|
7 | 7 | use warnings;
|
8 | 8 | use PostgresNode;
|
9 | 9 | use TestLib;
|
10 |
| -use Test::Moretests=> 12; |
| 10 | +use Test::More; |
| 11 | +if ($windows_os) |
| 12 | +{ |
| 13 | +planskip_all=>"authentication tests cannot run on Windows"; |
| 14 | +} |
| 15 | +else |
| 16 | +{ |
| 17 | +plantests=> 12; |
| 18 | +} |
11 | 19 |
|
12 | 20 | # Delete pg_hba.conf from the given node, add a new entry to it
|
13 | 21 | # and then execute a reload to refresh it.
|
@@ -38,62 +46,57 @@ sub test_login
|
38 | 46 | "authentication$status_string for role$role with password$password");
|
39 | 47 | }
|
40 | 48 |
|
41 |
| -SKIP: |
42 |
| -{ |
43 |
| -skip"authentication tests cannot run on Windows", 12if ($windows_os); |
| 49 | +# Initialize master node. Force UTF-8 encoding, so that we can use non-ASCII |
| 50 | +# characters in the passwords below. |
| 51 | +my$node = get_new_node('master'); |
| 52 | +$node->init(extra=> ['--locale=C','--encoding=UTF8']); |
| 53 | +$node->start; |
44 | 54 |
|
45 |
| -# Initialize master node. Force UTF-8 encoding, so that we can use non-ASCII |
46 |
| -# characters in the passwords below. |
47 |
| -my$node = get_new_node('master'); |
48 |
| -$node->init(extra=> ['--locale=C','--encoding=UTF8']); |
49 |
| -$node->start; |
50 |
| - |
51 |
| -# These tests are based on the example strings from RFC4013.txt, |
52 |
| -# Section "3. Examples": |
53 |
| -# |
54 |
| -# # Input Output Comments |
55 |
| -# - ----- ------ -------- |
56 |
| -# 1 I<U+00AD>X IX SOFT HYPHEN mapped to nothing |
57 |
| -# 2 user user no transformation |
58 |
| -# 3 USER USER case preserved, will not match #2 |
59 |
| -# 4 <U+00AA> a output is NFKC, input in ISO 8859-1 |
60 |
| -# 5 <U+2168> IX output is NFKC, will match #1 |
61 |
| -# 6 <U+0007> Error - prohibited character |
62 |
| -# 7 <U+0627><U+0031> Error - bidirectional check |
63 |
| - |
64 |
| -# Create test roles. |
65 |
| -$node->safe_psql('postgres', |
| 55 | +# These tests are based on the example strings from RFC4013.txt, |
| 56 | +# Section "3. Examples": |
| 57 | +# |
| 58 | +# # Input Output Comments |
| 59 | +# - ----- ------ -------- |
| 60 | +# 1 I<U+00AD>X IX SOFT HYPHEN mapped to nothing |
| 61 | +# 2 user user no transformation |
| 62 | +# 3 USER USER case preserved, will not match #2 |
| 63 | +# 4 <U+00AA> a output is NFKC, input in ISO 8859-1 |
| 64 | +# 5 <U+2168> IX output is NFKC, will match #1 |
| 65 | +# 6 <U+0007> Error - prohibited character |
| 66 | +# 7 <U+0627><U+0031> Error - bidirectional check |
| 67 | + |
| 68 | +# Create test roles. |
| 69 | +$node->safe_psql('postgres', |
66 | 70 | "SET password_encryption='scram-sha-256';
|
67 |
| -SET client_encoding='utf8'; |
68 |
| -CREATE ROLE saslpreptest1_role LOGIN PASSWORD 'IX'; |
69 |
| -CREATE ROLE saslpreptest4a_role LOGIN PASSWORD 'a'; |
70 |
| -CREATE ROLE saslpreptest4b_role LOGIN PASSWORD E'\\xc2\\xaa'; |
71 |
