316 lines
8.8 KiB
C
316 lines
8.8 KiB
C
/*-
|
|
* Copyright (c) 2005 Eirik A. Nygaard. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in
|
|
* the documentation and/or other materials provided with the
|
|
* distribution.
|
|
* 3. The name of the author may not be used to endorse or promote products
|
|
* derived from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
|
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
|
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*/
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/param.h>
|
|
|
|
#include <stdio.h>
|
|
#include <unistd.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include <err.h>
|
|
#include <pwd.h>
|
|
|
|
#include <libpq-fe.h>
|
|
|
|
#include "psql.config.h"
|
|
#include "psqladm.h"
|
|
|
|
#define ACTION_ADD 1
|
|
#define ACTION_DELETE 2
|
|
#define ACTION_EDIT 3
|
|
#define ACTION_LIST 4
|
|
#define ACTION_CHPASS 5
|
|
|
|
PGconn *pgconn;
|
|
|
|
void usage(void);
|
|
int adduser(char *username, char *password, uid_t uid);
|
|
int verify_owner(char *username, uid_t uid);
|
|
void listusers(uid_t uid);
|
|
int dropuser(char *username);
|
|
void change_password(char *username, char *password);
|
|
|
|
int
|
|
main(int argc, char **argv)
|
|
{
|
|
uid_t uid;
|
|
int action = 0, c;
|
|
char *username = NULL, *password = NULL;
|
|
char *newpassword = NULL;
|
|
char _username[1024], _password[1024];
|
|
char _newpassword[1024];
|
|
char getpass1[1024];
|
|
char getpass2[1024];
|
|
|
|
while ((c = getopt(argc, argv, "Phadlu:p:")) != -1) {
|
|
switch (c) {
|
|
case 'h':
|
|
usage();
|
|
exit(1);
|
|
case 'a':
|
|
action = ACTION_ADD;
|
|
break;
|
|
case 'd':
|
|
action = ACTION_DELETE;
|
|
break;
|
|
case 'e':
|
|
action = ACTION_EDIT;
|
|
break;
|
|
case 'l':
|
|
action = ACTION_LIST;
|
|
break;
|
|
case 'u':
|
|
username = optarg;
|
|
break;
|
|
case 'p':
|
|
password = optarg;
|
|
break;
|
|
case 'P':
|
|
action = ACTION_CHPASS;
|
|
break;
|
|
default:
|
|
fprintf(stderr, "Unknown argument: '%c'\n", c);
|
|
usage();
|
|
exit(1);
|
|
}
|
|
}
|
|
argc -= optind;
|
|
argv += optind;
|
|
|
|
if (action == 0) {
|
|
usage();
|
|
errx(1, "No action specified!");
|
|
}
|
|
if (!username && argc > 0) {
|
|
username = argv[0];
|
|
argc--;
|
|
argv++;
|
|
}
|
|
if (!password && argc > 0) {
|
|
password = argv[0];
|
|
argc--;
|
|
argv++;
|
|
}
|
|
|
|
if (!username &&
|
|
(action == ACTION_ADD || action == ACTION_EDIT || action == ACTION_DELETE
|
|
|| action == ACTION_CHPASS)) {
|
|
usage();
|
|
errx(1, "Specify username!");
|
|
}
|
|
if (!password && action == ACTION_ADD) {
|
|
getpassword("Password: ", "Repeast password: ", getpass1,
|
|
sizeof(getpass1));
|
|
password = getpass1;
|
|
}
|
|
if (!newpassword && action == ACTION_CHPASS) {
|
|
if (password) {
|
|
newpassword = password;
|
|
}
|
|
else {
|
|
getpassword("New password: ", "Repeast new password: ", getpass2,
