示例#1
0
文件: user.go 项目: hvaara/cockroach
// runSetUser prompts for a password, then inserts the user and hash
// into the system.users table.
// TODO(marc): once we have more fields in the user, we will need
// to allow changing just some of them (eg: change email, but leave password).
func runSetUser(cmd *cobra.Command, args []string) error {
	if len(args) != 1 {
		return usageAndError(cmd)
	}
	var err error
	var hashed []byte
	if password {
		hashed, err = security.PromptForPasswordAndHash()
		if err != nil {
			return err
		}
	} else {
		hashed, err = security.HashPassword("")
		if err != nil {
			return err
		}
	}

	conn, err := getPasswordAndMakeSQLClient()
	if err != nil {
		return err
	}
	defer conn.Close()
	// TODO(asubiotto): Implement appropriate server-side authorization rules
	// for users to be able to change their own passwords.
	return runQueryAndFormatResults(conn, os.Stdout,
		makeQuery(`UPSERT INTO system.users VALUES ($1, $2)`, args[0], hashed), cliCtx.prettyFmt)
}
示例#2
0
文件: user.go 项目: knz/cockroach
// runSetUser prompts for a password, then inserts the user and hash
// into the system.users table.
// TODO(marc): once we have more fields in the user, we will need
// to allow changing just some of them (eg: change email, but leave password).
func runSetUser(cmd *cobra.Command, args []string) error {
	if len(args) != 1 {
		return usageAndError(cmd)
	}
	var err error
	var hashed []byte
	switch password {
	case "":
		hashed, err = security.PromptForPasswordAndHash()
		if err != nil {
			return err
		}
	case "-":
		scanner := bufio.NewScanner(os.Stdin)
		if scanner.Scan() {
			hashed, err = security.HashPassword(scanner.Text())
			if err != nil {
				return err
			}
			if scanner.Scan() {
				return errors.New("multiline passwords are not permitted")
			}
			if err := scanner.Err(); err != nil {
				return err
			}
		} else {
			if err := scanner.Err(); err != nil {
				return err
			}
		}
	default:
		hashed, err = security.HashPassword(password)
		if err != nil {
			return err
		}
	}

	// Only security.RootUser can set passwords.
	// TODO(asubiotto): Implement appropriate server-side authorization rules
	// for users to be able to change their own passwords.
	if connUser != security.RootUser {
		return fmt.Errorf("only %s is allowed to set passwords", security.RootUser)
	}
	conn, err := makeSQLClient(url.User(security.RootUser))
	if err != nil {
		return err
	}
	defer conn.Close()
	return runQueryAndFormatResults(conn, os.Stdout,
		makeQuery(`UPSERT INTO system.users VALUES ($1, $2)`, args[0], hashed), cliCtx.prettyFmt)
}