Add --pwfile option to initdb, so that passwords can be set by GUI tools

that aren't able to feed the password to initdb's /dev/tty.

Magnus Hagander

diff --git a/doc/src/sgml/ref/initdb.sgml b/doc/src/sgml/ref/initdb.sgml
index 189a42797787e3068a3027d54249ef97429fbc7f..7cd0e699a987f2d332ebaf9d49f655fcfa9f98aa 100644 (file)
--- a/doc/src/sgml/ref/initdb.sgml
+++ b/doc/src/sgml/ref/initdb.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/initdb.sgml,v 1.29 2004/03/23 02:47:35 neilc Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/initdb.sgml,v 1.30 2004/06/24 19:26:54 tgl Exp $
 PostgreSQL documentation
 -->
 
@@ -185,6 +185,16 @@ PostgreSQL documentation
        </para>
       </listitem>
      </varlistentry>
+
+     <varlistentry>
+      <term><option>--pwfile=<replaceable>filename</></option></term>
+      <listitem>
+       <para>
+        Makes <command>initdb</command> read the database superuser's password
+        from a file.  The first line of the file is taken as the password.
+       </para>
+      </listitem>
+     </varlistentry>
     </variablelist>
    </para>
 

diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 59d59a5e6f0b6e00e409755c47c435450078f4f3..ae312e01c37a67e184f8f15976f0d71768f0cf12 100644 (file)
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.266 2004/06/10 22:26:17 momjian Exp $
+$PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.267 2004/06/24 19:26:55 tgl Exp $
 -->
 
 <Chapter Id="runtime">
@@ -121,9 +121,9 @@ postgres$ <userinput>initdb -D /usr/local/pgsql/data</userinput>
    However, while the directory contents are secure, the default
    client authentication setup allows any local user to connect to the
    database and even become the database superuser. If you do not
-   trust other local users, we recommend you use
-   <command>initdb</command>'s <option>-W</option> or
-   <option>--pwprompt</option> option to assign a password to the
+   trust other local users, we recommend you use one of
+   <command>initdb</command>'s <option>-W</option>, <option>--pwprompt</option>
+   or <option>--pwfile</option> option to assign a password to the
    database superuser.<indexterm><primary>password</><secondary>of the
    superuser</></indexterm> After <command>initdb</command>, modify
    the <filename>pg_hba.conf</filename> file to use <literal>md5</> or

diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
index ab49c02bb2a51029ebd93bedf66e1a7e4fb60899..11bc08ed977b8626d9cf0578247b3feddaeb5854 100644 (file)
--- a/src/bin/initdb/initdb.c
+++ b/src/bin/initdb/initdb.c
@@ -39,7 +39,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  * Portions taken from FreeBSD.
  *
- * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.39 2004/06/21 01:04:44 momjian Exp $
+ * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.40 2004/06/24 19:26:59 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -84,6 +84,7 @@ char     *lc_time = "";
 char      *lc_messages = "";
 char      *username = "";
 bool           pwprompt = false;
+char       *pwfilename = NULL;
 bool           debug = false;
 bool           noclean = false;
 bool           show_setting = false;
@@ -1076,15 +1077,55 @@ get_set_pwd(void)
        char            pwdpath[MAXPGPATH];
        struct stat statbuf;
 
-       pwd1 = simple_prompt("Enter new superuser password: ", 100, false);
-       pwd2 = simple_prompt("Enter it again: ", 100, false);
-       if (strcmp(pwd1, pwd2) != 0)
+       if (pwprompt)
        {
-               fprintf(stderr, _("Passwords didn't match.\n"));
-               exit_nicely();
+               /*
+                * Read password from terminal
+                */
+               pwd1 = simple_prompt("Enter new superuser password: ", 100, false);
+               pwd2 = simple_prompt("Enter it again: ", 100, false);
+               if (strcmp(pwd1, pwd2) != 0)
+               {
+                       fprintf(stderr, _("Passwords didn't match.\n"));
+                       exit_nicely();
+               }
+               free(pwd2);
        }
-       free(pwd2);
+       else
+       {
+               /*
+                * Read password from file
+                *
+                * Ideally this should insist that the file not be world-readable.
+                * However, this option is mainly intended for use on Windows where
+                * file permissions may not exist at all, so we'll skip the paranoia
+                * for now.
+                */
+               FILE *pwf = fopen(pwfilename,"r");
+               char pwdbuf[MAXPGPATH];
+               int  i;
 
+               if (!pwf)
+               {
+                       fprintf(stderr, _("%s: could not open file \"%s\" for reading: %s\n"),
+                                       progname, pwfilename, strerror(errno));
+                       exit_nicely();
+               }
+               if (!fgets(pwdbuf, sizeof(pwdbuf), pwf))
+               {
+                       fprintf(stderr, _("%s: could not read password from file \"%s\": %s\n"),
+                                       progname, pwfilename, strerror(errno));
+                       exit_nicely();
+               }
+               fclose(pwf);
+
+               i = strlen(pwdbuf);
+               while (i > 0 && (pwdbuf[i-1] == '\r' || pwdbuf[i-1] == '\n'))
+                       pwdbuf[--i] = '\0';
+               
+               pwd1 = xstrdup(pwdbuf);
+               
+       }
        printf(_("setting password ... "));
        fflush(stdout);
 
@@ -1737,6 +1778,7 @@ usage(const char *progname)
        printf(_("  --no-locale               equivalent to --locale=C\n"));
        printf(_("  -U, --username=NAME       database superuser name\n"));
        printf(_("  -W, --pwprompt            prompt for a password for the new superuser\n"));
+       printf(_("  --pwfile=filename         read password for the new superuser from file\n"));
        printf(_("  -?, --help                show this help, then exit\n"));
        printf(_("  -V, --version             output version information, then exit\n"));
        printf(_("\nLess commonly used options:\n"));
@@ -1768,6 +1810,7 @@ main(int argc, char *argv[])
                {"lc-messages", required_argument, NULL, 7},
                {"no-locale", no_argument, NULL, 8},
                {"pwprompt", no_argument, NULL, 'W'},
+               {"pwfile", required_argument, NULL, 9},
                {"username", required_argument, NULL, 'U'},
                {"help", no_argument, NULL, '?'},
                {"version", no_argument, NULL, 'V'},
@@ -1857,6 +1900,9 @@ main(int argc, char *argv[])
                        case 8:
                                locale = "C";
                                break;
+                       case 9:
+                               pwfilename = xstrdup(optarg);
+                               break;
                        case 's':
                                show_setting = true;
                                break;
@@ -1882,6 +1928,12 @@ main(int argc, char *argv[])
                                progname);
        }
 
+       if (pwprompt && pwfilename)
+       {
+               fprintf(stderr, _("%s: you cannot specify both password prompt and password file\n"), progname);
+               exit(1);
+       }
+
        if (strlen(pg_data) == 0)
        {
                pgdenv = getenv("PGDATA");
@@ -2147,7 +2199,7 @@ main(int argc, char *argv[])
        /* Create the stuff we don't need to use bootstrap mode for */
 
        setup_shadow();
-       if (pwprompt)
+       if (pwprompt || pwfilename)
                get_set_pwd();
 
        unlimit_systables();