diff options
author | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2017-05-08 11:26:07 +0300 |
---|---|---|
committer | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2017-05-08 11:26:07 +0300 |
commit | eb61136dc75a76caef8460fa939244d8593100f2 (patch) | |
tree | abaac9eb3b4c093a6a4aabd40dfb0ec23f1bc84a /src/bin/scripts/createuser.c | |
parent | 1f30295eab65eddaa88528876ab66e7095f4bb65 (diff) | |
download | postgresql-eb61136dc75a76caef8460fa939244d8593100f2.tar.gz postgresql-eb61136dc75a76caef8460fa939244d8593100f2.zip |
Remove support for password_encryption='off' / 'plain'.
Storing passwords in plaintext hasn't been a good idea for a very long
time, if ever. Now seems like a good time to finally forbid it, since we're
messing with this in PostgreSQL 10 anyway.
Remove the CREATE/ALTER USER UNENCRYPTED PASSSWORD 'foo' syntax, since
storing passwords unencrypted is no longer supported. ENCRYPTED PASSWORD
'foo' is still accepted, but ENCRYPTED is now just a noise-word, it does
the same as just PASSWORD 'foo'.
Likewise, remove the --unencrypted option from createuser, but accept
--encrypted as a no-op for backward compatibility. AFAICS, --encrypted was
a no-op even before this patch, because createuser encrypted the password
before sending it to the server even if --encrypted was not specified. It
added the ENCRYPTED keyword to the SQL command, but since the password was
already in encrypted form, it didn't make any difference. The documentation
was not clear on whether that was intended or not, but it's moot now.
Also, while password_encryption='on' is still accepted as an alias for
'md5', it is now marked as hidden, so that it is not listed as an accepted
value in error hints, for example. That's not directly related to removing
'plain', but it seems better this way.
Reviewed by Michael Paquier
Discussion: https://www.postgresql.org/message-id/16e9b768-fd78-0b12-cfc1-7b6b7f238fde@iki.fi
Diffstat (limited to 'src/bin/scripts/createuser.c')
-rw-r--r-- | src/bin/scripts/createuser.c | 46 |
1 files changed, 15 insertions, 31 deletions
diff --git a/src/bin/scripts/createuser.c b/src/bin/scripts/createuser.c index 35a53bf2064..d88093f8b6e 100644 --- a/src/bin/scripts/createuser.c +++ b/src/bin/scripts/createuser.c @@ -48,7 +48,6 @@ main(int argc, char *argv[]) {"connection-limit", required_argument, NULL, 'c'}, {"pwprompt", no_argument, NULL, 'P'}, {"encrypted", no_argument, NULL, 'E'}, - {"unencrypted", no_argument, NULL, 'N'}, {NULL, 0, NULL, 0} }; @@ -75,8 +74,7 @@ main(int argc, char *argv[]) createrole = TRI_DEFAULT, inherit = TRI_DEFAULT, login = TRI_DEFAULT, - replication = TRI_DEFAULT, - encrypted = TRI_DEFAULT; + replication = TRI_DEFAULT; PQExpBufferData sql; @@ -88,7 +86,7 @@ main(int argc, char *argv[]) handle_help_version_opts(argc, argv, "createuser", help); - while ((c = getopt_long(argc, argv, "h:p:U:g:wWedDsSaArRiIlLc:PEN", + while ((c = getopt_long(argc, argv, "h:p:U:g:wWedDsSaArRiIlLc:PE", long_options, &optindex)) != -1) { switch (c) @@ -153,10 +151,7 @@ main(int argc, char *argv[]) pwprompt = true; break; case 'E': - encrypted = TRI_YES; - break; - case 'N': - encrypted = TRI_NO; + /* no-op, accepted for backward compatibility */ break; case 1: replication = TRI_YES; @@ -264,31 +259,22 @@ main(int argc, char *argv[]) printfPQExpBuffer(&sql, "CREATE ROLE %s", fmtId(newuser)); if (newpassword) { - if (encrypted == TRI_YES) - appendPQExpBufferStr(&sql, " ENCRYPTED"); - if (encrypted == TRI_NO) - appendPQExpBufferStr(&sql, " UNENCRYPTED"); + char *encrypted_password; + appendPQExpBufferStr(&sql, " PASSWORD "); - if (encrypted != TRI_NO) + encrypted_password = PQencryptPasswordConn(conn, + newpassword, + newuser, + NULL); + if (!encrypted_password) { - char *encrypted_password; - - encrypted_password = PQencryptPasswordConn(conn, - newpassword, - newuser, - NULL); - if (!encrypted_password) - { - fprintf(stderr, _("%s: password encryption failed: %s"), - progname, PQerrorMessage(conn)); - exit(1); - } - appendStringLiteralConn(&sql, encrypted_password, conn); - PQfreemem(encrypted_password); + fprintf(stderr, _("%s: password encryption failed: %s"), + progname, PQerrorMessage(conn)); + exit(1); } - else - appendStringLiteralConn(&sql, newpassword, conn); + appendStringLiteralConn(&sql, encrypted_password, conn); + PQfreemem(encrypted_password); } if (superuser == TRI_YES) appendPQExpBufferStr(&sql, " SUPERUSER"); @@ -361,14 +347,12 @@ help(const char *progname) printf(_(" -d, --createdb role can create new databases\n")); printf(_(" -D, --no-createdb role cannot create databases (default)\n")); printf(_(" -e, --echo show the commands being sent to the server\n")); - printf(_(" -E, --encrypted encrypt stored password\n")); printf(_(" -g, --role=ROLE new role will be a member of this role\n")); printf(_(" -i, --inherit role inherits privileges of roles it is a\n" " member of (default)\n")); printf(_(" -I, --no-inherit role does not inherit privileges\n")); printf(_(" -l, --login role can login (default)\n")); printf(_(" -L, --no-login role cannot login\n")); - printf(_(" -N, --unencrypted do not encrypt stored password\n")); printf(_(" -P, --pwprompt assign a password to new role\n")); printf(_(" -r, --createrole role can create new roles\n")); printf(_(" -R, --no-createrole role cannot create roles (default)\n")); |