1 /*-------------------------------------------------------------------------
5 * Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
6 * Portions Copyright (c) 1994, Regents of the University of California
8 * src/bin/scripts/createuser.c
10 *-------------------------------------------------------------------------
13 #include "postgres_fe.h"
15 #include "fe_utils/simple_list.h"
16 #include "fe_utils/string_utils.h"
19 static void help(const char *progname);
22 main(int argc, char *argv[])
24 static struct option long_options[] = {
25 {"host", required_argument, NULL, 'h'},
26 {"port", required_argument, NULL, 'p'},
27 {"username", required_argument, NULL, 'U'},
28 {"role", required_argument, NULL, 'g'},
29 {"no-password", no_argument, NULL, 'w'},
30 {"password", no_argument, NULL, 'W'},
31 {"echo", no_argument, NULL, 'e'},
32 {"createdb", no_argument, NULL, 'd'},
33 {"no-createdb", no_argument, NULL, 'D'},
34 {"superuser", no_argument, NULL, 's'},
35 {"no-superuser", no_argument, NULL, 'S'},
36 {"createrole", no_argument, NULL, 'r'},
37 {"no-createrole", no_argument, NULL, 'R'},
38 {"inherit", no_argument, NULL, 'i'},
39 {"no-inherit", no_argument, NULL, 'I'},
40 {"login", no_argument, NULL, 'l'},
41 {"no-login", no_argument, NULL, 'L'},
42 {"replication", no_argument, NULL, 1},
43 {"no-replication", no_argument, NULL, 2},
44 {"interactive", no_argument, NULL, 3},
45 /* adduser is obsolete, undocumented spelling of superuser */
46 {"adduser", no_argument, NULL, 'a'},
47 {"no-adduser", no_argument, NULL, 'A'},
48 {"connection-limit", required_argument, NULL, 'c'},
49 {"pwprompt", no_argument, NULL, 'P'},
50 {"encrypted", no_argument, NULL, 'E'},
57 const char *newuser = NULL;
60 char *username = NULL;
61 SimpleStringList roles = {NULL, NULL};
62 enum trivalue prompt_password = TRI_DEFAULT;
64 bool interactive = false;
65 char *conn_limit = NULL;
66 bool pwprompt = false;
67 char *newpassword = NULL;
68 char newuser_buf[128];
69 char newpassword_buf[100];
71 /* Tri-valued variables. */
72 enum trivalue createdb = TRI_DEFAULT,
73 superuser = TRI_DEFAULT,
74 createrole = TRI_DEFAULT,
75 inherit = TRI_DEFAULT,
77 replication = TRI_DEFAULT;
84 progname = get_progname(argv[0]);
85 set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pgscripts"));
87 handle_help_version_opts(argc, argv, "createuser", help);
89 while ((c = getopt_long(argc, argv, "h:p:U:g:wWedDsSaArRiIlLc:PE",
90 long_options, &optindex)) != -1)
95 host = pg_strdup(optarg);
98 port = pg_strdup(optarg);
101 username = pg_strdup(optarg);
104 simple_string_list_append(&roles, optarg);
107 prompt_password = TRI_NO;
110 prompt_password = TRI_YES;
130 createrole = TRI_YES;
148 conn_limit = pg_strdup(optarg);
154 /* no-op, accepted for backward compatibility */
157 replication = TRI_YES;
160 replication = TRI_NO;
166 fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
171 switch (argc - optind)
176 newuser = argv[optind];
179 fprintf(stderr, _("%s: too many command-line arguments (first is \"%s\")\n"),
180 progname, argv[optind + 1]);
181 fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
189 simple_prompt("Enter name of role to add: ",
190 newuser_buf, sizeof(newuser_buf), true);
191 newuser = newuser_buf;
195 if (getenv("PGUSER"))
196 newuser = getenv("PGUSER");
198 newuser = get_user_name_or_exit(progname);
206 simple_prompt("Enter password for new role: ",
207 newpassword_buf, sizeof(newpassword_buf), false);
208 simple_prompt("Enter it again: ", pw2, sizeof(pw2), false);
209 if (strcmp(newpassword_buf, pw2) != 0)
211 fprintf(stderr, _("Passwords didn't match.\n"));
214 newpassword = newpassword_buf;
219 if (interactive && yesno_prompt("Shall the new role be a superuser?"))
225 if (superuser == TRI_YES)
227 /* Not much point in trying to restrict a superuser */
229 createrole = TRI_YES;
234 if (interactive && yesno_prompt("Shall the new role be allowed to create databases?"))
242 if (interactive && yesno_prompt("Shall the new role be allowed to create more new roles?"))
