From: todd brandys <brandys@eng3.hep.uiuc.edu>

An extension to the code to allow for a pg_password authentication database
that is *seperate* from the system password file

src/backend/commands/Makefile

@@ -4,7 +4,7 @@
 #    Makefile for commands
 #
 # IDENTIFICATION
-#    $Header: /cvsroot/pgsql/src/backend/commands/Makefile,v 1.7 1997/11/24 05:20:49 momjian Exp $
+#    $Header: /cvsroot/pgsql/src/backend/commands/Makefile,v 1.8 1997/12/04 00:26:44 scrappy Exp $
 #
 #-------------------------------------------------------------------------
 
@@ -19,7 +19,7 @@ CFLAGS+=$(INCLUDE_OPT)
 
 OBJS = async.o creatinh.o command.o copy.o defind.o define.o \
        remove.o rename.o vacuum.o version.o view.o cluster.o \
-       recipe.o explain.o sequence.o trigger.o proclang.o dbcommands.o
+       recipe.o explain.o sequence.o trigger.o user.o proclang.o dbcommands.o
 
 all: SUBSYS.o
 

src/backend/libpq/Makefile

@@ -4,7 +4,7 @@
 #    Makefile for libpq subsystem (backend half of libpq interface)
 #
 # IDENTIFICATION
-#    $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.7 1997/04/04 10:39:19 scrappy Exp $
+#    $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.8 1997/12/04 00:26:47 scrappy Exp $
 #
 #-------------------------------------------------------------------------
 
@@ -24,7 +24,7 @@ LDFLAGS+= $(KRBLIBS)
 endif
 
 OBJS = be-dumpdata.o be-fsstubs.o be-pqexec.o pqcomprim.o\
-       auth.o hba.o pqcomm.o portal.o util.o portalbuf.o pqpacket.o pqsignal.o \
+       auth.o hba.o crypt.o pqcomm.o portal.o util.o portalbuf.o pqpacket.o pqsignal.o \
        password.o
 
 all: SUBSYS.o

src/backend/libpq/auth.c

@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.18 1997/11/17 16:10:06 thomas Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.19 1997/12/04 00:26:50 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -71,6 +71,7 @@
 #include <libpq/libpq-be.h>
 #include <libpq/hba.h>
 #include <libpq/password.h>
+#include <libpq/crypt.h>
 
 static int	be_getauthsvc(MsgType msgtype);
 
@@ -122,7 +123,8 @@ static struct authsvc authsvcs[] = {
 #else
 	{"kerberos", STARTUP_KRB4_MSG, 1},
 #endif
-	{"password", STARTUP_PASSWORD_MSG, 1}
+	{"password", STARTUP_PASSWORD_MSG, 1},
+	{"crypt", STARTUP_CRYPT_MSG, 1}
 };
 
 static n_authsvcs = sizeof(authsvcs) / sizeof(struct authsvc);
@@ -445,6 +447,28 @@ pg_password_recvauth(Port *port, char *database, char *DataDir)
 	return verify_password(user, password, port, database, DataDir);
 }
 
+static int
+crypt_recvauth(Port *port)
+{
+      PacketBuf       buf;
+      char       *user,
+                         *password;
+
+      if (PacketReceive(port, &buf, BLOCKING) != STATUS_OK)
+      {
+              sprintf(PQerrormsg,
+                              "crypt_recvauth: failed to receive authentication packet.\n");
+              fputs(PQerrormsg, stderr);
+              pqdebug("%s", PQerrormsg);
+              return STATUS_ERROR;
+      }
+
+      user = buf.data;
+      password = buf.data + strlen(user) + 1;
+
+      return crypt_verify(port, user, password);
+}
+
 /*
  * be_recvauth -- server demux routine for incoming authentication information
  */
@@ -571,6 +595,10 @@ be_recvauth(MsgType msgtype_arg, Port *port, char *username, StartupInfo *sp)
 				return (STATUS_ERROR);
 			}
 			break;
+		case STARTUP_CRYPT_MSG:
+			if (crypt_recvauth(port) != STATUS_OK)
+                          return STATUS_ERROR;
+                        break;
 		default:
 			sprintf(PQerrormsg,
 					"be_recvauth: unrecognized message type: %d\n",

src/backend/parser/gram.y

@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 1.75 1997/12/02 16:09:15 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 1.76 1997/12/04 00:26:57 scrappy Exp $
  *
  * HISTORY
  *	  AUTHOR			DATE			MAJOR EVENT
@@ -40,6 +40,7 @@
 #include "nodes/print.h"
 #include "parser/gramparse.h"
 #include "utils/acl.h"
+#include "utils/palloc.h"
 #include "catalog/catname.h"
 #include "utils/elog.h"
 #include "access/xact.h"
@@ -83,6 +84,7 @@ Oid	param_type(int t); /* used in parse_expr.c */
 	char				chr;
 	char				*str;
 	bool				boolean;
+	bool*				pboolean;	/* for pg_user privileges */
 	List				*list;
 	Node				*node;
 	Value				*value;
@@ -119,10 +121,16 @@ Oid	param_type(int t); /* used in parse_expr.c */
 		RenameStmt, RevokeStmt, RuleStmt, TransactionStmt, ViewStmt, LoadStmt,
 		CreatedbStmt, DestroydbStmt, VacuumStmt, RetrieveStmt, CursorStmt,
 		ReplaceStmt, AppendStmt, NotifyStmt, DeleteStmt, ClusterStmt,
-		ExplainStmt, VariableSetStmt, VariableShowStmt, VariableResetStmt
+		ExplainStmt, VariableSetStmt, VariableShowStmt, VariableResetStmt,
+		CreateUserStmt, AlterUserStmt, DropUserStmt
 