| -CREATE ROLE saslpreptest6_role LOGIN PASSWORD E'foo\\x07bar'; |
72 |
| -CREATE ROLE saslpreptest7_role LOGIN PASSWORD E'foo\\u0627\\u0031bar'; |
| 71 | +SET client_encoding='utf8'; |
| 72 | +CREATE ROLE saslpreptest1_role LOGIN PASSWORD 'IX'; |
| 73 | +CREATE ROLE saslpreptest4a_role LOGIN PASSWORD 'a'; |
| 74 | +CREATE ROLE saslpreptest4b_role LOGIN PASSWORD E'\\xc2\\xaa'; |
| 75 | +CREATE ROLE saslpreptest6_role LOGIN PASSWORD E'foo\\x07bar'; |
| 76 | +CREATE ROLE saslpreptest7_role LOGIN PASSWORD E'foo\\u0627\\u0031bar'; |
73 | 77 | ");
|
74 | 78 |
|
75 |
| -# Require password from now on. |
76 |
| -reset_pg_hba($node,'scram-sha-256'); |
| 79 | +# Require password from now on. |
| 80 | +reset_pg_hba($node,'scram-sha-256'); |
77 | 81 |
|
78 |
| -# Check that #1 and #5 are treated the same as just 'IX' |
79 |
| -test_login($node,'saslpreptest1_role',"I\xc2\xadX", 0); |
80 |
| -test_login($node,'saslpreptest1_role',"\xe2\x85\xa8", 0); |
| 82 | +# Check that #1 and #5 are treated the same as just 'IX' |
| 83 | +test_login($node,'saslpreptest1_role',"I\xc2\xadX", 0); |
| 84 | +test_login($node,'saslpreptest1_role',"\xe2\x85\xa8", 0); |
81 | 85 |
|
82 |
| -# but different from lower case 'ix' |
83 |
| -test_login($node,'saslpreptest1_role',"ix", 2); |
| 86 | +# but different from lower case 'ix' |
| 87 | +test_login($node,'saslpreptest1_role',"ix", 2); |
84 | 88 |
|
85 |
| -# Check #4 |
86 |
| -test_login($node,'saslpreptest4a_role',"a", 0); |
87 |
| -test_login($node,'saslpreptest4a_role',"\xc2\xaa", 0); |
88 |
| -test_login($node,'saslpreptest4b_role',"a", 0); |
89 |
| -test_login($node,'saslpreptest4b_role',"\xc2\xaa", 0); |
| 89 | +# Check #4 |
| 90 | +test_login($node,'saslpreptest4a_role',"a", 0); |
| 91 | +test_login($node,'saslpreptest4a_role',"\xc2\xaa", 0); |
| 92 | +test_login($node,'saslpreptest4b_role',"a", 0); |
| 93 | +test_login($node,'saslpreptest4b_role',"\xc2\xaa", 0); |
90 | 94 |
|
91 |
| -# Check #6 and #7 - In PostgreSQL, contrary to the spec, if the password |
92 |
| -# contains prohibited characters, we use it as is, without normalization. |
93 |
| -test_login($node,'saslpreptest6_role',"foo\x07bar", 0); |
94 |
| -test_login($node,'saslpreptest6_role',"foobar", 2); |
| 95 | +# Check #6 and #7 - In PostgreSQL, contrary to the spec, if the password |
| 96 | +# contains prohibited characters, we use it as is, without normalization. |
| 97 | +test_login($node,'saslpreptest6_role',"foo\x07bar", 0); |
| 98 | +test_login($node,'saslpreptest6_role',"foobar", 2); |
95 | 99 |
|
96 |
| -test_login($node,'saslpreptest7_role',"foo\xd8\xa71bar", 0); |
97 |
| -test_login($node,'saslpreptest7_role',"foo1\xd8\xa7bar", 2); |
98 |
| -test_login($node,'saslpreptest7_role',"foobar", 2); |
99 |
| -} |
| 100 | +test_login($node,'saslpreptest7_role',"foo\xd8\xa71bar", 0); |
| 101 | +test_login($node,'saslpreptest7_role',"foo1\xd8\xa7bar", 2); |
| 102 | +test_login($node,'saslpreptest7_role',"foobar", 2); |