|
|
sizeof(getpass2));
|
|
newpassword = getpass2;
|
|
}
|
|
}
|
|
|
|
/* verify input */
|
|
if (username && !verifystr(username, STR_TYPE_NAME))
|
|
errx(1, "Invalid username input");
|
|
if (password && !verifystr(password, STR_TYPE_PASSWORD))
|
|
errx(1, "Invalid password input");
|
|
if (newpassword && !verifystr(newpassword, STR_TYPE_PASSWORD))
|
|
errx(1, "Invalid new password input");
|
|
|
|
uid = get_cred();
|
|
pgconn = db_connect(PSQL_USER, PSQL_PASSWORD, PSQL_DBNAME, PSQL_HOST);
|
|
if (username) {
|
|
struct passwd *passwd;
|
|
if (strlen(username) > 1000)
|
|
errx(1, "Too long username");
|
|
PQescapeString(_username, username, MIN(strlen(username), sizeof(_username)));
|
|
passwd = getpwuid(uid);
|
|
if (passwd == NULL)
|
|
err(1, "Unable to get login info");
|
|
if (!verify_startwith(username, passwd->pw_name))
|
|
errx(1, "Your dbuser must start with your username, and separate username from extrainfo with '_'");
|
|
}
|
|
if (password) {
|
|
if (strlen(password) > 1000)
|
|
errx(1, "Too long password");
|
|
PQescapeString(_password, password, MIN(strlen(password), sizeof(_password)));
|
|
}
|
|
if (newpassword) {
|
|
if (strlen(newpassword) > 1000)
|
|
errx(1, "Too long newpassword");
|
|
PQescapeString(_newpassword, newpassword,
|
|
MIN(strlen(newpassword), sizeof(_newpassword)));
|
|
}
|
|
|
|
switch (action) {
|
|
case ACTION_ADD:
|
|
printf("Adding user %s... \n", _username);
|
|
if (adduser(_username, _password, uid) != 0)
|
|
errx(1, "Unable to add new user");
|
|
break;
|
|
case ACTION_DELETE:
|
|
if (!verify_owner(_username, uid))
|
|
errx(1, "You are not the owner for that dbuser.");
|
|
printf("Deleting user... \n");
|
|
dropuser(username);
|
|
break;
|
|
case ACTION_EDIT:
|
|
if (!verify_owner(_username, uid))
|
|
errx(1, "You are not the owner for that dbuser.");
|
|
printf("Editing user... nothing to do here, sorry!\n");
|
|
break;
|
|
case ACTION_LIST:
|
|
listusers(uid);
|
|
break;
|
|
case ACTION_CHPASS:
|
|
printf("Changing password... \n");
|
|
change_password(_username, _newpassword);
|
|
break;
|
|
}
|
|
|
|
return(0);
|
|
}
|
|
|
|
void
|
|
usage(void)
|
|
{
|
|
fprintf(stderr, "psql-useradm [-h] [-a] [-d] [-l] [-P] [username] [password]\n");
|
|
fprintf(stderr, "\t-h: This help screen\n");
|
|
fprintf(stderr, "\t-a: Create a user\n");
|
|
fprintf(stderr, "\t-d: Drop a user\n");
|
|
/*fprintf(stderr, "\t-e: Edit you user [not functional]\n");*/
|
|
fprintf(stderr, "\t-l: List your database users\n");
|
|
fprintf(stderr, "\t-P: Change password\n");
|
|
}
|
|
|
|
int
|
|
adduser(char *username, char *password, uid_t uid)
|
|
{
|
|
char query[1024];
|
|
int nfields;
|
|
PGresult *res;
|
|
|
|
snprintf(query, sizeof(query), "SELECT uid FROM psqluseradm WHERE username = '%s'", username);
|
|
res = PQexec(pgconn, query);
|
|
if (PQresultStatus(res) != PGRES_TUPLES_OK)
|
|