 %type <str>		opt_database, location
 
+%type <pboolean> user_createdb_clause, user_createuser_clause
+%type <str>   user_passwd_clause
+%type <str>   user_valid_clause
+%type <list>  user_group_list, user_group_clause
+
 %type <node>	SubSelect
 %type <str>		join_expr, join_outer, join_spec
 %type <boolean> TriggerActionTime, TriggerForSpec, PLangTrusted
@@ -268,6 +276,14 @@ Oid	param_type(int t); /* used in parse_expr.c */
 		SEQUENCE, SETOF, SHOW, STDIN, STDOUT, TRUSTED, 
 		VACUUM, VERBOSE, VERSION
 
+/*
+ * Tokens for pg_passwd support.  The CREATEDB and CREATEUSER tokens should go away
+ * when some sort of pg_privileges relation is introduced.
+ *
+ *                                    Todd A. Brandys
+ */
+%token  USER, PASSWORD, CREATEDB, NOCREATEDB, CREATEUSER, NOCREATEUSER, VALID, UNTIL
+
 /* Special keywords, not in the query language - see the "lex" file */
 %token <str>	IDENT, SCONST, Op
 %token <ival>	ICONST, PARAM
@@ -318,17 +334,20 @@ stmtmulti:  stmtmulti stmt ';'
 		;
 
 stmt :	  AddAttrStmt
+		| AlterUserStmt
 		| ClosePortalStmt
 		| CopyStmt
 		| CreateStmt
 		| CreateSeqStmt
 		| CreatePLangStmt
 		| CreateTrigStmt
+		| CreateUserStmt
 		| ClusterStmt
 		| DefineStmt
 		| DestroyStmt
 		| DropPLangStmt
 		| DropTrigStmt
+		| DropUserStmt
 		| ExtendStmt
 		| ExplainStmt
 		| FetchStmt
@@ -356,6 +375,105 @@ stmt :	  AddAttrStmt
 		| VariableResetStmt
 		;
 
+/*****************************************************************************
+ *
+ * Create a new postresql DBMS user
+ *
+ *
+ *****************************************************************************/
+
+CreateUserStmt:   CREATE USER Id
+                      user_passwd_clause
+                      user_createdb_clause
+                      user_createuser_clause
+                      user_group_clause
+                      user_valid_clause
+              { CreateUserStmt *n = makeNode(CreateUserStmt);
+                n->user = $3;
+                n->password = $4;
+                n->createdb = $5;
+                n->createuser = $6;
+                  n->groupElts = $7;
+                n->validUntil = $8;
+                $$ = (Node *)n;
+              }
+      ;
+
+/*****************************************************************************
+ *
+ * Alter a postresql DBMS user
+ *
+ *
+ *****************************************************************************/
+
+AlterUserStmt:   ALTER USER Id
+                      user_passwd_clause
+                      user_createdb_clause
+                      user_createuser_clause
+                      user_group_clause
+                      user_valid_clause
+              { AlterUserStmt *n = makeNode(AlterUserStmt);
+                n->user = $3;
+                n->password = $4;
+                n->createdb = $5;
+                n->createuser = $6;
+                  n->groupElts = $7;
+                n->validUntil = $8;
+                $$ = (Node *)n;
+              }
+      ;
+
+/*****************************************************************************
+ *
+ * Drop a postresql DBMS user
+ *
+ *
+ *****************************************************************************/
+
+DropUserStmt:  DROP USER Id
+              { DropUserStmt *n = makeNode(DropUserStmt);
+                n->user = $3;
+                  $$ = (Node *)n;
+              }
+      ;
+
+user_passwd_clause:  WITH PASSWORD Id         { $$ = $3; }
+                      | /*EMPTY*/             { $$ = NULL; }
+                      ;
+
+user_createdb_clause:  CREATEDB               { bool*  b;
+                                        $$ = (b = (bool*)palloc(sizeof(bool)));
+                                        *b = true;
+                                      }
+                      | NOCREATEDB    { bool*  b;
+                                        $$ = (b = (bool*)palloc(sizeof(bool)));
+                                        *b = false;
+                                      }
+                      | /*EMPTY*/     { $$ = NULL; }
+                      ;
+
+user_createuser_clause:  CREATEUSER   { bool*  b;
+                                        $$ = (b = (bool*)palloc(sizeof(bool)));
+                                        *b = true;
+                                      }
+                      | NOCREATEUSER  { bool*  b;
+                                        $$ = (b = (bool*)palloc(sizeof(bool)));
+                                        *b = false;
+                                      }
+                      | /*EMPTY*/     { $$ = NULL; }
+                      ;
+
+user_group_list:  user_group_list ','  Id { $$ = lcons((void*)makeString($3), $1); }
+                      | Id            { $$ = makeList((void*)makeString($1), NULL); }
+                      ;
+
+user_group_clause:  IN GROUP user_group_list  { $$ = $3; }
+                      | /*EMPTY*/             { $$ = NULL; }
+                      ;
+
+user_valid_clause:  VALID UNTIL SCONST        { $$ = $3; }
+                      | /*EMPTY*/             { $$ = NULL; }
+                      ;
 
