8000 Make psql's \password default to CURRENT_USER, not PQuser(conn). · postgres/postgres@d6eb5a0 · GitHub
[go: up one dir, main page]
Skip to content

Commit d6eb5a0

Browse files
tglsfdctglsfdc
committed
Make psql's \password default to CURRENT_USER, not PQuser(conn).
The documentation says plainly that \password acts on "the current user" by default. What it actually acted on, or tried to, was the username used to log into the current session. This is not the same thing if one has since done SET ROLE or SET SESSION AUTHENTICATION. Aside from the possible surprise factor, it's quite likely that the current role doesn't have permissions to set the password of the original role. To fix, use "SELECT CURRENT_USER" to get the role name to act on. (This syntax works with servers at least back to 7.0.) Also, in hopes of reducing confusion, include the role name that will be acted on in the password prompt. The discrepancy from the documentation makes this a bug, so back-patch to all supported branches. Patch by me; thanks to Nathan Bossart for review. Discussion: https://postgr.es/m/747443.1635536754@sss.pgh.pa.us
1 parent f8abb0f commit d6eb5a0

File tree

1 file changed

+21
-13
lines changed

1 file changed

+21
-13
lines changed

src/bin/psql/command.c

Lines changed: 21 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -2023,12 +2023,29 @@ exec_command_password(PsqlScanState scan_state, bool active_branch)
20232023

20242024
if (active_branch)
20252025
{
2026-
char *opt0 = psql_scan_slash_option(scan_state,
2026+
char *user = psql_scan_slash_option(scan_state,
20272027
OT_SQLID, NULL, true);
20282028
char *pw1;
20292029
char *pw2;
2030+
PQExpBufferData buf;
2031+
2032+
if (user == NULL)
2033+
{
2034+
/* By default, the command applies to CURRENT_USER */
2035+
PGresult *res;
2036+
2037+
res = PSQLexec("SELECT CURRENT_USER");
2038+
if (!res)
2039+
return PSQL_CMD_ERROR;
2040+
2041+
user = pg_strdup(PQgetvalue(res, 0, 0));
2042+
PQclear(res);
2043+
}
20302044

2031-
pw1 = simple_prompt("Enter new password: ", false);
2045+
initPQExpBuffer(&buf);
2046+
printfPQExpBuffer(&buf, _("Enter new password for user \"%s\": "), user);
2047+
2048+
pw1 = simple_prompt(buf.data, false);
20322049
pw2 = simple_prompt("Enter it again: ", false);
20332050

20342051
if (strcmp(pw1, pw2) != 0)
@@ -2038,14 +2055,8 @@ exec_command_password(PsqlScanState scan_state, bool active_branch)
20382055
}
20392056
else
20402057
{
2041-
char *user;
20422058
char *encrypted_password;
20432059

2044-
if (opt0)
2045-
user = opt0;
2046-
else
2047-
user = PQuser(pset.db);
2048-
20492060
encrypted_password = PQencryptPasswordConn(pset.db, pw1, user, NULL);
20502061

20512062
if (!encrypted_password)
@@ -2055,15 +2066,12 @@ exec_command_password(PsqlScanState scan_state, bool active_branch)
20552066
}
20562067
else
20572068
{
2058-
PQExpBufferData buf;
20592069
PGresult *res;
20602070

2061-
initPQExpBuffer(&buf);
20622071
printfPQExpBuffer(&buf, "ALTER USER %s PASSWORD ",
20632072
fmtId(user));
20642073
appendStringLiteralConn(&buf, encrypted_password, pset.db);
20652074
res = PSQLexec(buf.data);
2066-
termPQExpBuffer(&buf);
20672075
if (!res)
20682076
success = false;
20692077
else
@@ -2072,10 +2080,10 @@ exec_command_password(PsqlScanState scan_state, bool active_branch)
20722080
}
20732081
}
20742082

2075-
if (opt0)
2076-
free(opt0);
2083+
free(user);
20772084
free(pw1);
20782085
free(pw2);
2086+
termPQExpBuffer(&buf);
20792087
}
20802088
else
20812089
ignore_slash_options(scan_state);

0 commit comments

Comments
 (0)
0