Fix initdb misbehavior when user mis-enters superuser password.

While testing simple_prompt() revisions, I happened to notice that
current initdb behaves rather badly when --pwprompt is specified and
the user miskeys the second password.  It complains about the mismatch,
does "rm -rf" on the data directory, and exits.  The problem is that
since commit c4a8812cf, there's a standalone backend sitting waiting
for commands at that point.  It gets unhappy about its datadir having
gone away, and spews a PANIC message at the user, which is not nice.
(And the shell then adds to the mess with meaningless bleating about a
core dump...)  We don't really want that sort of thing to happen unless
there's an internal failure in initdb, which this surely is not.

The best fix seems to be to move the collection of the password
earlier, so that it's done essentially as part of argument collection,
rather than at the rather ad-hoc time it was done before.

Back-patch to 9.6 where the problem was introduced.

diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
index aad6ba5639f12095354299b63181e714dc255a9b..54d338d013f600cc5545a36a324f3491f5fbb626 100644 (file)
--- a/src/bin/initdb/initdb.c
+++ b/src/bin/initdb/initdb.c
@@ -135,6 +135,7 @@ static const char *default_text_search_config = "";
 static char *username = "";
 static bool pwprompt = false;
 static char *pwfilename = NULL;
+static char *superuser_password = NULL;
 static const char *authmethodhost = "";
 static const char *authmethodlocal = "";
 static bool debug = false;
@@ -255,7 +256,7 @@ static void test_config_settings(void);
 static void setup_config(void);
 static void bootstrap_template1(void);
 static void setup_auth(FILE *cmdfd);
-static void get_set_pwd(FILE *cmdfd);
+static void get_su_pwd(void);
 static void setup_depend(FILE *cmdfd);
 static void setup_sysviews(FILE *cmdfd);
 static void setup_description(FILE *cmdfd);
@@ -1544,13 +1545,17 @@ setup_auth(FILE *cmdfd)
 
        for (line = pg_authid_setup; *line != NULL; line++)
                PG_CMD_PUTS(*line);
+
+       if (superuser_password)
+               PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD E'%s';\n\n",
+                                          username, escape_quotes(superuser_password));
 }
 
 /*
- * get the superuser password if required, and call postgres to set it
+ * get the superuser password if required
  */
 static void
-get_set_pwd(FILE *cmdfd)
+get_su_pwd(void)
 {
        char       *pwd1,
                           *pwd2;
@@ -1560,6 +1565,8 @@ get_set_pwd(FILE *cmdfd)
                /*
                 * Read password from terminal
                 */
+               printf("\n");
+               fflush(stdout);
                pwd1 = simple_prompt("Enter new superuser password: ", 100, false);
                pwd2 = simple_prompt("Enter it again: ", 100, false);
                if (strcmp(pwd1, pwd2) != 0)
@@ -1609,10 +1616,7 @@ get_set_pwd(FILE *cmdfd)
 
        }
 
-       PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD E'%s';\n\n",
-                                  username, escape_quotes(pwd1));
-
-       free(pwd1);
+       superuser_password = pwd1;
 }
 
 /*
@@ -3279,8 +3283,6 @@ initialize_data_directory(void)
        PG_CMD_OPEN;
 
        setup_auth(cmdfd);
-       if (pwprompt || pwfilename)
-               get_set_pwd(cmdfd);
 
        setup_depend(cmdfd);
 
@@ -3569,6 +3571,9 @@ main(int argc, char *argv[])
        else
                printf(_("Data page checksums are disabled.\n"));
 
+       if (pwprompt || pwfilename)
+               get_su_pwd();
+
        printf("\n");
 
        initialize_data_directory();