243 createrole = TRI_YES;
254 conn = connectDatabase("postgres", host, port, username, prompt_password,
255 progname, echo, false, false);
257 initPQExpBuffer(&sql);
259 printfPQExpBuffer(&sql, "CREATE ROLE %s", fmtId(newuser));
262 char *encrypted_password;
264 appendPQExpBufferStr(&sql, " PASSWORD ");
266 encrypted_password = PQencryptPasswordConn(conn,
270 if (!encrypted_password)
272 fprintf(stderr, _("%s: password encryption failed: %s"),
273 progname, PQerrorMessage(conn));
276 appendStringLiteralConn(&sql, encrypted_password, conn);
277 PQfreemem(encrypted_password);
279 if (superuser == TRI_YES)
280 appendPQExpBufferStr(&sql, " SUPERUSER");
281 if (superuser == TRI_NO)
282 appendPQExpBufferStr(&sql, " NOSUPERUSER");
283 if (createdb == TRI_YES)
284 appendPQExpBufferStr(&sql, " CREATEDB");
285 if (createdb == TRI_NO)
286 appendPQExpBufferStr(&sql, " NOCREATEDB");
287 if (createrole == TRI_YES)
288 appendPQExpBufferStr(&sql, " CREATEROLE");
289 if (createrole == TRI_NO)
290 appendPQExpBufferStr(&sql, " NOCREATEROLE");
291 if (inherit == TRI_YES)
292 appendPQExpBufferStr(&sql, " INHERIT");
293 if (inherit == TRI_NO)
294 appendPQExpBufferStr(&sql, " NOINHERIT");
295 if (login == TRI_YES)
296 appendPQExpBufferStr(&sql, " LOGIN");
298 appendPQExpBufferStr(&sql, " NOLOGIN");
299 if (replication == TRI_YES)
300 appendPQExpBufferStr(&sql, " REPLICATION");
301 if (replication == TRI_NO)
302 appendPQExpBufferStr(&sql, " NOREPLICATION");
303 if (conn_limit != NULL)
304 appendPQExpBuffer(&sql, " CONNECTION LIMIT %s", conn_limit);
305 if (roles.head != NULL)
307 SimpleStringListCell *cell;
309 appendPQExpBufferStr(&sql, " IN ROLE ");
311 for (cell = roles.head; cell; cell = cell->next)
314 appendPQExpBuffer(&sql, "%s,", fmtId(cell->val));
316 appendPQExpBufferStr(&sql, fmtId(cell->val));
319 appendPQExpBufferChar(&sql, ';');
322 printf("%s\n", sql.data);
323 result = PQexec(conn, sql.data);
325 if (PQresultStatus(result) != PGRES_COMMAND_OK)
327 fprintf(stderr, _("%s: creation of new role failed: %s"),
328 progname, PQerrorMessage(conn));
340 help(const char *progname)
342 printf(_("%s creates a new PostgreSQL role.\n\n"), progname);
343 printf(_("Usage:\n"));
344 printf(_(" %s [OPTION]... [ROLENAME]\n"), progname);
345 printf(_("\nOptions:\n"));
346 printf(_(" -c, --connection-limit=N connection limit for role (default: no limit)\n"));
347 printf(_(" -d, --createdb role can create new databases\n"));
348 printf(_(" -D, --no-createdb role cannot create databases (default)\n"));
349 printf(_(" -e, --echo show the commands being sent to the server\n"));
350 printf(_(" -g, --role=ROLE new role will be a member of this role\n"));
351 printf(_(" -i, --inherit role inherits privileges of roles it is a\n"
352 " member of (default)\n"));
353 printf(_(" -I, --no-inherit role does not inherit privileges\n"));
354 printf(_(" -l, --login role can login (default)\n"));
355 printf(_(" -L, --no-login role cannot login\n"));
356 printf(_(" -P, --pwprompt assign a password to new role\n"));
357 printf(_(" -r, --createrole role can create new roles\n"));
358 printf(_(" -R, --no-createrole role cannot create roles (default)\n"));
359 printf(_(" -s, --superuser role will be superuser\n"));
360 printf(_(" -S, --no-superuser role will not be superuser (default)\n"));
361 printf(_(" -V, --version output version information, then exit\n"));
362 printf(_(" --interactive prompt for missing role name and attributes rather\n"
363 " than using defaults\n"));
364 printf(_(" --replication role can initiate replication\n"));
365 printf(_(" --no-replication role cannot initiate replication\n"));
366 printf(_(" -?, --help show this help, then exit\n"));
367 printf(_("\nConnection options:\n"));
368 printf(_(" -h, --host=HOSTNAME database server host or socket directory\n"));
369 printf(_(" -p, --port=PORT database server port\n"));
370 printf(_(" -U, --username=USERNAME user name to connect as (not the one to create)\n"));
371 printf(_(" -w, --no-password never prompt for password\n"));
372 printf(_(" -W, --password force password prompt\n"));
373 printf(_("\nReport bugs to <pgsql-bugs@postgresql.org>.\n"));