Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit7622422

Browse files
committed
Add checks for regexes with user name map in test for peer authentication
There is already some coverage for that in the kerberos test suite,though it requires PG_TEST_EXTRA to be set as per its insecure nature.This provides coverage in a default setup, as long as peer is supportedon the platform where its test is run.Author: Bertrand DrouvotDiscussion:https://postgr.es/m/7f87ca27-e184-29da-15d6-8be4325ad02e@gmail.com
1 parentd575347 commit7622422

File tree

1 file changed

+55
-5
lines changed

1 file changed

+55
-5
lines changed

‎src/test/authentication/t/003_peer.pl

Lines changed: 55 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,18 +23,34 @@ sub reset_pg_hba
2323
return;
2424
}
2525

26+
# Delete pg_ident.conf from the given node, add a new entry to it
27+
# and then execute a reload to refresh it.
28+
subreset_pg_ident
29+
{
30+
my$node =shift;
31+
my$map_name =shift;
32+
my$system_user =shift;
33+
my$pg_user =shift;
34+
35+
unlink($node->data_dir .'/pg_ident.conf');
36+
$node->append_conf('pg_ident.conf',"$map_name$system_user$pg_user");
37+
$node->reload;
38+
return;
39+
}
40+
2641
# Test access for a single role, useful to wrap all tests into one.
2742
subtest_role
2843
{
2944
local$Test::Builder::Level =$Test::Builder::Level + 1;
3045

31-
my ($node,$role,$method,$expected_res,%params) =@_;
46+
my ($node,$role,$method,$expected_res,$test_details,%params) =@_;
3247
my$status_string ='failed';
3348
$status_string ='success'if ($expected_reseq 0);
3449

3550
my$connstr ="user=$role";
3651
my$testname =
37-
"authentication$status_string for method$method, role$role";
52+
"authentication$status_string for method$method, role$role"
53+
.$test_details;
3854

3955
if ($expected_reseq 0)
4056
{
@@ -87,16 +103,50 @@ sub find_in_log
87103
# Tests without the user name map.
88104
# Failure as connection is attempted with a database role not mapping
89105
# to an authorized system user.
90-
test_role($node,qq{testmapuser},'peer', 2,
106+
test_role(
107+
$node,qq{testmapuser},'peer', 2,
108+
'without user name map',
91109
log_like=> [qr/Peer authentication failed for user "testmapuser"/]);
92110

93111
# Tests with a user name map.
94-
$node->append_conf('pg_ident.conf',qq{mypeermap$system_usertestmapuser});
112+
reset_pg_ident($node,'mypeermap',$system_user,'testmapuser');
95113
reset_pg_hba($node,'peer map=mypeermap');
96114

97115
# Success as the database role matches with the system user in the map.
98-
test_role($node,qq{testmapuser},'peer', 0,
116+
test_role($node,qq{testmapuser},'peer', 0,'with user name map',
99117
log_like=>
100118
[qr/connection authenticated: identity="$system_user" method=peer/]);
101119

120+
# Test with regular expression in user name map.
121+
# Extract the last 3 characters from the system_user
122+
# or the entire system_user (if its length is <= -3).
123+
my$regex_test_string =substr($system_user, -3);
124+
125+
# Success as the regular expression matches.
126+
reset_pg_ident($node,'mypeermap',qq{/^.*$regex_test_string\$},
127+
'testmapuser');
128+
test_role(
129+
$node,
130+
qq{testmapuser},
131+
'peer',
132+
0,
133+
'with regular expression in user name map',
134+
log_like=>
135+
[qr/connection authenticated: identity="$system_user" method=peer/]);
136+
137+
138+
# Concatenate system_user to system_user.
139+
$regex_test_string =$system_user .$system_user;
140+
141+
# Failure as the regular expression does not match.
142+
reset_pg_ident($node,'mypeermap',qq{/^.*$regex_test_string\$},
143+
'testmapuser');
144+
test_role(
145+
$node,
146+
qq{testmapuser},
147+
'peer',
148+
2,
149+
'with regular expression in user name map',
150+
log_like=> [qr/no match in usermap "mypeermap" for user "testmapuser"/]);
151+
102152
done_testing();

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp