pg_user cleanup.

bmomjian · bmomjian · commit ba1d990cf7a6 · 1998-03-06T18:03:38.000Z
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
@@ -89,7 +89,7 @@ void
 DefineUser(CreateUserStmt *stmt)
 {
 
-	char	   *pg_user;
+	char	   *pg_shadow;
 	Relation	pg_shadow_rel;
 	TupleDesc	pg_shadow_dsc;
 	HeapScanDesc scan;
@@ -112,12 +112,12 @@ DefineUser(CreateUserStmt *stmt)
 	 * Make sure the user attempting to create a user can insert into the
 	 * pg_shadow relation.
 	 */
-	pg_user = GetPgUserName();
-	if (pg_aclcheck(ShadowRelationName, pg_user, ACL_RD | ACL_WR | ACL_AP) != ACLCHECK_OK)
+	pg_shadow = GetPgUserName();
+	if (pg_aclcheck(ShadowRelationName, pg_shadow, ACL_RD | ACL_WR | ACL_AP) != ACLCHECK_OK)
 	{
 		UserAbortTransactionBlock();
 		elog(ERROR, "defineUser: user \"%s\" does not have SELECT and INSERT privilege for \"%s\"",
-			 pg_user, ShadowRelationName);
+			 pg_shadow, ShadowRelationName);
 		return;
 	}
 
@@ -220,7 +220,7 @@ extern void
 AlterUser(AlterUserStmt *stmt)
 {
 
-	char	   *pg_user;
+	char	   *pg_shadow;
 	Relation	pg_shadow_rel;
 	TupleDesc	pg_shadow_dsc;
 	HeapScanDesc scan;
@@ -242,12 +242,12 @@ AlterUser(AlterUserStmt *stmt)
 	 * Make sure the user attempting to create a user can insert into the
 	 * pg_shadow relation.
 	 */
-	pg_user = GetPgUserName();
-	if (pg_aclcheck(ShadowRelationName, pg_user, ACL_RD | ACL_WR) != ACLCHECK_OK)
+	pg_shadow = GetPgUserName();
+	if (pg_aclcheck(ShadowRelationName, pg_shadow, ACL_RD | ACL_WR) != ACLCHECK_OK)
 	{
 		UserAbortTransactionBlock();
 		elog(ERROR, "alterUser: user \"%s\" does not have SELECT and UPDATE privilege for \"%s\"",
-			 pg_user, ShadowRelationName);
+			 pg_shadow, ShadowRelationName);
 		return;
 	}
 
@@ -347,7 +347,7 @@ extern void
 RemoveUser(char *user)
 {
 
-	char	   *pg_user;
+	char	   *pg_shadow;
 	Relation	pg_shadow_rel,
 				pg_rel;
 	TupleDesc	pg_dsc;
@@ -369,12 +369,12 @@ RemoveUser(char *user)
 	 * Make sure the user attempting to create a user can delete from the
 	 * pg_shadow relation.
 	 */
-	pg_user = GetPgUserName();
-	if (pg_aclcheck(ShadowRelationName, pg_user, ACL_RD | ACL_WR) != ACLCHECK_OK)
+	pg_shadow = GetPgUserName();
+	if (pg_aclcheck(ShadowRelationName, pg_shadow, ACL_RD | ACL_WR) != ACLCHECK_OK)
 	{
 		UserAbortTransactionBlock();
 		elog(ERROR, "removeUser: user \"%s\" does not have SELECT and DELETE privilege for \"%s\"",
-			 pg_user, ShadowRelationName);
+			 pg_shadow, ShadowRelationName);
 		return;
 	}
 
