1 /*-------------------------------------------------------------------------
5 * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
6 * Portions Copyright (c) 1994, Regents of the University of California
8 * $PostgreSQL: pgsql/src/bin/scripts/createuser.c,v 1.39 2008/12/11 07:34:08 petere Exp $
10 *-------------------------------------------------------------------------
13 #include "postgres_fe.h"
15 #include "dumputils.h"
18 static void help(const char *progname);
28 main(int argc, char *argv[])
30 static struct option long_options[] = {
31 {"host", required_argument, NULL, 'h'},
32 {"port", required_argument, NULL, 'p'},
33 {"username", required_argument, NULL, 'U'},
34 {"password", no_argument, NULL, 'W'},
35 {"echo", no_argument, NULL, 'e'},
36 {"quiet", no_argument, NULL, 'q'},
37 {"createdb", no_argument, NULL, 'd'},
38 {"no-createdb", no_argument, NULL, 'D'},
39 {"superuser", no_argument, NULL, 's'},
40 {"no-superuser", no_argument, NULL, 'S'},
41 {"createrole", no_argument, NULL, 'r'},
42 {"no-createrole", no_argument, NULL, 'R'},
43 {"inherit", no_argument, NULL, 'i'},
44 {"no-inherit", no_argument, NULL, 'I'},
45 {"login", no_argument, NULL, 'l'},
46 {"no-login", no_argument, NULL, 'L'},
47 /* adduser is obsolete, undocumented spelling of superuser */
48 {"adduser", no_argument, NULL, 'a'},
49 {"no-adduser", no_argument, NULL, 'A'},
50 {"connection-limit", required_argument, NULL, 'c'},
51 {"pwprompt", no_argument, NULL, 'P'},
52 {"encrypted", no_argument, NULL, 'E'},
53 {"unencrypted", no_argument, NULL, 'N'},
63 char *username = NULL;
64 bool password = false;
66 char *conn_limit = NULL;
67 bool pwprompt = false;
68 char *newpassword = NULL;
70 /* Tri-valued variables. */
71 enum trivalue createdb = TRI_DEFAULT,
72 superuser = TRI_DEFAULT,
73 createrole = TRI_DEFAULT,
74 inherit = TRI_DEFAULT,
76 encrypted = TRI_DEFAULT;
83 progname = get_progname(argv[0]);
84 set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pgscripts"));
86 handle_help_version_opts(argc, argv, "createuser", help);
88 while ((c = getopt_long(argc, argv, "h:p:U:WeqdDsSaArRiIlLc:PEN",
89 long_options, &optindex)) != -1)
109 /* obsolete; remove in 8.4 */
126 createrole = TRI_YES;
156 fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
161 switch (argc - optind)
166 newuser = argv[optind];
169 fprintf(stderr, _("%s: too many command-line arguments (first is \"%s\")\n"),
170 progname, argv[optind + 1]);
171 fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
176 newuser = simple_prompt("Enter name of role to add: ", 128, true);
183 pw1 = simple_prompt("Enter password for new role: ", 100, false);
184 pw2 = simple_prompt("Enter it again: ", 100, false);
185 if (strcmp(pw1, pw2) != 0)
187 fprintf(stderr, _("Passwords didn't match.\n"));
196 if (yesno_prompt("Shall the new role be a superuser?"))
202 if (superuser == TRI_YES)
204 /* Not much point in trying to restrict a superuser */
206 createrole = TRI_YES;
211 if (yesno_prompt("Shall the new role be allowed to create databases?"))
219 if (yesno_prompt("Shall the new role be allowed to create more new roles?"))
