Skip to content

Commit

Permalink
Add missing file credcheck--2.1.0.sql. Thanks to Jeff Janes for the r…
Browse files Browse the repository at this point in the history 
…eport.
  • Loading branch information
@darold
darold committed Jul 17, 2023
1 parent c82f69a commit 6e7cbfc
Showing 1 changed file with 100 additions and 0 deletions.
100 changes: 100 additions & 0 deletions credcheck--2.1.0.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
-- credcheck extension for PostgreSQL
-- Copyright (c) 2021-2023 MigOps Inc - All rights reserved.
-- Copyright (c) 2023 Gilles Darold - All rights reserved.

-- complain if script is sourced in psql, rather than via CREATE EXTENSION
\echo Use "CREATE EXTENSION credcheck" to load this file. \quit

CREATE SCHEMA credcheck;

----
-- Remove all entries from password history.
-- Returns the number of entries removed.
----
CREATE FUNCTION pg_password_history_reset( )
RETURNS integer
AS 'MODULE_PATHNAME'
LANGUAGE C VOLATILE;

----
-- Remove entries of the specified user from password history.
-- Returns the number of entries removed.
----
CREATE FUNCTION pg_password_history_reset( IN username name )
RETURNS integer
AS 'MODULE_PATHNAME'
LANGUAGE C STRICT VOLATILE;

----
-- Look at password history entries
----
CREATE FUNCTION pg_password_history (
OUT rolename name,
OUT password_date timestamp with time zone,
OUT password_hash text
)
RETURNS SETOF record
AS 'MODULE_PATHNAME'
LANGUAGE C STRICT VOLATILE;

-- Register a view on the function for ease of use.
CREATE VIEW pg_password_history AS
SELECT * FROM pg_password_history();

----
-- Change password creation timestamp for all entries of the specified
-- user in the password history. Proposed for testing purpose only.
-- Returns the number of entries changed.
----
CREATE FUNCTION pg_password_history_timestamp( IN username name, IN new_timestamp timestamp with time zone)
RETURNS integer
AS 'MODULE_PATHNAME'
LANGUAGE C STRICT VOLATILE;

GRANT SELECT ON pg_password_history TO PUBLIC;

-- Don't want this to be available to non-superusers.
REVOKE ALL ON FUNCTION pg_password_history_reset() FROM PUBLIC;
REVOKE ALL ON FUNCTION pg_password_history_reset(name) FROM PUBLIC;
REVOKE ALL ON FUNCTION pg_password_history_timestamp(name, timestamp with time zone) FROM PUBLIC;

----
-- Remove all entries from authent failure cache.
-- Returns the number of entries removed.
----
CREATE FUNCTION pg_banned_role_reset( )
RETURNS integer
AS 'MODULE_PATHNAME'
LANGUAGE C VOLATILE;

----
-- Remove entries of the specified user from authent failure cache.
-- Returns the number of entries removed.
----
CREATE FUNCTION pg_banned_role_reset( IN username name )
RETURNS integer
AS 'MODULE_PATHNAME'
LANGUAGE C STRICT VOLATILE;

----
-- Look at authent failure cache entries
----
CREATE FUNCTION pg_banned_role (
OUT roleid Oid,
OUT failure_count integer,
OUT banned_date timestamp
)
RETURNS SETOF record
AS 'MODULE_PATHNAME'
LANGUAGE C STRICT VOLATILE;

-- Register a view on the function for ease of use.
CREATE VIEW pg_banned_role AS
SELECT * FROM pg_banned_role();

GRANT SELECT ON pg_banned_role TO PUBLIC;

-- Don't want this to be available to non-superusers.
REVOKE ALL ON FUNCTION pg_banned_role_reset() FROM PUBLIC;
REVOKE ALL ON FUNCTION pg_banned_role_reset(name) FROM PUBLIC;

0 comments on commit 6e7cbfc

Please sign in to comment.