 /*****************************************************************************
  *

src/backend/parser/keywords.c

@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.26 1997/11/26 01:11:08 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.27 1997/12/04 00:27:04 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -64,6 +64,8 @@ static ScanKeyword ScanKeywords[] = {
 	{"constraint", CONSTRAINT},
 	{"copy", COPY},
 	{"create", CREATE},
+	{"createdb", CREATEDB},
+	{"createuser", CREATEUSER},
 	{"cross", CROSS},
 	{"current", CURRENT},
 	{"current_date", CURRENT_DATE},
@@ -133,6 +135,8 @@ static ScanKeyword ScanKeywords[] = {
 	{"natural", NATURAL},
 	{"nchar", NCHAR},
 	{"new", NEW},
+	{"nocreatedb", NOCREATEDB},
+	{"nocreateuser", NOCREATEUSER},
 	{"none", NONE},
 	{"no", NO},
 	{"not", NOT},
@@ -149,6 +153,7 @@ static ScanKeyword ScanKeywords[] = {
 	{"order", ORDER},
 	{"outer", OUTER_P},
 	{"partial", PARTIAL},
+	{"password", PASSWORD},
 	{"position", POSITION},
 	{"precision", PRECISION},
 	{"primary", PRIMARY},
@@ -188,9 +193,12 @@ static ScanKeyword ScanKeywords[] = {
 	{"type", TYPE_P},
 	{"union", UNION},
 	{"unique", UNIQUE},
+	{"until", UNTIL},
 	{"update", UPDATE},
+	{"user", USER},
 	{"using", USING},
 	{"vacuum", VACUUM},
+	{"valid", VALID},
 	{"values", VALUES},
 	{"varchar", VARCHAR},
 	{"varying", VARYING},

src/backend/postmaster/postmaster.c

@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.62 1997/11/17 03:47:28 scrappy Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.63 1997/12/04 00:27:17 scrappy Exp $
  *
  * NOTES
  *
@@ -47,6 +47,7 @@
 #include <signal.h>
 #include <string.h>
 #include <stdlib.h>
+#include <time.h>
 
 #if !defined(NO_UNISTD_H)
 #include <unistd.h>
@@ -78,6 +79,7 @@
 #include "libpq/auth.h"
 #include "libpq/pqcomm.h"
 #include "libpq/pqsignal.h"
+#include "libpq/crypt.h"
 #include "miscadmin.h"
 #include "version.h"
 #include "lib/dllist.h"
@@ -199,6 +201,7 @@ static void usage(const char *);
 static int	ServerLoop(void);
 static int	BackendStartup(StartupInfo *packet, Port *port, int *pidPtr);
 static void send_error_reply(Port *port, const char *errormsg);
+static void RandomSalt(char* salt);
 
 extern char *optarg;
 extern int	optind,
@@ -663,7 +666,27 @@ ServerLoop(void)
 				switch (status)
 				{
 					case STATUS_OK:
-						{
+						/* Here is where we check for a USER login packet.  If there is one, then
+						 * we must deterine whether the login has a password in pg_user.  If so, send
+						 * back a salt to crypt() the password with.  Otherwise, send an unsalt packet
+						 * back and read the real startup packet.
+						 */
+						if (ntohl(port->buf.msgtype) == STARTUP_USER_MSG) {
+						  PacketLen     plen;
+
+						  port->buf.msgtype = htonl(crypt_salt(port->buf.data));
+						  plen = sizeof(port->buf.len) + sizeof(port->buf.msgtype) + 2;
+						  port->buf.len = htonl(plen);
+						  RandomSalt(port->salt);
+						  memcpy((void*)port->buf.data, (void*)port->salt, 2);
+
+						  status = PacketSend(port, &port->buf, plen, BLOCKING);
+						  if (status != STATUS_OK)
+						    break;
+
+						  /* port->nBytes = 0; */
+						    continue;
+						} else {
 							int			CSstatus;		/* Completion status of
 														 * ConnStartup */
 							char		errormsg[200];	/* error msg from
@@ -1355,3 +1378,44 @@ dumpstatus(SIGNAL_ARGS)
 		curr = DLGetSucc(curr);
 	}
 }
+
+/*
+ * CharRemap
+ */
+static char
+CharRemap(long int ch) {
+
+  if (ch < 0)
+    ch = -ch;
+
+  ch = ch % 62;
+  if (ch < 26)
+    return ('A' + ch);
+
+  ch -= 26;
+  if (ch < 26)
+    return ('a' + ch);
+
+  ch -= 26;
+  return ('0' + ch);
+}
+
+/*
+ * RandomSalt
+ */
+static void
+RandomSalt(char* salt) {
+
+  static bool     initialized = false;
+
+  if (!initialized) {
+    time_t     now;
+
+    now = time(NULL);
+    srandom((unsigned int)now);
+    initialized = true;
+  }
+
+  *salt = CharRemap(random());
+  *(salt + 1) = CharRemap(random());
+}

