ext/pgsql: adding pg_change_password functionality.

devnexen · devnexen · commit 9aa3a0d70261 · 2024-05-20T12:57:37.000+01:00
handy call to change an user password while taking care transparently of the password's encryption. close GH-14262
diff --git a/NEWS b/NEWS
@@ -186,6 +186,7 @@ PHP                                                                        NEWS
     (David Carlier)
   . Added pg_result_memory_size to get the query result memory usage.
     (KentarouTakeda)
+  . Added pg_change_password to alter an user's password. (David Carlier)
 
 - Phar:
   . Fixed bug GH-12532 (PharData created from zip has incorrect timestamp).
diff --git a/UPGRADING b/UPGRADING
@@ -513,6 +513,10 @@ PHP 8.4 UPGRADE NOTES
   . Added pcntl_getqos_class to get the QoS level (aka performance and related
     energy consumption) of the current process and pcntl_setqos_class to set it.
 
+- PGSQL:
+  . Added pg_change_password to alter a given user's password. It handles
+    transparently the password encryption from the database settings.
+
 - Sodium:
   . Added the sodium_crypto_aead_aegis128l_*() and sodium_crypto_aead_aegis256l_*()
     functions to support the AEGIS family of authenticated encryption algorithms,
diff --git a/ext/pgsql/config.m4 b/ext/pgsql/config.m4
@@ -67,6 +67,7 @@ if test "$PHP_PGSQL" != "no"; then
   AC_CHECK_LIB(pq, lo_truncate64, AC_DEFINE(HAVE_PG_LO64,1,[PostgreSQL 9.3 or later]))
   AC_CHECK_LIB(pq, PQsetErrorContextVisibility, AC_DEFINE(HAVE_PG_CONTEXT_VISIBILITY,1,[PostgreSQL 9.6 or later]))
   AC_CHECK_LIB(pq, PQresultMemorySize, AC_DEFINE(HAVE_PG_RESULT_MEMORY_SIZE,1,[PostgreSQL 12 or later]))
+  AC_CHECK_LIB(pq, PQchangePassword, AC_DEFINE(HAVE_PG_CHANGE_PASSWORD,1,[PostgreSQL 17 or later]))
   LIBS=$old_LIBS
   LDFLAGS=$old_LDFLAGS
 
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
@@ -39,6 +39,7 @@
 #include "php_pgsql.h"
 #include "php_globals.h"
 #include "zend_exceptions.h"
+#include "zend_attributes.h"
 
 #ifdef HAVE_PGSQL
 
@@ -401,6 +402,47 @@ static bool _php_pgsql_identifier_is_escaped(const char *identifier, size_t len)
 	return true;
 }
 
+#ifndef HAVE_PG_CHANGE_PASSWORD
+static PGresult *PQchangePassword(PGconn *conn, const char *user, const char *passwd)
+{
+	/**
+	 * It is more appropriate to let the configured password encryption algorithm
+	 * being picked up, so we pass NULL
+	 */
+	char *enc = PQencryptPasswordConn(conn, passwd, user, NULL);
+
+	if (!enc) {
+		return NULL;
+	}
+
+	char *fmtenc = PQescapeLiteral(conn, enc, strlen(enc));
+	PQfreemem(enc);
+
+	if (!fmtenc) {
+		return NULL;
+	}
+
+	char *fmtuser = PQescapeIdentifier(conn, user, strlen(user));
+
+	if (!fmtuser) {
+		PQfreemem(fmtenc);
+		return NULL;
+	}
+
+	char *query;
+
+	spprintf(&query, 0, "ALTER USER %s PASSWORD %s", fmtuser, fmtenc);
+
+	PGresult *pg_result = PQexec(conn, query);
+
+	efree(query);
+	PQfreemem(fmtuser);
+	PQfreemem(fmtenc);
+
+	return pg_result;
+}
+#endif
+
 /* {{{ PHP_INI */
 PHP_INI_BEGIN()
 STD_PHP_INI_BOOLEAN( "pgsql.allow_persistent",      "1",  PHP_INI_SYSTEM, OnUpdateBool, allow_persistent,      zend_pgsql_globals, pgsql_globals)
@@ -6048,4 +6090,36 @@ PHP_FUNCTION(pg_select)
 }
 /* }}} */
 
+PHP_FUNCTION(pg_change_password)
+{
+	zval *pgsql_link;
+	pgsql_link_handle *link;
+	PGresult *pg_result;
+	zend_string *user, *passwd;
+
+	ZEND_PARSE_PARAMETERS_START(3, 3)
+		Z_PARAM_OBJECT_OF_CLASS(pgsql_link, pgsql_link_ce)
+		Z_PARAM_STR(user)
+		Z_PARAM_STR(passwd)
+	ZEND_PARSE_PARAMETERS_END();
+
+	if (ZSTR_LEN(user) == 0) {
+		zend_argument_value_error(2, "cannot be empty");
+		RETURN_THROWS();
+	}
+
+	/* it is technically possible, but better to disallow it */
+	if (ZSTR_LEN(passwd) == 0) {
+		zend_argument_value_error(3, "cannot be empty");
+		RETURN_THROWS();
+	}
+
+	link = Z_PGSQL_LINK_P(pgsql_link);
+	CHECK_PGSQL_LINK(link);
+
+	pg_result = PQchangePassword(link->conn, ZSTR_VAL(user), ZSTR_VAL(passwd));
+	RETVAL_BOOL(PQresultStatus(pg_result) == PGRES_COMMAND_OK);
+	PQclear(pg_result);
+}
+
 #endif
diff --git a/ext/pgsql/pgsql.stub.php b/ext/pgsql/pgsql.stub.php
@@ -947,6 +947,8 @@ function pg_set_error_context_visibility(PgSql\Connection $connection, int $visi
 #ifdef HAVE_PG_RESULT_MEMORY_SIZE
     function pg_result_memory_size(PgSql\Result $result): int {}
 #endif
+
+    function pg_change_password(PgSql\Connection $connection, string $user, #[\SensitiveParameter] string $password): bool {}
 }
 
 namespace PgSql {
diff --git a/ext/pgsql/pgsql_arginfo.h b/ext/pgsql/pgsql_arginfo.h
diff --git a/ext/pgsql/tests/changepassword.phpt b/ext/pgsql/tests/changepassword.phpt
@@ -0,0 +1,29 @@
+--TEST--
+Changing user password with pg_change_password
+--EXTENSIONS--
+pgsql
+--SKIPIF--
+<?php include("inc/skipif.inc"); ?>
+--FILE--
+<?php
+include('inc/config.inc');
+
+$conn = pg_connect($conn_str);
+
+try {
+	pg_change_password($conn, "", "pass");
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+try {
+	pg_change_password($conn, "user", "");
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+
+var_dump(pg_change_password($conn, "inexistent_user", "postitpwd"));
+?>
+--EXPECT--
+pg_change_password(): Argument #2 ($user) cannot be empty
+pg_change_password(): Argument #3 ($password) cannot be empty
+bool(false)

Original file line number	Diff line number	Diff line change
`@@ -947,6 +947,8 @@ function pg_set_error_context_visibility(PgSql\Connection $connection, int $visi`
`947`	`947`	`#ifdef HAVE_PG_RESULT_MEMORY_SIZE`
`948`	`948`	`function pg_result_memory_size(PgSql\Result $result): int {}`
`949`	`949`	`#endif`
	`950`	`+`
	`951`	`+ function pg_change_password(PgSql\Connection $connection, string $user, #[\SensitiveParameter] string $password): bool {}`
`950`	`952`	`}`
`951`	`953`
`952`	`954`	`namespace PgSql {`