  inherit = TRI_YES;
134  break;
135  case 'I':
136  inherit = TRI_NO;
137  break;
138  case 'l':
139  login = TRI_YES;
140  break;
141  case 'L':
142  login = TRI_NO;
143  break;
144  case 'm':
145  simple_string_list_append(&members, optarg);
146  break;
147  case 'p':
148  port = pg_strdup(optarg);
149  break;
150  case 'P':
151  pwprompt = true;
152  break;
153  case 'r':
154  createrole = TRI_YES;
155  break;
156  case 'R':
157  createrole = TRI_NO;
158  break;
159  case 's':
160  superuser = TRI_YES;
161  break;
162  case 'S':
163  superuser = TRI_NO;
164  break;
165  case 'U':
166  username = pg_strdup(optarg);
167  break;
168  case 'v':
169  pwexpiry = pg_strdup(optarg);
170  break;
171  case 'w':
172  prompt_password = TRI_NO;
173  break;
174  case 'W':
175  prompt_password = TRI_YES;
176  break;
177  case 1:
178  replication = TRI_YES;
179  break;
180  case 2:
181  replication = TRI_NO;
182  break;
183  case 3:
184  interactive = true;
185  break;
186  case 4:
187  bypassrls = TRI_YES;
188  break;
189  case 5:
190  bypassrls = TRI_NO;
191  break;
192  default:
193  /* getopt_long already emitted a complaint */
194  pg_log_error_hint("Try \"%s --help\" for more information.", progname);
195  exit(1);
196  }
197  }
198 
199  switch (argc - optind)
200  {
201  case 0:
202  break;
203  case 1:
204  newuser = argv[optind];
205  break;
206  default:
207  pg_log_error("too many command-line arguments (first is \"%s\")",
208  argv[optind + 1]);
209  pg_log_error_hint("Try \"%s --help\" for more information.", progname);
210  exit(1);
211  }
212 
213  if (newuser == NULL)
214  {
215  if (interactive)
216  {
217  newuser = simple_prompt("Enter name of role to add: ", true);
218  }
219  else
220  {
221  if (getenv("PGUSER"))
222  newuser = getenv("PGUSER");
223  else
224  newuser = get_user_name_or_exit(progname);
225  }
226  }
227 
228  if (pwprompt)
229  {
230  char *pw2;
231 
232  newpassword = simple_prompt("Enter password for new role: ", false);
233  pw2 = simple_prompt("Enter it again: ", false);
234  if (strcmp(newpassword, pw2) != 0)
235  {
236  fprintf(stderr, _("Passwords didn't match.\n"));
237  exit(1);
238  }
239  free(pw2);
240  }
241 
242  if (superuser == 0)
243  {
244  if (interactive && yesno_prompt("Shall the new role be a superuser?"))
245  superuser = TRI_YES;
246  else
247  superuser = TRI_NO;
248  }
249 
250  if (superuser == TRI_YES)
251  {
252  /* Not much point in trying to restrict a superuser */
253  createdb = TRI_YES;
254  createrole = TRI_YES;
255  }
256 
257  if (createdb == 0)
258  {
259  if (interactive && yesno_prompt("Shall the new role be allowed to create databases?"))
260  createdb = TRI_YES;
261  else
262  createdb = TRI_NO;
263  }
264 
265  if (createrole == 0)
266  {
267  if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?"))