src/backend/tcop/utility.c

@@ -9,7 +9,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.31 1997/11/24 05:32:40 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.32 1997/12/04 00:27:24 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -721,6 +721,32 @@ ProcessUtility(Node * parsetree,
 			DropProceduralLanguage((DropPLangStmt *) parsetree);
 			break;
 
+                      /*
+                       * ******************************** USER statements ****
+                       *
+                       */
+                case T_CreateUserStmt:
+                        commandTag = "CREATE USER";
+                        CHECK_IF_ABORTED();
+
+                        DefineUser((CreateUserStmt*)parsetree);
+                        break;
+
+                case T_AlterUserStmt:
+                        commandTag = "ALTER USER";
+                        CHECK_IF_ABORTED();
+
+                        AlterUser((AlterUserStmt*)parsetree);
+                        break;
+
+                case T_DropUserStmt:
+                        commandTag = "DROP USER";
+                        CHECK_IF_ABORTED();
+
+                        RemoveUser(((DropUserStmt*)parsetree)->user);
+                        break;
+
+
 			/*
 			 * ******************************** default ********************************
 			 *

src/bin/initdb/initdb.sh

@@ -26,7 +26,7 @@
 #
 #
 # IDENTIFICATION
-#    $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.29 1997/11/16 04:36:14 momjian Exp $
+#    $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.30 1997/12/04 00:27:31 scrappy Exp $
 #
 #-------------------------------------------------------------------------
 
@@ -351,6 +351,13 @@ echo "vacuuming template1"
 echo "vacuum" | postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\
 	grep -v "^DEBUG:"
 
+echo "Altering pg_user acl"
+echo "REVOKE ALL ON pg_user FROM public" | postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\
+         grep -v "'DEBUG:"
+
+echo "COPY pg_user TO '$PGDATA/pg_pwd' USING DELIMITERS '#'" | postgres -F -Q -D$PGDATA template1 2>&1 > /dev/null |\
+         grep -v "'DEBUG:"
+
 echo "loading pg_description"
 echo "copy pg_description from '$TEMPLATE_DESCR'" | postgres -F -Q -D$PGDATA template1 > /dev/null
 echo "copy pg_description from '$GLOBAL_DESCR'" | postgres -F -Q -D$PGDATA template1 > /dev/null

src/bin/psql/psqlHelp.h

@@ -5,7 +5,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: psqlHelp.h,v 1.33 1997/11/21 18:11:46 momjian Exp $
+ * $Id: psqlHelp.h,v 1.34 1997/12/04 00:27:37 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -27,6 +27,9 @@ static struct _helpStruct QL_HELP[] = {
 	{"alter table",
 		"add/rename attributes, rename tables",
 	"\talter table <class_name> [*] add column <attr> <type>;\n\talter table <class_name> [*] rename [column] <attr1> to <attr2>;\n\talter table <class_name1> rename to <class_name2>"},
+	{"alter user",
+		"alter system information for a user",
+	"alter user <user_name>\n\t[with password <password>]\n\t[createdb | noccreatedb]\n\t[createuser | nocreateuser]\n\t[in group <group_1>, ..., <group_n>]\n\t[valid until '<abstime>'];"},
 	{"begin",
 		"begin a new transaction",
 	"begin [transaction|work];"},
@@ -84,6 +87,9 @@ static struct _helpStruct QL_HELP[] = {
 	{"create type",
 		"create a new user-defined base data type",
 	"create type <typename> (\n\tinternallength = (<number> | variable),\n\t[externallength = (<number>|variable),]\n\tinput=<input_function>, output = <output_function>\n\t[,element = <typename>][,delimiter=<character>][,default=\'<string>\']\n\t[,send = <send_function>][,receive = <receive_function>][,passedbyvalue]);"},
+	{"create user",
+		"create a new user",
+	"create user <user_name>\n\t[with password <password>]\n\t[createdb | nocreatedb]\n\t[createuser | nocreateuser]\n\t[in group <group_1>, ..., <group_n>]\n\t[valid until '<abstime>'];"},
 	{"create view",
 		"create a view",
 	"create view <view_name> as select <expr1>[as <attr1>][,... <exprN>[as <attrN>]] [from <from_list>] [where <qual>];"},
@@ -126,6 +132,9 @@ static struct _helpStruct QL_HELP[] = {
 	{"drop type",
 		"remove a user-defined base type",
 	"drop type <typename>;"},
+	{"drop user",
+		"remove a user from the system",
+	"drop user <user_name>;"},
 	{"drop view",
 		"remove a view",
 	"drop view <view_name>"},

