1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/postgresql/pg_passwd Mon Nov 22 16:54:26 2010 +0100
1.3 @@ -0,0 +1,174 @@
1.4 +#!@l_bash@
1.5 +##
1.6 +## pg_passwd -- PostgreSQL Database Password Changing Utility
1.7 +## Copyright (c) 2007 OpenPKG Foundation e.V. <http://openpkg.net/>
1.8 +## Copyright (c) 2007 Ralf S. Engelschall <http://engelschall.com/>
1.9 +##
1.10 +## Permission to use, copy, modify, and distribute this software for
1.11 +## any purpose with or without fee is hereby granted, provided that
1.12 +## the above copyright notice and this permission notice appear in all
1.13 +## copies.
1.14 +##
1.15 +## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
1.16 +## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
1.17 +## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1.18 +## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
1.19 +## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.20 +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
1.21 +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
1.22 +## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
1.23 +## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
1.24 +## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
1.25 +## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.26 +## SUCH DAMAGE.
1.27 +##
1.28 +
1.29 +# determine system username
1.30 +system_username="`(id -un) 2>/dev/null`"
1.31 +if [ ".$system_username" = . ]; then
1.32 + str="`(id) 2>/dev/null`"
1.33 + if [ ".`echo $str | grep '^uid[ ]*=[ ]*[0-9]*('`" != . ]; then
1.34 + system_username=`echo $str | sed -e 's/^uid[ ]*=[ ]*[0-9]*(//' -e 's/).*$//'`
1.35 + fi
1.36 + if [ ".$system_username" = . ]; then
1.37 + system_username="$LOGNAME"
1.38 + if [ ".$system_username" = . ]; then
1.39 + system_username="$USER"
1.40 + if [ ".$system_username" = . ]; then
1.41 + system_username="`(whoami) 2>/dev/null | awk '{ printf("%s", $1); }'`"
1.42 + if [ ".$system_username" = . ]; then
1.43 + system_username="`(who am i) 2>/dev/null | awk '{ printf("%s", $1); }'`"
1.44 + fi
1.45 + fi
1.46 + fi
1.47 + fi
1.48 +fi
1.49 +
1.50 +# determine database superuser username, password and database
1.51 +superuser_username=""
1.52 +superuser_password=""
1.53 +superuser_database=""
1.54 +superuser_config_file="@l_prefix@/var/postgresql/db/pg_superuser.conf"
1.55 +if [ -r $superuser_config_file ]; then
1.56 + # read information
1.57 + eval `. $superuser_config_file; \
1.58 + echo superuser_database=\"$superuser_database\"; \
1.59 + echo superuser_username=\"$superuser_username\"; \
1.60 + echo superuser_password=\"$superuser_password\"`
1.61 +else
1.62 + # guess information
1.63 + superuser_username="postgresql"
1.64 + superuser_database="template1"
1.65 +fi
1.66 +
1.67 +# determine requested username, database and hostname
1.68 +username="$1"
1.69 +database="$2"
1.70 +hostname="$3"
1.71 +if [ ".$username" = . ]; then
1.72 + if [ ".$system_username" = ".root" -o ".$system_username" = ".@l_rusr@" ]; then
1.73 + username="$superuser_username"
1.74 + else
1.75 + username="$system_username"
1.76 + fi
1.77 +fi
1.78 +if [ ".$database" = . ]; then
1.79 + if [ ".$username" = ".$superuser_username" ]; then
1.80 + database="$superuser_database"
1.81 + else
1.82 + database="$username"
1.83 + fi
1.84 +fi
1.85 +if [ ".$hostname" = . ]; then
1.86 + hostname="localhost"
1.87 +fi
1.88 +
1.89 +# make sure that the PostgreSQL super-user password
1.90 +# can be kept in sync with the external storage
1.91 +if [ ".$username" = ".$superuser_username" -a \
