Make psql's \password default to CURRENT_USER, not PQuser(conn).

The documentation says plainly that \password acts on "the current user" by default. What it actually acted on, or tried to, was the username used to log into the current session. This is not the same thing if one has since done SET ROLE or SET SESSION AUTHENTICATION. Aside from the possible surprise factor, it's quite likely that the current role doesn't have permissions to set the password of the original role. To fix, use "SELECT CURRENT_USER" to get the role name to act on. (This syntax works with servers at least back to 7.0.) Also, in hopes of reducing confusion, include the role name that will be acted on in the password prompt. The discrepancy from the documentation makes this a bug, so back-patch to all supported branches. Patch by me; thanks to Nathan Bossart for review. Discussion: https://postgr.es/m/747443.1635536754@sss.pgh.pa.us

Make psql's \password default to CURRENT_USER, not PQuser(conn).
The documentation says plainly that \password acts on "the current user" by default. What it actually acted on, or tried to, was the username used to log into the current session. This is not the same thing if one has since done SET ROLE or SET SESSION AUTHENTICATION. Aside from the possible surprise factor, it's quite likely that the current role doesn't have permissions to set the password of the original role. To fix, use "SELECT CURRENT_USER" to get the role name to act on. (This syntax works with servers at least back to 7.0.) Also, in hopes of reducing confusion, include the role name that will be acted on in the password prompt. The discrepancy from the documentation makes this a bug, so back-patch to all supported branches. Patch by me; thanks to Nathan Bossart for review. Discussion: https://postgr.es/m/747443.1635536754@sss.pgh.pa.us
99389cb6 · Tom Lane · 5f81a480 · 99389cb6
Commit 99389cb6 authored Nov 12, 2021 by Tom Lane
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 13 deletions

src/bin/psql/command.c src/bin/psql/command.c +21 -13

No files found.
--- a/src/bin/psql/command.c
+++ b/src/bin/psql/command.c
@@ -2022,12 +2022,29 @@ exec_command_password(PsqlScanState scan_state, bool active_branch)

 	if (active_branch)
 	{
-		char	   *opt0 = psql_scan_slash_option(scan_state,
+		char	   *user = psql_scan_slash_option(scan_state,
 												  OT_SQLID, NULL, true);
 		char	   *pw1;
 		char	   *pw2;
+		PQExpBufferData buf;
+
+		if (user == NULL)
+		{
+			/* By default, the command applies to CURRENT_USER */
+			PGresult   *res;
+
+			res = PSQLexec("SELECT CURRENT_USER");
+			if (!res)
+				return PSQL_CMD_ERROR;
+
+			user = pg_strdup(PQgetvalue(res, 0, 0));
+			PQclear(res);
+		}

-		pw1 = simple_prompt("Enter new password: ", false);
+		initPQExpBuffer(&buf);
+		printfPQExpBuffer(&buf, _("Enter new password for user \"%s\": "), user);
+
+		pw1 = simple_prompt(buf.data, false);
 		pw2 = simple_prompt("Enter it again: ", false);

 		if (strcmp(pw1, pw2) != 0)
@@ -2037,14 +2054,8 @@ exec_command_password(PsqlScanState scan_state, bool active_branch)
 		}
 		else
 		{
-			char	   *user;
 			char	   *encrypted_password;

-			if (opt0)
-				user = opt0;
-			else
-				user = PQuser(pset.db);
-
 			encrypted_password = PQencryptPasswordConn(pset.db, pw1, user, NULL);

 			if (!encrypted_password)
@@ -2054,15 +2065,12 @@ exec_command_password(PsqlScanState scan_state, bool active_branch)
 			}
 			else
 			{
-				PQExpBufferData buf;
 				PGresult   *res;

-				initPQExpBuffer(&buf);
 				printfPQExpBuffer(&buf, "ALTER USER %s PASSWORD ",
 								  fmtId(user));
 				appendStringLiteralConn(&buf, encrypted_password, pset.db);
 				res = PSQLexec(buf.data);
-				termPQExpBuffer(&buf);
 				if (!res)
 					success = false;
 				else
@@ -2071,10 +2079,10 @@ exec_command_password(PsqlScanState scan_state, bool active_branch)
 			}
 		}

-		if (opt0)
-			free(opt0);
+		free(user);
 		free(pw1);
 		free(pw2);
+		termPQExpBuffer(&buf);
 	}
 	else
 		ignore_slash_options(scan_state);