268  createrole = TRI_YES;
269  else
270  createrole = TRI_NO;
271  }
272 
273  if (inherit == 0)
274  inherit = TRI_YES;
275 
276  if (login == 0)
277  login = TRI_YES;
278 
279  cparams.dbname = NULL; /* this program lacks any dbname option... */
280  cparams.pghost = host;
281  cparams.pgport = port;
282  cparams.pguser = username;
283  cparams.prompt_password = prompt_password;
284  cparams.override_dbname = NULL;
285 
286  conn = connectMaintenanceDatabase(&cparams, progname, echo);
287 
288  initPQExpBuffer(&sql);
289 
290  printfPQExpBuffer(&sql, "CREATE ROLE %s", fmtId(newuser));
291  if (newpassword)
292  {
293  char *encrypted_password;
294 
295  appendPQExpBufferStr(&sql, " PASSWORD ");
296 
297  encrypted_password = PQencryptPasswordConn(conn,
298  newpassword,
299  newuser,
300  NULL);
301  if (!encrypted_password)
302  pg_fatal("password encryption failed: %s",
303  PQerrorMessage(conn));
304  appendStringLiteralConn(&sql, encrypted_password, conn);
305  PQfreemem(encrypted_password);
306  }
307  if (superuser == TRI_YES)
308  appendPQExpBufferStr(&sql, " SUPERUSER");
309  if (superuser == TRI_NO)
310  appendPQExpBufferStr(&sql, " NOSUPERUSER");
311  if (createdb == TRI_YES)
312  appendPQExpBufferStr(&sql, " CREATEDB");
313  if (createdb == TRI_NO)
314  appendPQExpBufferStr(&sql, " NOCREATEDB");
315  if (createrole == TRI_YES)
316  appendPQExpBufferStr(&sql, " CREATEROLE");
317  if (createrole == TRI_NO)
318  appendPQExpBufferStr(&sql, " NOCREATEROLE");
319  if (inherit == TRI_YES)
320  appendPQExpBufferStr(&sql, " INHERIT");
321  if (inherit == TRI_NO)
322  appendPQExpBufferStr(&sql, " NOINHERIT");
323  if (login == TRI_YES)
324  appendPQExpBufferStr(&sql, " LOGIN");
325  if (login == TRI_NO)
326  appendPQExpBufferStr(&sql, " NOLOGIN");
327  if (replication == TRI_YES)
328  appendPQExpBufferStr(&sql, " REPLICATION");
329  if (replication == TRI_NO)
330  appendPQExpBufferStr(&sql, " NOREPLICATION");
331  if (bypassrls == TRI_YES)
332  appendPQExpBufferStr(&sql, " BYPASSRLS");
333  if (bypassrls == TRI_NO)
334  appendPQExpBufferStr(&sql, " NOBYPASSRLS");
335  if (conn_limit >= -1)
336  appendPQExpBuffer(&sql, " CONNECTION LIMIT %d", conn_limit);
337  if (pwexpiry != NULL)
338  {
339  appendPQExpBufferStr(&sql, " VALID UNTIL ");
340  appendStringLiteralConn(&sql, pwexpiry, conn);
341  }
342  if (roles.head != NULL)
343  {
344  SimpleStringListCell *cell;
345 
346  appendPQExpBufferStr(&sql, " IN ROLE ");
347 
348  for (cell = roles.head; cell; cell = cell->next)
349  {
350  if (cell->next)
351  appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
352  else
353  appendPQExpBufferStr(&sql, fmtId(cell->val));
354  }
355  }
356  if (members.head != NULL)
357  {
358  SimpleStringListCell *cell;
359 
360  appendPQExpBufferStr(&sql, " ROLE ");
361 
362  for (cell = members.head; cell; cell = cell->next)
363  {
364  if (cell->next)
365  appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
366  else
367  appendPQExpBufferStr(&sql, fmtId(cell->val));
368  }
369  }
370  if (admins.head != NULL)
371  {
372  SimpleStringListCell *cell;
373 
374  appendPQExpBufferStr(&sql, " ADMIN ");
375 
376  for (cell = admins.head; cell; cell = cell->next)
377  {
378  if (cell->next)
379  appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
380  else
381  appendPQExpBufferStr(&sql, fmtId(cell->val));
382  }
383  }
384 
385  appendPQExpBufferChar(&sql, ';');
386 
387  if (echo)
388  printf("%s\n", sql.data);
389  result = PQexec(conn, sql.data);
390 
391  if (PQresultStatus(result) != PGRES_COMMAND_OK)
392  {
393  pg_log_error("creation of new role failed: %s", PQerrorMessage(conn));
394  PQfinish(conn);
395  exit(1);
396  }
397 
398  PQclear(result);
399  PQfinish(conn);
400  exit(0);
401 }
402 
403 
404 static void
405 help(const char *progname)
406 {
407  printf(_("%s creates a new PostgreSQL role.\n\n"), progname);
408  printf(_("Usage:\n"));
409  printf(_(" %s [OPTION]... [ROLENAME]\n"), progname);
410  printf(_("\nOptions:\n"));
411  printf(_(" -a, --admin=ROLE this role will be a member of new role with admin\n"
412  " option\n"));