@@ -463,7 +463,7 @@ RemoveUser(char *user)
 	 * tables, views, etc owned by the user.
 	 *
 	 * The second option would be to create a means of deleting tables, view,
-	 * etc. owned by the user from other databases.  Pg_user is global and
+	 * etc. owned by the user from other databases.  pg_shadow is global and
 	 * so this must be done at some point.
 	 *
 	 * Let us not forget that the user should be removed from the pg_groups
diff --git a/src/backend/libpq/pg_hba.conf.sample b/src/backend/libpq/pg_hba.conf.sample
@@ -68,10 +68,11 @@
 #	       by the host.  If AUTH_ARGUMENT is specified then the password is
 #	       compared with the user's entry in that file (in the $PGDATA
 #	       directory).  See pg_passwd(1).  If it is omitted then the
-#	       password is compared with the user's entry in the pg_user table.
+#	       password is compared with the user's entry in the pg_shadow
+#	       table.
 #
 #   crypt:  Authentication is done by matching an encrypted password supplied
-#	    by the host with that held for the user in the pg_user table.
+#	    by the host with that held for the user in the pg_shadow table.
 #
 #   krb4:   Kerberos V4 authentication is used.
 #
diff --git a/src/man/alter_user.l b/src/man/alter_user.l
@@ -1,6 +1,6 @@
 .\" This is -*-nroff-*-
 .\" XXX standard disclaimer belongs here....
-.\" $Header: /cvsroot/pgsql/src/man/Attic/alter_user.l,v 1.1 1998/01/25 07:42:00 scrappy Exp $
+.\" $Header: /cvsroot/pgsql/src/man/Attic/alter_user.l,v 1.2 1998/03/06 18:02:49 momjian Exp $
 .TH "ALTER USER" SQL 01/26/98 PostgreSQL PostgreSQL
 .SH NAME
 alter user -- alter user account information within a PostgreSQL instance
@@ -20,10 +20,10 @@ detailed description of each of the clause in the alter user statement,
 please see the create_user(l) manual page.  Please note that it is not
 possible to alter a user's usesysid via the alter user statement.  Also,
 it is only possible for the postgres user or any user with read and modify
-permissions on pg_user to alter user passwords. 
+permissions on pg_shadow to alter user passwords. 
 
 If any of the clauses of the alter user statement are omitted, the
-corresponding value in the pg_user relation is left unchanged. 
+corresponding value in the pg_shadow relation is left unchanged. 
 
 This statement can be used to modify users created with createuser(1).
 
diff --git a/src/man/catalogs.3 b/src/man/catalogs.3
@@ -1,6 +1,6 @@
 .\" This is -*-nroff-*-
 .\" XXX standard disclaimer belongs here....
-.\" $Header: /cvsroot/pgsql/src/man/Attic/catalogs.3,v 1.3 1998/01/11 22:17:06 momjian Exp $
+.\" $Header: /cvsroot/pgsql/src/man/Attic/catalogs.3,v 1.4 1998/03/06 18:03:02 momjian Exp $
 .TH "SYSTEM CATALOGS" INTRO 03/13/94 PostgreSQL PostgreSQL
 .SH "Section 7 - System Catalogs"
 .de LS
@@ -43,7 +43,7 @@ the site:
 	\fBname\fP	\fBshared/local\fP	\fBdescription\fP
 	pg_database	shared	current databases
 	pg_group	shared	user groups
-	pg_user	shared	valid users
+	pg_shadow	shared	valid users
 .LE
 .SH "RULE SYSTEM CATALOGS"
 .LS
@@ -339,7 +339,7 @@ pg_group
     int2        grolist[1]	/* list of usesysids of group members */
 .fi
 .nf M
-pg_user
+pg_shadow
     NameData      usename		/* user's name */
     int2        usesysid	/* user's UNIX user id */
     bool        usecreatedb	/* can user create databases? */
diff --git a/src/man/create_user.l b/src/man/create_user.l
@@ -1,6 +1,6 @@
 .\" This is -*-nroff-*-
 .\" XXX standard disclaimer belongs here....
-.\" $Header: /cvsroot/pgsql/src/man/Attic/create_user.l,v 1.1 1998/01/25 07:42:01 scrappy Exp $
+.\" $Header: /cvsroot/pgsql/src/man/Attic/create_user.l,v 1.2 1998/03/06 18:03:21 momjian Exp $
 .TH "CREATE USER" SQL 01/26/98 PostgreSQL PostgreSQL
 .SH NAME
 create user -- create a new user within a PostgreSQL instance
@@ -16,23 +16,23 @@ create user -- create a new user within a PostgreSQL instance
 .SH DESCRIPTION
 .BR "create user"
 will add a new user to an instance of PostgreSQL.  The new user will be
-given a usesysid of 'SELECT max(usesysid) + 1 FROM pg_user'.  This means
+given a usesysid of 'SELECT max(usesysid) + 1 FROM pg_shadow'.  This means
 that a PostgreSQL user's usesysid will not correspond to their operating
 system(OS) user id.  The exception to this rule is the 'postgres' user,
 whose OS user id is used as the usesysid during the initdb process.  If
 you still want the OS user id and the usesysid to match for any given
 user, then use the createuser(1) script provided with the PostgreSQL
 distribution. 
 