errx(1, "Could not execute query: '%s': %s", query, PQerrorMessage(pgconn));
|
|
nfields = PQntuples(res);
|
|
if (nfields > 0)
|
|
errx(1, "A database user with that name already exists");
|
|
snprintf(query, sizeof(query), "CREATE USER %s NOCREATEDB NOCREATEUSER ENCRYPTED PASSWORD '%s'",
|
|
username, password);
|
|
res = PQexec(pgconn, query);
|
|
if (PQresultStatus(res) != PGRES_COMMAND_OK)
|
|
errx(1, "unable to add db user: %s", PQerrorMessage(pgconn));
|
|
snprintf(query, sizeof(query), "INSERT INTO psqluseradm (uid, username) VALUES(%d, '%s')",
|
|
uid, username);
|
|
res = PQexec(pgconn, query);
|
|
if (PQresultStatus(res) != PGRES_COMMAND_OK)
|
|
errx(1, "unable to add info user: %s", PQerrorMessage(pgconn));
|
|
|
|
printf("done!\n");
|
|
return(0);
|
|
}
|
|
|
|
void
|
|
listusers(uid_t uid)
|
|
{
|
|
char query[1024];
|
|
PGresult *res;
|
|
int i, nfields;
|
|
|
|
snprintf(query, sizeof(query), "SELECT username, ts FROM psqluseradm WHERE uid = %d", uid);
|
|
res = PQexec(pgconn, query);
|
|
if (PQresultStatus(res) != PGRES_TUPLES_OK)
|
|
errx(1, "unable to list users: %s: %s", query, PQerrorMessage(pgconn));
|
|
nfields = PQnfields(res);
|
|
printf("%-15s %-15s\n", "DBuser", "Created");
|
|
for (i = 0; i < PQntuples(res); i++) {
|
|
/* XXX: Format timestamp... */
|
|
printf("%-15s %-15s\n", PQgetvalue(res, i, 0), PQgetvalue(res, i, 1));
|
|
}
|
|
if (PQntuples(res) == 0)
|
|
printf("You don't have any database users...\n");
|
|
}
|
|
|
|
int
|
|
dropuser(char *username)
|
|
{
|
|
char query[1024];
|
|
PGresult *res;
|
|
|
|
snprintf(query, sizeof(query), "DROP USER %s", username);
|
|
res = PQexec(pgconn, query);
|
|
if (PQresultStatus(res) != PGRES_COMMAND_OK)
|
|
errx(1, "unable to drop user: %s: %s", query, PQerrorMessage(pgconn));
|
|
snprintf(query, sizeof(query), "DELETE FROM psqluseradm WHERE username = '%s'", username);
|
|
res = PQexec(pgconn, query);
|
|
if (PQresultStatus(res) != PGRES_COMMAND_OK)
|
|
errx(1, "unable to delete info user: %s: %s", query, PQerrorMessage(pgconn));
|
|
printf("done!\n");
|
|
return(0);
|
|
}
|
|
|
|
int
|
|
verify_owner(char *username, uid_t uid)
|
|
{
|
|
char query[1024];
|
|
PGresult *res;
|
|
|
|
snprintf(query, sizeof(query), "SELECT id FROM psqluseradm " \
|
|
"WHERE username = '%s' AND uid = %d",
|
|
username, uid);
|
|
res = PQexec(pgconn, query);
|
|
if (PQresultStatus(res) != PGRES_TUPLES_OK)
|
|
errx(1, "verify query failed: %s: %s", query, PQerrorMessage(pgconn));
|
|
if (PQntuples(res) > 0)
|
|
return(1);
|
|
return(0);
|
|
}
|
|
|
|
void
|
|
change_password(char *username, char *password)
|
|
{
|
|
char query[1024];
|
|
PGresult *res;
|
|
|
|
snprintf(query, sizeof(query), "ALTER USER %s PASSWORD '%s'", username, password);
|
|
res = PQexec(pgconn, query);
|
|
if (PQresultStatus(res) != PGRES_COMMAND_OK)
|
|
errx(1, "unable to change password for user: %s", query);
|
|
printf("done\n");
|
|
}
|