src/include/catalog/pg_attribute.h

@@ -7,7 +7,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_attribute.h,v 1.20 1997/11/21 18:12:01 momjian Exp $
+ * $Id: pg_attribute.h,v 1.21 1997/12/04 00:27:47 scrappy Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -281,6 +281,8 @@ DATA(insert OID = 0 ( 1260 usecreatedb		16 0  1   3 0 -1 t f c f f));
 DATA(insert OID = 0 ( 1260 usetrace		16  0   1   4 0 -1 t f c f f));
 DATA(insert OID = 0 ( 1260 usesuper		16  0   1   5 0 -1 t f c f f));
 DATA(insert OID = 0 ( 1260 usecatupd		16  0   1   6 0 -1 t f c f f));
+DATA(insert OID = 0 ( 1260 passwd		25  0  -1   7 0 -1 f f i f f));
+DATA(insert OID = 0 ( 1260 valuntil		702 0   4   8 0 -1 t f i f f));
 DATA(insert OID = 0 ( 1260 ctid				27 0  6  -1 0 -1 f f i f f));
 DATA(insert OID = 0 ( 1260 oid				26 0  4  -2 0 -1 t f i f f));
 DATA(insert OID = 0 ( 1260 xmin				28 0  4  -3 0 -1 f f i f f));

src/include/catalog/pg_class.h

@@ -7,7 +7,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_class.h,v 1.16 1997/11/21 18:12:07 momjian Exp $
+ * $Id: pg_class.h,v 1.17 1997/12/04 00:27:50 scrappy Exp $
  *
  * NOTES
  *	  ``pg_relation'' is being replaced by ``pg_class''.  currently
@@ -125,7 +125,7 @@ DATA(insert OID = 1255 (  pg_proc 81		  PGUID 0 0 0 f f r 16 0 0 f _null_ ));
 DESCR("");
 DATA(insert OID = 1259 (  pg_class 83		  PGUID 0 0 0 f f r 18 0 0 f _null_ ));
 DESCR("");
-DATA(insert OID = 1260 (  pg_user 86		  PGUID 0 0 0 f t r 6  0 0 f _null_ ));
+DATA(insert OID = 1260 (  pg_user 86		  PGUID 0 0 0 f t r 8  0 0 f _null_ ));
 DESCR("");
 DATA(insert OID = 1261 (  pg_group 87		  PGUID 0 0 0 f t s 3  0 0 f _null_ ));
 DESCR("");

src/include/catalog/pg_user.h

@@ -7,7 +7,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_user.h,v 1.5 1997/09/08 02:35:34 momjian Exp $
+ * $Id: pg_user.h,v 1.6 1997/12/04 00:27:54 scrappy Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -36,6 +36,8 @@ CATALOG(pg_user) BOOTSTRAP
 	bool		usetrace;
 	bool		usesuper;
 	bool		usecatupd;
+	text		passwd;
+	int4		valuntil;
 } FormData_pg_user;
 
 /* ----------------
@@ -49,46 +51,48 @@ typedef FormData_pg_user *Form_pg_user;
  *		compiler constants for pg_user
  * ----------------
  */
-#define Natts_pg_user					6
+#define Natts_pg_user					8
 #define Anum_pg_user_usename			1
 #define Anum_pg_user_usesysid			2
 #define Anum_pg_user_usecreatedb		3
 #define Anum_pg_user_usetrace			4
 #define Anum_pg_user_usesuper			5
 #define Anum_pg_user_usecatupd			6
+#define Anum_pg_user_passwd			7
+#define Anum_pg_user_valuntil			8
 
 /* ----------------
  *		initial contents of pg_user
  * ----------------
  */
-DATA(insert OID = 0 ( postgres PGUID t t t t ));
+DATA(insert OID = 0 ( postgres PGUID t t t t postgres 2116994400 ));
 