-The 'with password' clause sets the user's password within the pg_user
-relation.  For this reason, pg_user is no longer accessible to the
+The 'with password' clause sets the user's password within the pg_shadow
+relation.  For this reason, pg_shadow is no longer accessible to the
 'public' group.  Please note that when initdb(1) is executed for an
 instance of PostgreSQL that the postgres user's password is initially set
-to NULL.  When a user's password in the pg_user relation is NULL, then
+to NULL.  When a user's password in the pg_shadow relation is NULL, then
 user authentication proceeds as it historically has (HBA, PG_PASSWORD,
 etc).  However, if a password is set for a user, then a new authentication
 system supplants any other configured for the PostgreSQL instance, and the
-password stored in the pg_user relation is used for authentication.  For
+password stored in the pg_shadow relation is used for authentication.  For
 more details on how this authentication system functions see pg_crypt(3). 
 If the 'with password' clause is omitted, then the user's password is set
 to the empty string with equates to a NULL value in the authentication
@@ -54,9 +54,9 @@ defined in the pg_group relation).
 
 Finally, the 'valid until' clause sets an absolute time after which the
 user's PostgreSQL login is no longer valid.  Please note that if a user
-does not have a password defined in the pg_user relation, then the valid
+does not have a password defined in the pg_shadow relation, then the valid
 until date will not be checked during user authentication.  If this clause
-is omitted, then a NULL value is stored in pg_user for this attribute, and
+is omitted, then a NULL value is stored in pg_shadow for this attribute, and
 the login will be valid for all time. 
 
