|
5 | 5 | * |
6 | 6 | * Copyright (c) 1994, Regents of the University of California |
7 | 7 | * |
8 | | - * $Id: user.c,v 1.26 1999/03/16 04:25:45 momjian Exp $ |
| 8 | + * $Id: user.c,v 1.27 1999/04/02 06:16:36 tgl Exp $ |
9 | 9 | * |
10 | 10 | *------------------------------------------------------------------------- |
11 | 11 | */ |
@@ -94,20 +94,24 @@ UpdatePgPwdFile(char *sql, CommandDest dest) |
94 | 94 | void |
95 | 95 | DefineUser(CreateUserStmt *stmt, CommandDest dest) |
96 | 96 | { |
97 | | - |
98 | | - char *pg_shadow, |
99 | | - sql[SQL_LENGTH]; |
| 97 | + char *pg_shadow, |
| 98 | + sql[SQL_LENGTH]; |
100 | 99 | Relation pg_shadow_rel; |
101 | 100 | TupleDesc pg_shadow_dsc; |
102 | | - HeapScanDesc scan; |
| 101 | + HeapScanDesc scan; |
103 | 102 | HeapTuple tuple; |
104 | | - Datum datum; |
105 | | - bool exists = false, |
106 | | - n, |
107 | | - inblock; |
108 | | - int max_id = -1; |
109 | | - |
110 | | - if (stmt->password) |
| 103 | + Datum datum; |
| 104 | + bool exists = false, |
| 105 | + n, |
| 106 | + inblock, |
| 107 | + havepassword, |
| 108 | + havevaluntil; |
| 109 | + int max_id = -1; |
| 110 | + |
| 111 | + havepassword = stmt->password && stmt->password[0]; |
| 112 | + havevaluntil = stmt->validUntil && stmt->validUntil[0]; |
| 113 | + |
| 114 | + if (havepassword) |
111 | 115 | CheckPgUserAclNotNull(); |
112 | 116 | if (!(inblock = IsTransactionBlock())) |
113 | 117 | BeginTransactionBlock(); |
@@ -163,18 +167,31 @@ DefineUser(CreateUserStmt *stmt, CommandDest dest) |
163 | 167 | } |
164 | 168 |
|
165 | 169 | /* |
166 | | - * Build the insert statment to be executed. |
| 170 | + * Build the insert statement to be executed. |
| 171 | + * |
| 172 | + * XXX Ugly as this code is, it still fails to cope with ' or \ |
| 173 | + * in any of the provided strings. |
167 | 174 | */ |
168 | 175 | snprintf(sql, SQL_LENGTH, |
169 | | - "insert into %s(usename,usesysid,usecreatedb,usetrace,usesuper," |
170 | | - "usecatupd,passwd,valuntil) values('%s',%d%s%s,'%s','%s')", |
171 | | - ShadowRelationName, |
172 | | - stmt->user, max_id + 1, |
173 | | - (stmt->createdb && *stmt->createdb) ? ",'t','t'" : ",'f','t'", |
174 | | - (stmt->createuser && *stmt->createuser) ? ",'t','t'" : ",'f','t'", |
175 | | - stmt->password ? stmt->password : "''", |
176 | | - stmt->validUntil ? stmt->validUntil : ""); |
| 176 | + "insert into %s (usename,usesysid,usecreatedb,usetrace," |
| 177 | + "usesuper,usecatupd,passwd,valuntil) " |
| 178 | + "values('%s',%d,'%c','t','%c','t',%s%s%s,%s%s%s)", |
| 179 | + ShadowRelationName, |
| 180 | + stmt->user, |
| 181 | + max_id + 1, |
| 182 | + (stmt->createdb && *stmt->createdb) ? 't' : 'f', |
| 183 | + (stmt->createuser && *stmt->createuser) ? 't' : 'f', |
| 184 | + havepassword ? "'" : "", |
| 185 | + havepassword ? stmt->password : "NULL", |
| 186 | + havepassword ? "'" : "", |
| 187 | + havevaluntil ? "'" : "", |
| 188 | + havevaluntil ? stmt->validUntil : "NULL", |
| 189 | + havevaluntil ? "'" : ""); |
177 | 190 |
|
| 191 | + /* |
| 192 | + * XXX If insert fails, say because a bogus valuntil date is given, |
| 193 | + * need to catch the resulting error and undo our transaction. |
| 194 | + */ |
178 | 195 | pg_exec_query_dest(sql, dest, false); |
179 | 196 |
|
180 | 197 | /* |
|
0 commit comments