 BKI_BEGIN
 #ifdef ALLOW_PG_GROUP
 BKI_END
 
-DATA(insert OID = 0 ( mike 799 t t t t ));
-DATA(insert OID = 0 ( mao 1806 t t t t ));
-DATA(insert OID = 0 ( hellers 1089 t t t t ));
-DATA(insert OID = 0 ( joey 5209 t t t t ));
-DATA(insert OID = 0 ( jolly 5443 t t t t ));
-DATA(insert OID = 0 ( sunita 6559 t t t t ));
-DATA(insert OID = 0 ( paxson 3029 t t t t ));
-DATA(insert OID = 0 ( marc 2435 t t t t ));
-DATA(insert OID = 0 ( jiangwu 6124 t t t t ));
-DATA(insert OID = 0 ( aoki 2360 t t t t ));
-DATA(insert OID = 0 ( avi 31080 t t t t ));
-DATA(insert OID = 0 ( kristin 1123 t t t t ));
-DATA(insert OID = 0 ( andrew 5229 t t t t ));
-DATA(insert OID = 0 ( nobuko 5493 t t t t ));
-DATA(insert OID = 0 ( hartzell 6676 t t t t ));
-DATA(insert OID = 0 ( devine 6724 t t t t ));
-DATA(insert OID = 0 ( boris 6396 t t t t ));
-DATA(insert OID = 0 ( sklower 354 t t t t ));
-DATA(insert OID = 0 ( marcel 31113 t t t t ));
-DATA(insert OID = 0 ( ginger 3692 t t t t ));
-DATA(insert OID = 0 ( woodruff 31026 t t t t ));
-DATA(insert OID = 0 ( searcher 8261 t t t t ));
+DATA(insert OID = 0 ( mike 799 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( mao 1806 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( hellers 1089 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( joey 5209 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( jolly 5443 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( sunita 6559 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( paxson 3029 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( marc 2435 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( jiangwu 6124 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( aoki 2360 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( avi 31080 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( kristin 1123 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( andrew 5229 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( nobuko 5493 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( hartzell 6676 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( devine 6724 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( boris 6396 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( sklower 354 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( marcel 31113 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( ginger 3692 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( woodruff 31026 t t t t _null_ 2116994400 ));
+DATA(insert OID = 0 ( searcher 8261 t t t t _null_ 2116994400 ));
 
 BKI_BEGIN
 #endif							/* ALLOW_PG_GROUP */

src/include/libpq/pqcomm.h

@@ -6,7 +6,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pqcomm.h,v 1.16 1997/11/07 20:52:06 momjian Exp $
+ * $Id: pqcomm.h,v 1.17 1997/12/04 00:27:56 scrappy Exp $
  *
  * NOTES
  *	  Some of this should move to libpq.h
@@ -59,7 +59,16 @@ typedef enum _MsgType
 	STARTUP_KRB5_MSG = 11,		/* krb5 session follows startup packet */
 	STARTUP_HBA_MSG = 12,		/* use host-based authentication */
 	STARTUP_UNAUTH_MSG = 13,	/* use unauthenticated connection */
-	STARTUP_PASSWORD_MSG = 14	/* use plaintext password authentication */
+	STARTUP_PASSWORD_MSG = 14,	/* use plaintext password authentication */
+        /* The following three are not really a named authentication method
+           * since the front end has no choice in choosing the method.  The
+           * backend sends the SALT/UNSALT messages back to the frontend after
+           * the USER login has been given to the backend.
+           */
+	STARTUP_CRYPT_MSG = 15,               /* use crypt()'ed password authentication */
+	STARTUP_USER_MSG = 16,          /* send user name to check pg_user for password */
+	STARTUP_SALT_MSG = 17,          /* frontend should crypt the password it sends */
+	STARTUP_UNSALT_MSG = 18         /* frontend should NOT crypt the password it sends */
 	/* insert new values here -- DO NOT REORDER OR DELETE ENTRIES */
 	/* also change LAST_AUTHENTICATION_TYPE below and add to the */
 	/* authentication_type_name[] array in pqcomm.c */
@@ -119,6 +128,7 @@ typedef struct Port
 	 * PacketBufId				id;
 *//* id of packet buf currently in use */
 	PacketBuf	buf;			/* stream implementation (curr pack buf) */
+	char		salt[2];
 } Port;
 
 /* invalid socket descriptor */

src/include/nodes/nodes.h

@@ -6,7 +6,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: nodes.h,v 1.17 1997/11/21 18:12:25 momjian Exp $
+ * $Id: nodes.h,v 1.18 1997/12/04 00:28:01 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -186,6 +186,9 @@ typedef enum NodeTag
 	T_DropTrigStmt,
 	T_CreatePLangStmt,
 	T_DropPLangStmt,
+	T_CreateUserStmt,
+	T_AlterUserStmt,
+	T_DropUserStmt,
 
 	T_A_Expr = 700,
 	T_Attr,

src/include/nodes/parsenodes.h

@@ -6,7 +6,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: parsenodes.h,v 1.35 1997/11/24 05:09:50 momjian Exp $
+ * $Id: parsenodes.h,v 1.36 1997/12/04 00:28:03 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -197,6 +197,30 @@ typedef struct DropPLangStmt
 }			DropPLangStmt;
 