413  printf(_(" -c, --connection-limit=N connection limit for role (default: no limit)\n"));
414  printf(_(" -d, --createdb role can create new databases\n"));
415  printf(_(" -D, --no-createdb role cannot create databases (default)\n"));
416  printf(_(" -e, --echo show the commands being sent to the server\n"));
417  printf(_(" -g, --role=ROLE new role will be a member of this role\n"));
418  printf(_(" -i, --inherit role inherits privileges of roles it is a\n"
419  " member of (default)\n"));
420  printf(_(" -I, --no-inherit role does not inherit privileges\n"));
421  printf(_(" -l, --login role can login (default)\n"));
422  printf(_(" -L, --no-login role cannot login\n"));
423  printf(_(" -m, --member=ROLE this role will be a member of new role\n"));
424  printf(_(" -P, --pwprompt assign a password to new role\n"));
425  printf(_(" -r, --createrole role can create new roles\n"));
426  printf(_(" -R, --no-createrole role cannot create roles (default)\n"));
427  printf(_(" -s, --superuser role will be superuser\n"));
428  printf(_(" -S, --no-superuser role will not be superuser (default)\n"));
429  printf(_(" -v, --valid-until=TIMESTAMP\n"
430  " password expiration date for role\n"));
431  printf(_(" -V, --version output version information, then exit\n"));
432  printf(_(" --interactive prompt for missing role name and attributes rather\n"
433  " than using defaults\n"));
434  printf(_(" --bypassrls role can bypass row-level security (RLS) policy\n"));
435  printf(_(" --no-bypassrls role cannot bypass row-level security (RLS) policy\n"));
436  printf(_(" --replication role can initiate replication\n"));
437  printf(_(" --no-replication role cannot initiate replication\n"));
438  printf(_(" -?, --help show this help, then exit\n"));
439  printf(_("\nConnection options:\n"));
440  printf(_(" -h, --host=HOSTNAME database server host or socket directory\n"));
441  printf(_(" -p, --port=PORT database server port\n"));
442  printf(_(" -U, --username=USERNAME user name to connect as (not the one to create)\n"));
443  printf(_(" -w, --no-password never prompt for password\n"));
444  printf(_(" -W, --password force password prompt\n"));
445  printf(_("\nReport bugs to <%s>.\n"), PACKAGE_BUGREPORT);
446  printf(_("%s home page: <%s>\n"), PACKAGE_NAME, PACKAGE_URL);
447 }
yesno_prompt
bool yesno_prompt(const char *question)
Definition: common.c:136
PG_TEXTDOMAIN
#define PG_TEXTDOMAIN(domain)
Definition: c.h:1204
set_pglocale_pgservice
void set_pglocale_pgservice(const char *argv0, const char *app)
Definition: exec.c:460
connectMaintenanceDatabase
PGconn * connectMaintenanceDatabase(ConnParams *cparams, const char *progname, bool echo)
Definition: connect_utils.c:134
main
int main(int argc, char *argv[])
Definition: createuser.c:28
help
static void help(const char *progname)
Definition: createuser.c:405
createdb
Oid createdb(ParseState *pstate, const CreatedbStmt *stmt)
Definition: dbcommands.c:670
_
#define _(x)
Definition: elog.c:91
PQencryptPasswordConn
char * PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, const char *algorithm)
Definition: fe-auth.c:1190
PQerrorMessage
char * PQerrorMessage(const PGconn *conn)
Definition: fe-connect.c:6743
PQfinish
void PQfinish(PGconn *conn)
Definition: fe-connect.c:4130
PQfreemem
void PQfreemem(void *ptr)
Definition: fe-exec.c:3865
PQresultStatus
ExecStatusType PQresultStatus(const PGresult *res)
Definition: fe-exec.c:3240
PQexec
PGresult * PQexec(PGconn *conn, const char *query)
Definition: fe-exec.c:2225
pg_strdup
char * pg_strdup(const char *in)
Definition: fe_memutils.c:85
getopt_long
int getopt_long(int argc, char *const argv[], const char *optstring, const struct option *longopts, int *longindex)
Definition: getopt_long.c:57
no_argument
#define no_argument
Definition: getopt_long.h:24
required_argument
#define required_argument
Definition: getopt_long.h:25
free
#define free(a)
Definition: header.h:65
pwprompt
static bool pwprompt
Definition: initdb.c:140
PGRES_COMMAND_OK
@ PGRES_COMMAND_OK
Definition: libpq-fe.h:97
exit
exit(1)
pg_logging_init
void pg_logging_init(const char *argv0)
Definition: logging.c:83
pg_log_error
#define pg_log_error(...)