220 createrole = TRI_YES;
231 conn = connectDatabase("postgres", host, port, username, password, progname);
233 initPQExpBuffer(&sql);
235 printfPQExpBuffer(&sql, "CREATE ROLE %s", fmtId(newuser));
238 if (encrypted == TRI_YES)
239 appendPQExpBuffer(&sql, " ENCRYPTED");
240 if (encrypted == TRI_NO)
241 appendPQExpBuffer(&sql, " UNENCRYPTED");
242 appendPQExpBuffer(&sql, " PASSWORD ");
244 if (encrypted != TRI_NO)
246 char *encrypted_password;
248 encrypted_password = PQencryptPassword(newpassword,
250 if (!encrypted_password)
252 fprintf(stderr, _("Password encryption failed.\n"));
255 appendStringLiteralConn(&sql, encrypted_password, conn);
256 PQfreemem(encrypted_password);
259 appendStringLiteralConn(&sql, newpassword, conn);
261 if (superuser == TRI_YES)
262 appendPQExpBuffer(&sql, " SUPERUSER");
263 if (superuser == TRI_NO)
264 appendPQExpBuffer(&sql, " NOSUPERUSER");
265 if (createdb == TRI_YES)
266 appendPQExpBuffer(&sql, " CREATEDB");
267 if (createdb == TRI_NO)
268 appendPQExpBuffer(&sql, " NOCREATEDB");
269 if (createrole == TRI_YES)
270 appendPQExpBuffer(&sql, " CREATEROLE");
271 if (createrole == TRI_NO)
272 appendPQExpBuffer(&sql, " NOCREATEROLE");
273 if (inherit == TRI_YES)
274 appendPQExpBuffer(&sql, " INHERIT");
275 if (inherit == TRI_NO)
276 appendPQExpBuffer(&sql, " NOINHERIT");
277 if (login == TRI_YES)
278 appendPQExpBuffer(&sql, " LOGIN");
280 appendPQExpBuffer(&sql, " NOLOGIN");
281 if (conn_limit != NULL)
282 appendPQExpBuffer(&sql, " CONNECTION LIMIT %s", conn_limit);
283 appendPQExpBuffer(&sql, ";\n");
286 printf("%s", sql.data);
287 result = PQexec(conn, sql.data);
289 if (PQresultStatus(result) != PGRES_COMMAND_OK)
291 fprintf(stderr, _("%s: creation of new role failed: %s"),
292 progname, PQerrorMessage(conn));
304 help(const char *progname)
306 printf(_("%s creates a new PostgreSQL role.\n\n"), progname);
307 printf(_("Usage:\n"));
308 printf(_(" %s [OPTION]... [ROLENAME]\n"), progname);
309 printf(_("\nOptions:\n"));
310 printf(_(" -s, --superuser role will be superuser\n"));
311 printf(_(" -S, --no-superuser role will not be superuser\n"));
312 printf(_(" -d, --createdb role can create new databases\n"));
313 printf(_(" -D, --no-createdb role cannot create databases\n"));
314 printf(_(" -r, --createrole role can create new roles\n"));
315 printf(_(" -R, --no-createrole role cannot create roles\n"));
316 printf(_(" -l, --login role can login (default)\n"));
317 printf(_(" -L, --no-login role cannot login\n"));
318 printf(_(" -i, --inherit role inherits privileges of roles it is a\n"
319 " member of (default)\n"));
320 printf(_(" -I, --no-inherit role does not inherit privileges\n"));
321 printf(_(" -c, --connection-limit=N connection limit for role (default: no limit)\n"));
322 printf(_(" -P, --pwprompt assign a password to new role\n"));
323 printf(_(" -E, --encrypted encrypt stored password\n"));
324 printf(_(" -N, --unencrypted do not encrypt stored password\n"));
325 printf(_(" -e, --echo show the commands being sent to the server\n"));
326 printf(_(" --help show this help, then exit\n"));
327 printf(_(" --version output version information, then exit\n"));
328 printf(_("\nConnection options:\n"));
329 printf(_(" -h, --host=HOSTNAME database server host or socket directory\n"));
330 printf(_(" -p, --port=PORT database server port\n"));
331 printf(_(" -U, --username=USERNAME user name to connect as (not the one to create)\n"));
332 printf(_(" -W, --password force password prompt\n"));
333 printf(_("\nIf one of -s, -S, -d, -D, -r, -R and ROLENAME is not specified, you will\n"
334 "be prompted interactively.\n"));
335 printf(_("\nReport bugs to <pgsql-bugs@postgresql.org>.\n"));