 
+/* ----------------------
+ *              Create/Alter/Drop User Statements
+ * ----------------------
+ */
+typedef struct CreateUserStmt
+{
+        NodeTag         type;
+        char*           user;           /* PostgreSQL user login              */
+        char*           password;       /* PostgreSQL user password           */
+        bool*           createdb;       /* Can the user create databases?     */
+        bool*           createuser;     /* Can this user create users?        */
+        List*           groupElts;      /* The groups the user is a member of */
+        char*           validUntil;     /* The time the login is valid until  */
+} CreateUserStmt;
+
+typedef CreateUserStmt        AlterUserStmt;
+
+typedef struct DropUserStmt
+{
+        NodeTag         type;
+        char*           user;           /* PostgreSQL user login              */
+} DropUserStmt;
+
+
 /* ----------------------
  *		Create SEQUENCE Statement
  * ----------------------

src/interfaces/libpq/fe-auth.c

@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.11 1997/09/08 21:55:32 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.12 1997/12/04 00:28:08 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -511,6 +511,7 @@ fe_sendauth(MsgType msgtype, Port *port, const char *hostname,
 		case STARTUP_MSG:
 			break;
 		case STARTUP_PASSWORD_MSG:
+		case STARTUP_CRYPT_MSG:
 			pg_password_sendauth(port, user, password);
 		default:
 			break;

src/interfaces/libpq/fe-connect.c

@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.49 1997/12/01 22:02:46 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.50 1997/12/04 00:28:11 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -36,6 +36,9 @@
 #ifndef HAVE_STRDUP
 #include "strdup.h"
 #endif
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
 
 
 /* use a local version instead of the one found in pqpacket.c */
@@ -284,7 +287,7 @@ PQconndefaults(void)
 }
 
 /* ----------------
- *		PQsetdb
+ *		PQsetdbLogin
  *
  * establishes a connection to a postgres backend through the postmaster
  * at the specified host and port.
@@ -324,7 +327,7 @@ PQconndefaults(void)
  * ----------------
  */
 PGconn	   *
-PQsetdb(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName)
+PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd)
 {
 	PGconn	   *conn;
 	char	   *tmp;
@@ -386,7 +389,12 @@ PQsetdb(const char *pghost, const char *pgport, const char *pgoptions, const cha
 		else
 			conn->pgoptions = strdup(pgoptions);
 
-		if ((tmp = getenv("PGUSER")) != NULL)
+		if (login)
+		{
+			error = FALSE;
+			conn->pguser = strdup(login);
+		}
+		else if ((tmp = getenv("PGUSER")) != NULL)
 		{
 			error = FALSE;
 			conn->pguser = strdup(tmp);
@@ -407,8 +415,14 @@ PQsetdb(const char *pghost, const char *pgport, const char *pgoptions, const cha
 			}
 		}
 
-		if ((tmp = getenv("PGPASSWORD")) != NULL)
+		if (pwd)
+		{
+			conn->pgpass = strdup(pwd);
+		}
+		else if ((tmp = getenv("PGPASSWORD")) != NULL)
+		{
 			conn->pgpass = strdup(tmp);
+		}
 		else
 			conn->pgpass = 0;
 
@@ -479,6 +493,7 @@ connectDB(PGconn *conn)
 
 	StartupInfo startup;
 	PacketBuf	pacBuf;
+	PacketLen	pacLen;
 	int			status;
 	MsgType		msgtype;
 	int			laddrlen = sizeof(struct sockaddr);
@@ -486,6 +501,8 @@ connectDB(PGconn *conn)
 	int			portno,
 				family,
 				len;
+	bool			salted = false;
+	char*			tmp;
 
 	/*
 	 * Initialize the startup packet.
@@ -592,6 +609,56 @@ connectDB(PGconn *conn)
 	}
 
 	/* by this point, connection has been opened */
+
+        /* This section of code is new as of Nov 19, 1997.  It sends just the
+         * user's login to the backend.  This allows the backend to search
+         * pg_user to see if the user has a password defined.  If the user
+         * does have a password in pg_user, then the backend will send a
+         * packet back with a randomly generated salt, so the user's password
+         * can be encrypted.
+         */
+        pacLen = sizeof(pacBuf.len) + sizeof(pacBuf.msgtype) + strlen(startup.user) + 1;
+        pacBuf.len = htonl(pacLen);
+        pacBuf.msgtype = htonl(STARTUP_USER_MSG);
+        strcpy(pacBuf.data, startup.user);
+        status = packetSend(port, &pacBuf, pacLen, BLOCKING);
+        if (status == STATUS_ERROR) {
+          sprintf(conn->errorMessage, "connectDB() --  couldn't send complete packet: errno=%d\n%s\n", errno, strerror(errno));
+          goto connect_errReturn;
+        }
+
+        /* Check to see if the server sent us a salt back to encrypt the
+         * password to send for authentication. --TAB
+         */
+        status = packetReceive(port, &pacBuf, BLOCKING);
+
+        if (status != STATUS_OK) {
+          sprintf(conn->errorMessage, "connectDB() -- couldn't receive un/salt packet: errno=%d\n%s\n", errno, strerror(errno));
+          goto connect_errReturn;
+        }
+        pacBuf.msgtype = ntohl(pacBuf.msgtype);
+        switch (pacBuf.msgtype) {
+          case STARTUP_SALT_MSG:
+            salted = true;
+            if (!conn->pgpass) {
+              sprintf(conn->errorMessage, "connectDB() -- backend requested a password, but none was given\n");
+              goto connect_errReturn;
+            }
+            tmp = crypt(conn->pgpass, pacBuf.data);
+            free((void*)conn->pgpass);
+            conn->pgpass = strdup(tmp);
+            break;
+          case STARTUP_UNSALT_MSG:
+            salted = false;
+            break;
+          default:
+            sprintf(conn->errorMessage, "connectDB() -- backend did not supply a salt packet\n");
+            goto connect_errReturn;
+        }
+
+        if (salted)
+          msgtype = STARTUP_CRYPT_MSG;
+        else
         msgtype = fe_getauthsvc(conn->errorMessage);
 