Definition: logging.h:106
pg_log_error_hint
#define pg_log_error_hint(...)
Definition: logging.h:112
progname
const char * progname
Definition: main.c:45
option_parse_int
bool option_parse_int(const char *optarg, const char *optname, int min_range, int max_range, int *result)
Definition: option_utils.c:50
handle_help_version_opts
void handle_help_version_opts(int argc, char *argv[], const char *fixed_progname, help_handler hlp)
Definition: option_utils.c:24
option_utils.h
pg_fatal
#define pg_fatal(...)
Definition: pg_backup_utils.h:36
optind
PGDLLIMPORT int optind
Definition: getopt.c:50
optarg
PGDLLIMPORT char * optarg
Definition: getopt.c:52
port
static int port
Definition: pg_regress.c:90
username
const char * username
Definition: pgbench.c:306
get_progname
const char * get_progname(const char *argv0)
Definition: path.c:574
fprintf
#define fprintf
Definition: port.h:242
printf
#define printf(...)
Definition: port.h:244
postgres_fe.h
printfPQExpBuffer
void printfPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:235
initPQExpBuffer
void initPQExpBuffer(PQExpBuffer str)
Definition: pqexpbuffer.c:90
appendPQExpBuffer
void appendPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:265
appendPQExpBufferChar
void appendPQExpBufferChar(PQExpBuffer str, char ch)
Definition: pqexpbuffer.c:378
appendPQExpBufferStr
void appendPQExpBufferStr(PQExpBuffer str, const char *data)
Definition: pqexpbuffer.c:367
c
char * c
Definition: preproc-cursor.c:31
simple_string_list_append
void simple_string_list_append(SimpleStringList *list, const char *val)
Definition: simple_list.c:63
simple_list.h
simple_prompt
char * simple_prompt(const char *prompt, bool echo)
Definition: sprompt.c:38
conn
PGconn * conn
Definition: streamutil.c:54
appendStringLiteralConn
void appendStringLiteralConn(PQExpBuffer buf, const char *str, PGconn *conn)
Definition: string_utils.c:293
fmtId
const char * fmtId(const char *rawid)
Definition: string_utils.c:64
string_utils.h
SimpleStringListCell::val
char val[FLEXIBLE_ARRAY_MEMBER]
Definition: simple_list.h:37
SimpleStringListCell::next
struct SimpleStringListCell * next
Definition: simple_list.h:34
SimpleStringList::head
SimpleStringListCell * head
Definition: simple_list.h:42
_connParams
Definition: pg_backup.h:81
_connParams::pguser
const char * pguser
Definition: connect_utils.h:31
_connParams::override_dbname
char * override_dbname
Definition: pg_backup.h:90
_connParams::pgport
char * pgport
Definition: pg_backup.h:84
_connParams::pghost
char * pghost
Definition: pg_backup.h:85
_connParams::dbname
char * dbname
Definition: pg_backup.h:83
_connParams::prompt_password
enum trivalue prompt_password
Definition: connect_utils.h:32
pg_conn
Definition: libpq-int.h:351
pg_result
Definition: libpq-int.h:170
superuser
bool superuser(void)
Definition: superuser.c:46
get_user_name_or_exit
const char * get_user_name_or_exit(const char *progname)
Definition: username.c:74
trivalue
trivalue
Definition: vacuumlo.c:35
TRI_YES
@ TRI_YES
Definition: vacuumlo.c:38
TRI_DEFAULT
@ TRI_DEFAULT
Definition: vacuumlo.c:36
TRI_NO
@ TRI_NO
Definition: vacuumlo.c:37