 .SH EXAMPLES
diff --git a/src/man/createuser.1 b/src/man/createuser.1
@@ -1,6 +1,6 @@
 .\" This is -*-nroff-*-
 .\" XXX standard disclaimer belongs here....
-.\" $Header: /cvsroot/pgsql/src/man/Attic/createuser.1,v 1.6 1998/01/26 01:42:44 scrappy Exp $
+.\" $Header: /cvsroot/pgsql/src/man/Attic/createuser.1,v 1.7 1998/03/06 18:03:31 momjian Exp $
 .TH CREATEUSER UNIX 11/05/95 PostgreSQL PostgreSQL
 .SH NAME
 createuser - create a Postgres user
@@ -19,7 +19,7 @@ port]
 .SH DESCRIPTION
 .IR Createuser
 creates a new Postgres user.  Only users with \*(lqusesuper\*(rq set in
-the \*(lqpg_user\*(rq class can create new Postgres users.  As shipped,
+the \*(lqpg_shadow\*(rq class can create new Postgres users.  As shipped,
 the user \*(lqpostgres\*(rq can create users.
 .PP
 .IR Createuser
@@ -96,8 +96,8 @@ is running on the proper host and that you have specified the proper
 port.  If your site uses an authentication system, ensure that you
 have obtained the required authentication credentials.
 .TP
-.BI "user \*(lq" "username" "\*(rq is not in \*(lqpg_user\*(rq"
-You do not have a valid entry in the relation \*(lqpg_user\*(rq and
+.BI "user \*(lq" "username" "\*(rq is not in \*(lqpg_shadow\*(rq"
+You do not have a valid entry in the relation \*(lqpg_shadow\*(rq and
 cannot do anything with Postgres at all; contact your Postgres site
 administrator.
 .TP
@@ -106,7 +106,7 @@ You do not have permission to create new users; contact your Postgres
 site administrator.
 .TP
 .BI "user \*(lq" "username" "\*(rq already exists"
-The user to be added already has an entry in the \*(lqpg_user\*(rq
+The user to be added already has an entry in the \*(lqpg_shadow\*(rq
 class.
 .TP
 .BR "database access failed"
diff --git a/src/man/destroyuser.1 b/src/man/destroyuser.1
@@ -1,6 +1,6 @@
 .\" This is -*-nroff-*-
 .\" XXX standard disclaimer belongs here....
-.\" $Header: /cvsroot/pgsql/src/man/Attic/destroyuser.1,v 1.6 1998/01/26 01:42:46 scrappy Exp $
+.\" $Header: /cvsroot/pgsql/src/man/Attic/destroyuser.1,v 1.7 1998/03/06 18:03:35 momjian Exp $
 .TH DESTROYUSER UNIX 11/05/95 PostgreSQL PostgreSQL
 .SH NAME
 destroyuser - destroy a Postgres user and associated databases
@@ -21,7 +21,7 @@ port]
 .IR Destroyuser
 destroys an existing Postgres user and the databases for which that user
 is database administrator.  Only users with \*(lqusesuper\*(rq set in
-the \*(lqpg_user\*(rq class can destroy new Postgres users.  As shipped,
+the \*(lqpg_shadow\*(rq class can destroy new Postgres users.  As shipped,
 the user \*(lqpostgres\*(rq can destroy users.
 .PP
 .IR Destroyuser
@@ -92,8 +92,8 @@ is running on the proper host and that you have specified the proper
 port.  If your site uses an authentication system, ensure that you
 have obtained the required authentication credentials.
 .TP
-.BI "user \*(lq" "username" "\*(rq is not in \*(lqpg_user\*(rq"
-You do not have a valid entry in the relation \*(lqpg_user\*(rq and
+.BI "user \*(lq" "username" "\*(rq is not in \*(lqpg_shadow\*(rq"
+You do not have a valid entry in the relation \*(lqpg_shadow\*(rq and
 cannot do anything with Postgres at all; contact your Postgres site
 administrator.
 .TP
@@ -102,7 +102,7 @@ You do not have permission to delete users; contact your Postgres site
 administrator.
 .TP
 .BI "user \*(lq" "username" "\*(rq does not exist"
-The user to be removed does not have an entry in the \*(lqpg_user\*(rq
+The user to be removed does not have an entry in the \*(lqpg_shadow\*(rq
 class.
 .TP
 .BR "database access failed"
diff --git a/src/man/pg_dumpall.1 b/src/man/pg_dumpall.1
@@ -1,6 +1,6 @@
 .\" This is -*-nroff-*-
 .\" XXX standard disclaimer belongs here....
-.\" $Header: /cvsroot/pgsql/src/man/Attic/pg_dumpall.1,v 1.3 1998/01/11 22:17:47 momjian Exp $
+.\" $Header: /cvsroot/pgsql/src/man/Attic/pg_dumpall.1,v 1.4 1998/03/06 18:03:37 momjian Exp $
 .TH pg_dumpall UNIX 1/20/96 PostgreSQL PostgreSQL
 .SH NAME
 pg_dumpall - dumps out all Postgres databases into a script file
@@ -10,7 +10,7 @@ pg_dumpall - dumps out all Postgres databases into a script file
 .SH DESCRIPTION
 .IR "pg_dumpall"
 is a utility for dumping out all Postgres databases into one file.
-It also dumps the pg_user table, which is global to all databases.
+It also dumps the pg_shadow table, which is global to all databases.
 pg_dumpall creates each dumped database before loading.
 pg_dumpall takes all pg_dump options, but \fB-f\fR and \fBdbname\fR
 should not be used.
diff --git a/src/man/pg_hba.conf.5 b/src/man/pg_hba.conf.5
@@ -1,5 +1,5 @@
 .\" This is -*-nroff-*-
-.\" $Header: /cvsroot/pgsql/src/man/Attic/pg_hba.conf.5,v 1.4 1998/01/27 03:25:14 scrappy Exp $
+.\" $Header: /cvsroot/pgsql/src/man/Attic/pg_hba.conf.5,v 1.5 1998/03/06 18:03:38 momjian Exp $
 .TH pg_hba.conf 5 1/26/98 PostgreSQL PostgreSQL
 .SH NAME
 $PGDATA/pg_hba.conf
@@ -61,16 +61,16 @@ domain sockets.
 .PP
 .IR crypt
 - the client is asked for a password for the user.  This is sent encrypted
-(using crypt(3)) and compared against the password held in the pg_user table.
+(using crypt(3)) and compared against the password held in the pg_shadow table.
 If the passwords match, the connection is allowed.
 .PP
 .IR password
 - the client is asked for a password for the user.  This is sent in clear
-and compared against the password held in the pg_user table.
+and compared against the password held in the pg_shadow table.
 If the passwords match, the connection is allowed.  An optional password file
 may be specified after the
 .IR password
-keyword which is used to match the supplied password rather than the pg_user
+keyword which is used to match the supplied password rather than the pg_shadow
 table.  See pg_passwd(1).  
 .PP
 The following authentication methods are supported for TCP/IP

Original file line number	Diff line number	Diff line change
`@@ -68,10 +68,11 @@`
`68`	`68`	`# by the host. If AUTH_ARGUMENT is specified then the password is`
`69`	`69`	`# compared with the user's entry in that file (in the $PGDATA`
`70`	`70`	`# directory). See pg_passwd(1). If it is omitted then the`
`71`		`-# password is compared with the user's entry in the pg_user table.`
	`71`	`+# password is compared with the user's entry in the pg_shadow`
	`72`	`+# table.`
`72`	`73`	`#`
`73`	`74`	`# crypt: Authentication is done by matching an encrypted password supplied`
`74`		`-# by the host with that held for the user in the pg_user table.`
	`75`	`+# by the host with that held for the user in the pg_shadow table.`
`75`	`76`	`#`
`76`	`77`	`# krb4: Kerberos V4 authentication is used.`
`77`	`78`	`#`