1.92 + ".$database" = ".$superuser_database" ]; then
1.93 + if [ ".$system_username" != ".root" -a ".$system_username" != ".@l_rusr@" ]; then
1.94 + echo "$0:ERROR: super-user account password can be changed by \"root\" and \"@l_rusr@\" only" 2>&1
1.95 + exit 1
1.96 + fi
1.97 + if [ -h $superuser_config_file ]; then
1.98 + echo "$0:ERROR: superuser config \"$superuser_config_file\": invalid (symbolic link)" 2>&1
1.99 + exit 1
1.100 + fi
1.101 + if [ ! -f $superuser_config_file ]; then
1.102 + echo "$0:WARNING: superuser config \"$superuser_config_file\": not existing" 2>&1
1.103 + exit 1
1.104 + elif [ ! -w $superuser_password_file ]; then
1.105 + echo "$0:ERROR: superuser config \"$superuser_config_file\": permission denied (not writeable)" 2>&1
1.106 + exit 1
1.107 + fi
1.108 +fi
1.109 +
1.110 +# request old and new password
1.111 +password_old=""
1.112 +password_new=""
1.113 +password_new_verify=""
1.114 +if [ ".$username" = ".$superuser_username" -a \
1.115 + ".$database" = ".$superuser_database" ]; then
1.116 + password_old="$superuser_password"
1.117 +fi
1.118 +while [ ".$password_old" = . ]; do
1.119 + read -s -p "$username:$database:$hostname OLD password: " password_old
1.120 + echo ""
1.121 +done
1.122 +while [ ".$password_new" = . ]; do
1.123 + read -s -p "$username:$database:$hostname NEW password: " password_new
1.124 + echo ""
1.125 +done
1.126 +while [ ".$password_new_verify" = . ]; do
1.127 + read -s -p "$username:$database:$hostname NEW password (retype to verify): " password_new_verify
1.128 + echo ""
1.129 +done
1.130 +if [ ".$password_new" != ".$password_new_verify" ]; then
1.131 + echo "$0:ERROR: mismatch on NEW password" 1>&2
1.132 + exit 1
1.133 +fi
1.134 +
1.135 +# change the password
1.136 +echo "ALTER ROLE $username WITH PASSWORD '$password_new'" | \
1.137 +PGPASSWORD="$password_old" @l_prefix@/bin/psql \
1.138 + -q -U $username -d $database -h $hostname -f- || exit $?
1.139 +
1.140 +# update superuser configuration
1.141 +if [ ".$username" = ".$superuser_username" -a \
1.142 + ".$database" = ".$superuser_database" ]; then
1.143 + ( umask 077
1.144 + sed -e "s;.*\(superuser_password=\"\).*\(\"\).*;\1$password_new\2;" \
1.145 + <$superuser_config_file >$superuser_config_file.new || exit $?
1.146 + cp $superuser_config_file.new $superuser_config_file || exit $?
1.147 + rm -f $superuser_config_file.new || exit $?
1.148 + exit 0
1.149 + ) || {
1.150 + echo "$0:ERROR: \"$superuser_config_file\": failed to update content" 1>&2
1.151 + rm -f $superuser_config_file.new || true
1.152 + exit $?
1.153 + }
1.154 + ( superuser_database_old="$superuser_database"
1.155 + superuser_username_old="$superuser_username"
1.156 + superuser_password_old="$superuser_password"
1.157 + . $superuser_config_file
1.158 + [ ".$superuser_database" != ".$superuser_database_old" ] && exit 1
1.159 + [ ".$superuser_username" != ".$superuser_username_old" ] && exit 1
1.160 + [ ".$superuser_password" = ".$superuser_password_old" ] && exit 1
1.161 + [ ".$superuser_password" != ".$password_new" ] && exit 1
1.162 + exit 0
1.163 + ) || {
1.164 + echo "$0:ERROR: \"$superuser_config_file\": unexpected updated content" 1>&2
1.165 + exit $?
1.166 + }
1.167 + ( if [ ".$system_username" = ".root" ]; then
1.168 + chown @l_rusr@:@l_rgrp@ $superuser_config_file || exit $?
1.169 + fi
1.170 + chmod 600 $superuser_config_file || exit $?
1.171 + exit 0
1.172 + ) || {
1.173 + echo "$0:ERROR: \"$superuser_config_file\": failed to fixate attributes" 1>&2
1.174 + exit $?
1.175 + }
1.176 +fi
1.177 +
