Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit681cca8

Browse files
committed
Blind attempt to fix SSPI-auth case in 010_dump_connstr.pl.
Up to now, pg_regress --config-auth had a hard-wired assumptionthat the target cluster uses the default bootstrap superuser name.pg_dump's 010_dump_connstr.pl TAP test uses non-default superusernames, and was klugily getting around the restriction by listingthe desired superuser name as a role to "create". This is prettyconfusing (or at least, it confused me). Let's make it clearer byallowing --config-auth mode to be told the bootstrap superuser name.Repurpose the existing --user switch for that, since it has noother function in --config-auth mode.Per buildfarm. I don't have an environment at hand in which I cantest this fix, but the buildfarm should soon show if it works.Discussion:https://postgr.es/m/3142.1561840611@sss.pgh.pa.us
1 parentc91504b commit681cca8

File tree

2 files changed

+33
-20
lines changed

2 files changed

+33
-20
lines changed

‎src/bin/pg_dump/t/010_dump_connstr.pl

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -55,8 +55,9 @@
5555
# prep pg_hba.conf and pg_ident.conf
5656
$node->run_log(
5757
[
58-
$ENV{PG_REGRESS},'--config-auth',
59-
$node->data_dir,'--create-role',
58+
$ENV{PG_REGRESS},'--config-auth',
59+
$node->data_dir,'--user',
60+
$src_bootstrap_super,'--create-role',
6061
"$username1,$username2,$username3,$username4"
6162
]);
6263
$node->start;
@@ -181,8 +182,9 @@
181182
$envar_node->run_log(
182183
[
183184
$ENV{PG_REGRESS},'--config-auth',
184-
$envar_node->data_dir,'--create-role',
185-
"$dst_bootstrap_super,$restore_super"
185+
$envar_node->data_dir,'--user',
186+
$dst_bootstrap_super,'--create-role',
187+
$restore_super
186188
]);
187189
$envar_node->start;
188190

@@ -213,8 +215,9 @@
213215
$cmdline_node->run_log(
214216
[
215217
$ENV{PG_REGRESS},'--config-auth',
216-
$cmdline_node->data_dir,'--create-role',
217-
"$dst_bootstrap_super,$restore_super"
218+
$cmdline_node->data_dir,'--user',
219+
$dst_bootstrap_super,'--create-role',
220+
$restore_super
218221
]);
219222
$cmdline_node->start;
220223
$cmdline_node->run_log(

‎src/test/regress/pg_regress.c

Lines changed: 24 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -965,13 +965,15 @@ current_windows_user(const char **acct, const char **dom)
965965
* Rewrite pg_hba.conf and pg_ident.conf to use SSPI authentication. Permit
966966
* the current OS user to authenticate as the bootstrap superuser and as any
967967
* user named in a --create-role option.
968+
*
969+
* In --config-auth mode, the --user switch can be used to specify the
970+
* bootstrap superuser's name, otherwise we assume it is the default.
968971
*/
969972
staticvoid
970-
config_sspi_auth(constchar*pgdata)
973+
config_sspi_auth(constchar*pgdata,constchar*superuser_name)
971974
{
972975
constchar*accountname,
973976
*domainname;
974-
constchar*username;
975977
char*errstr;
976978
boolhave_ipv6;
977979
charfname[MAXPGPATH];
@@ -980,17 +982,25 @@ config_sspi_auth(const char *pgdata)
980982
*ident;
981983
_stringlist*sl;
982984

983-
/*
984-
* "username", the initdb-chosen bootstrap superuser name, may always
985-
* match "accountname", the value SSPI authentication discovers. The
986-
* underlying system functions do not clearly guarantee that.
987-
*/
985+
/* Find out the name of the current OS user */
988986
current_windows_user(&accountname,&domainname);
989-
username=get_user_name(&errstr);
990-
if (username==NULL)
987+
988+
/* Determine the bootstrap superuser's name */
989+
if (superuser_name==NULL)
991990
{
992-
fprintf(stderr,"%s: %s\n",progname,errstr);
993-
exit(2);
991+
/*
992+
* Compute the default superuser name the same way initdb does.
993+
*
994+
* It's possible that this result always matches "accountname", the
995+
* value SSPI authentication discovers. But the underlying system
996+
* functions do not clearly guarantee that.
997+
*/
998+
superuser_name=get_user_name(&errstr);
999+
if (superuser_name==NULL)
1000+
{
1001+
fprintf(stderr,"%s: %s\n",progname,errstr);
1002+
exit(2);
1003+
}
9941004
}
9951005

9961006
/*
@@ -1067,7 +1077,7 @@ config_sspi_auth(const char *pgdata)
10671077
* bother escaping embedded double-quote characters.
10681078
*/
10691079
CW(fprintf(ident,"regress \"%s@%s\" %s\n",
1070-
accountname,domainname,fmtHba(username)) >=0);
1080+
accountname,domainname,fmtHba(superuser_name)) >=0);
10711081
for (sl=extraroles;sl;sl=sl->next)
10721082
CW(fprintf(ident,"regress \"%s@%s\" %s\n",
10731083
accountname,domainname,fmtHba(sl->str)) >=0);
@@ -2227,7 +2237,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc
22272237
if (config_auth_datadir)
22282238
{
22292239
#ifdefENABLE_SSPI
2230-
config_sspi_auth(config_auth_datadir);
2240+
config_sspi_auth(config_auth_datadir,user);
22312241
#endif
22322242
exit(0);
22332243
}
@@ -2354,7 +2364,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc
23542364
* "initdb" command, this can't truncate.
23552365
*/
23562366
snprintf(buf,sizeof(buf),"%s/data",temp_instance);
2357-
config_sspi_auth(buf);
2367+
config_sspi_auth(buf,NULL);
23582368
#elif !defined(HAVE_UNIX_SOCKETS)
23592369
#error Platform has no means to secure the test installation.
23602370
#endif

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp