Allow CREATE/ALTER ROLE PASSWORD NULL to allow restoring the default state

of having no password.

diff --git a/doc/src/sgml/ref/create_role.sgml b/doc/src/sgml/ref/create_role.sgml
index 9af33ce212039cb6faf62d9f7a6fc1a96e2f1f55..60dce9b298d886c6a0ac1c3b9907360ffed479ec 100644 (file)
--- a/doc/src/sgml/ref/create_role.sgml
+++ b/doc/src/sgml/ref/create_role.sgml
@@ -1,5 +1,5 @@
 
 
@@ -188,10 +188,13 @@ where option can be:
       
        
         Sets the role's password.  (A password is only of use for
-        roles having the LOGIN attribute, but you can
-        nonetheless define one for roles without it.)
-        If you do not plan to use password
-        authentication you can omit this option.
+        roles having the LOGIN attribute, but you
+        can nonetheless define one for roles without it.)  If you do
+        not plan to use password authentication you can omit this
+        option.  If no password is specified, the password will be set
+        to null and password authentication will always fail for that
+        user.  A null password can optionally be written explicitly as
+        PASSWORD NULL.
        
       
      

diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 381ebe24adf3834a6f474b78b84d5c328956bd77..0ffcc2150176daf0b2e9722d4eb01b62df2476bd 100644 (file)
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -6,7 +6,7 @@
  * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.166 2005/11/22 18:17:09 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.167 2005/12/23 16:46:39 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -225,7 +225,7 @@ CreateRole(CreateRoleStmt *stmt)
                 defel->defname);
    }
 
-   if (dpassword)
+   if (dpassword && dpassword->arg)
        password = strVal(dpassword->arg);
    if (dissuper)
        issuper = intVal(dissuper->arg) != 0;
@@ -517,7 +517,7 @@ AlterRole(AlterRoleStmt *stmt)
                 defel->defname);
    }
 
-   if (dpassword)
+   if (dpassword && dpassword->arg)
        password = strVal(dpassword->arg);
    if (dissuper)
        issuper = intVal(dissuper->arg);
@@ -573,7 +573,7 @@ AlterRole(AlterRoleStmt *stmt)
              !dconnlimit &&
              !rolemembers &&
              !validUntil &&
-             password &&
+             dpassword &&
              roleid == GetUserId()))
            ereport(ERROR,
                    (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
@@ -651,6 +651,13 @@ AlterRole(AlterRoleStmt *stmt)
        new_record_repl[Anum_pg_authid_rolpassword - 1] = 'r';
    }
 
+   /* unset password */
+   if (dpassword && dpassword->arg == NULL)
+   {
+       new_record_repl[Anum_pg_authid_rolpassword - 1] = 'r';
+       new_record_nulls[Anum_pg_authid_rolpassword - 1] = 'n';
+   }
+
    /* valid until */
    if (validUntil)
    {

diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y
index 16fdde7b9bca965144ebba8c432c9b7c113fc8f0..4a006bd16931a5c9ace0aa644b38d9835c1d14a3 100644 (file)
--- a/src/backend/parser/gram.y
+++ b/src/backend/parser/gram.y
@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *   $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.517 2005/12/11 10:54:27 neilc Exp $
+ *   $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.518 2005/12/23 16:46:39 petere Exp $
  *
  * HISTORY
  *   AUTHOR            DATE            MAJOR EVENT
@@ -616,6 +616,10 @@ OptRoleElem:
                    $$ = makeDefElem("password",
                                     (Node *)makeString($2));
                }
+           | PASSWORD NULL_P
+               {
+                   $$ = makeDefElem("password", NULL);
+               }
            | ENCRYPTED PASSWORD Sconst
                {
                    $$ = makeDefElem("encryptedPassword",