 /*	  pacBuf = startup2PacketBuf(&startup);*/
@@ -820,6 +887,63 @@ packetSend(Port *port,
 	return (STATUS_OK);
 }
 
+/*
+ * packetReceive()
+ *
+ This is a less stringent PacketReceive(), defined in backend/libpq/pqpacket.c
+ We define it here to avoid linking in all of libpq.a
+
+ * packetReceive -- receive a packet on a port
+ *
+ * RETURNS: STATUS_ERROR if the read fails, STATUS_OK otherwise.
+ * SIDE_EFFECTS: may block.
+ * NOTES: Non-blocking reads would significantly complicate
+ *            buffer management.      For now, we're not going to do it.
+ *
+*/
+int
+packetReceive(Port *port, PacketBuf *buf, bool nonBlocking) {
+
+  PacketLen     max_size = sizeof(PacketBuf);
+  PacketLen     cc;                           /* character count -- recvd */
+  PacketLen     packetLen;
+  int           addrLen = sizeof(struct sockaddr_in);
+  int         hdrLen;
+  int           msgLen;
+
+  /* Read the packet length into the PacketBuf
+   */
+  hdrLen = sizeof(PacketLen);
+  cc = recvfrom(port->sock, (char*)&packetLen, hdrLen, 0, (struct sockaddr*)&port->raddr, &addrLen);
+  if (cc < 0)
+    return STATUS_ERROR;
+  else if (!cc)
+    return STATUS_INVALID;
+  else if (cc < hdrLen)
+    return STATUS_NOT_DONE;
+
+  /* convert to local form of integer and check for oversized packet
+   */
+  buf->len = packetLen;
+  if ((packetLen = ntohl(packetLen)) > max_size) {
+    port->nBytes = packetLen;
+    return STATUS_INVALID;
+  }
+
+  /* fetch the rest of the message
+   */
+  msgLen = packetLen - cc;
+  cc = recvfrom(port->sock, (char*)&buf->msgtype, msgLen, 0, (struct sockaddr*)&port->raddr, &addrLen);
+  if (cc < 0)
+    return STATUS_ERROR;
+  else if (!cc)
+    return STATUS_INVALID;
+  else if (cc < msgLen)
+    return STATUS_NOT_DONE;
+
+  return STATUS_OK;
+}
+
 /*
  * startup2PacketBuf()
  *

src/interfaces/libpq/fe-connect.h

@@ -6,7 +6,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: fe-connect.h,v 1.4 1997/09/08 21:55:39 momjian Exp $
+ * $Id: fe-connect.h,v 1.5 1997/12/04 00:28:13 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -19,11 +19,13 @@
  */
 
 extern int	packetSend(Port *port, PacketBuf *buf, PacketLen len, bool nonBlocking);
+extern int	packetReceive(Port *port, PacketBuf *buf, bool nonBlocking);
 
 #endif							/* FE_CONNECT_H */
 #ifndef FE_CONNECT_H
 #define FE_CONNECT_H
 
 int			packetSend(Port *port, PacketBuf *buf, PacketLen len, bool nonBlocking);
+int			packetReceive(Port *port, PacketBuf *buf, bool nonBlocking);
 
 #endif

src/interfaces/libpq/libpq-fe.h

@@ -6,7 +6,7 @@
  *
  * Copyright (c) 1994, Regents of the University of California
  *
- * $Id: libpq-fe.h,v 1.23 1997/09/08 21:55:45 momjian Exp $
+ * $Id: libpq-fe.h,v 1.24 1997/12/04 00:28:15 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -221,8 +221,9 @@ extern		"C"
 	/* make a new client connection to the backend */
 	extern PGconn *PQconnectdb(const char *conninfo);
 	extern PQconninfoOption *PQconndefaults(void);
-	extern PGconn *PQsetdb(const char *pghost, const char *pgport, const char *pgoptions,
-								  const char *pgtty, const char *dbName);
+	extern PGconn *PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions,
+					  const char *pgtty, const char *dbName, const char *login, const char *pwd);
+#define PQsetdb(M_PGHOST,M_PGPORT,M_PGOPT,M_PGTTY,M_DBNAME)   PQsetdbLogin(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME, NULL, NULL)
 	/* close the current connection and free the PGconn data structure */
 	extern void PQfinish(PGconn *conn);