Blind attempt to fix SSPI-auth case in 010_dump_connstr.pl.
Up to now, pg_regress --config-auth had a hard-wired assumption that the target cluster uses the default bootstrap superuser name. pg_dump's 010_dump_connstr.pl TAP test uses non-default superuser names, and was klugily getting around the restriction by listing the desired superuser name as a role to "create". This is pretty confusing (or at least, it confused me). Let's make it clearer by allowing --config-auth mode to be told the bootstrap superuser name. Repurpose the existing --user switch for that, since it has no other function in --config-auth mode. Per buildfarm. I don't have an environment at hand in which I can test this fix, but the buildfarm should soon show if it works. Discussion: https://postgr.es/m/3142.1561840611@sss.pgh.pa.us
This commit is contained in:
parent
c91504b958
commit
681cca86f5
|
@ -55,8 +55,9 @@ $node->init(extra =>
|
|||
# prep pg_hba.conf and pg_ident.conf
|
||||
$node->run_log(
|
||||
[
|
||||
$ENV{PG_REGRESS}, '--config-auth',
|
||||
$node->data_dir, '--create-role',
|
||||
$ENV{PG_REGRESS}, '--config-auth',
|
||||
$node->data_dir, '--user',
|
||||
$src_bootstrap_super, '--create-role',
|
||||
"$username1,$username2,$username3,$username4"
|
||||
]);
|
||||
$node->start;
|
||||
|
@ -181,8 +182,9 @@ $envar_node->init(extra =>
|
|||
$envar_node->run_log(
|
||||
[
|
||||
$ENV{PG_REGRESS}, '--config-auth',
|
||||
$envar_node->data_dir, '--create-role',
|
||||
"$dst_bootstrap_super,$restore_super"
|
||||
$envar_node->data_dir, '--user',
|
||||
$dst_bootstrap_super, '--create-role',
|
||||
$restore_super
|
||||
]);
|
||||
$envar_node->start;
|
||||
|
||||
|
@ -213,8 +215,9 @@ $cmdline_node->init(extra =>
|
|||
$cmdline_node->run_log(
|
||||
[
|
||||
$ENV{PG_REGRESS}, '--config-auth',
|
||||
$cmdline_node->data_dir, '--create-role',
|
||||
"$dst_bootstrap_super,$restore_super"
|
||||
$cmdline_node->data_dir, '--user',
|
||||
$dst_bootstrap_super, '--create-role',
|
||||
$restore_super
|
||||
]);
|
||||
$cmdline_node->start;
|
||||
$cmdline_node->run_log(
|
||||
|
|
|
@ -965,13 +965,15 @@ current_windows_user(const char **acct, const char **dom)
|
|||
* Rewrite pg_hba.conf and pg_ident.conf to use SSPI authentication. Permit
|
||||
* the current OS user to authenticate as the bootstrap superuser and as any
|
||||
* user named in a --create-role option.
|
||||
*
|
||||
* In --config-auth mode, the --user switch can be used to specify the
|
||||
* bootstrap superuser's name, otherwise we assume it is the default.
|
||||
*/
|
||||
static void
|
||||
config_sspi_auth(const char *pgdata)
|
||||
config_sspi_auth(const char *pgdata, const char *superuser_name)
|
||||
{
|
||||
const char *accountname,
|
||||
*domainname;
|
||||
const char *username;
|
||||
char *errstr;
|
||||
bool have_ipv6;
|
||||
char fname[MAXPGPATH];
|
||||
|
@ -980,17 +982,25 @@ config_sspi_auth(const char *pgdata)
|
|||
*ident;
|
||||
_stringlist *sl;
|
||||
|
||||
/*
|
||||
* "username", the initdb-chosen bootstrap superuser name, may always
|
||||
* match "accountname", the value SSPI authentication discovers. The
|
||||
* underlying system functions do not clearly guarantee that.
|
||||
*/
|
||||
/* Find out the name of the current OS user */
|
||||
current_windows_user(&accountname, &domainname);
|
||||
username = get_user_name(&errstr);
|
||||
if (username == NULL)
|
||||
|
||||
/* Determine the bootstrap superuser's name */
|
||||
if (superuser_name == NULL)
|
||||
{
|
||||
fprintf(stderr, "%s: %s\n", progname, errstr);
|
||||
exit(2);
|
||||
/*
|
||||
* Compute the default superuser name the same way initdb does.
|
||||
*
|
||||
* It's possible that this result always matches "accountname", the
|
||||
* value SSPI authentication discovers. But the underlying system
|
||||
* functions do not clearly guarantee that.
|
||||
*/
|
||||
superuser_name = get_user_name(&errstr);
|
||||
if (superuser_name == NULL)
|
||||
{
|
||||
fprintf(stderr, "%s: %s\n", progname, errstr);
|
||||
exit(2);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1067,7 +1077,7 @@ config_sspi_auth(const char *pgdata)
|
|||
* bother escaping embedded double-quote characters.
|
||||
*/
|
||||
CW(fprintf(ident, "regress \"%s@%s\" %s\n",
|
||||
accountname, domainname, fmtHba(username)) >= 0);
|
||||
accountname, domainname, fmtHba(superuser_name)) >= 0);
|
||||
for (sl = extraroles; sl; sl = sl->next)
|
||||
CW(fprintf(ident, "regress \"%s@%s\" %s\n",
|
||||
accountname, domainname, fmtHba(sl->str)) >= 0);
|
||||
|
@ -2227,7 +2237,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc
|
|||
if (config_auth_datadir)
|
||||
{
|
||||
#ifdef ENABLE_SSPI
|
||||
config_sspi_auth(config_auth_datadir);
|
||||
config_sspi_auth(config_auth_datadir, user);
|
||||
#endif
|
||||
exit(0);
|
||||
}
|
||||
|
@ -2354,7 +2364,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc
|
|||
* "initdb" command, this can't truncate.
|
||||
*/
|
||||
snprintf(buf, sizeof(buf), "%s/data", temp_instance);
|
||||
config_sspi_auth(buf);
|
||||
config_sspi_auth(buf, NULL);
|
||||
#elif !defined(HAVE_UNIX_SOCKETS)
|
||||
#error Platform has no means to secure the test installation.
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue