mirror of
https://github.com/postgres/postgres.git
synced 2025-06-01 14:21:49 +03:00
Test "options=-crole=" and "ALTER DATABASE SET role".
Commit 7b88529f4363994450bd4cd3c172006a8a77e222 fixed a regression spanning these features, but it didn't test them. It did test code paths sufficient for their present implementations, so no back-patch. Reported by Matthew Woodcraft. Discussion: https://postgr.es/m/87iksnsbhx.fsf@golux.woodcraft.me.uk
This commit is contained in:
Noah Misch
parent
ae4569161a
commit
5de08f136a
@ -2,6 +2,8 @@
|
||||
|
||||
REGRESS = rolenames setconfig alter_system_table guc_privs
|
||||
REGRESS_OPTS = \
|
||||
--create-role=regress_authenticated_user_db_sr \
|
||||
--create-role=regress_authenticated_user_db_ssa \
|
||||
--create-role=regress_authenticated_user_sr \
|
||||
--create-role=regress_authenticated_user_ssa
|
||||
|
||||
|
||||
@ -1,24 +1,92 @@
|
||||
-- This is borderline unsafe in that an additional login-capable user exists
|
||||
-- during the test run. Under installcheck, a too-permissive pg_hba.conf
|
||||
-- might allow unwanted logins as regress_authenticated_user_ssa.
|
||||
-- Setup catalog state.
|
||||
ALTER USER regress_authenticated_user_db_ssa superuser;
|
||||
ALTER USER regress_authenticated_user_ssa superuser;
|
||||
CREATE ROLE regress_session_user;
|
||||
CREATE ROLE regress_current_user;
|
||||
GRANT regress_current_user TO regress_authenticated_user_db_sr;
|
||||
GRANT regress_current_user TO regress_authenticated_user_sr;
|
||||
GRANT regress_session_user TO regress_authenticated_user_db_ssa;
|
||||
GRANT regress_session_user TO regress_authenticated_user_ssa;
|
||||
DO $$BEGIN EXECUTE format(
|
||||
'ALTER DATABASE %I SET session_authorization = regress_session_user',
|
||||
current_catalog); END$$;
|
||||
ALTER ROLE regress_authenticated_user_ssa
|
||||
SET session_authorization = regress_session_user;
|
||||
ALTER ROLE regress_authenticated_user_sr SET ROLE = regress_current_user;
|
||||
\c - regress_authenticated_user_sr
|
||||
-- Test ALTER DATABASE consequences
|
||||
-- The longstanding historical behavior is that session_authorization in
|
||||
-- setconfig has no effect. Hence, session_user remains
|
||||
-- regress_authenticated_user_ssa. See comment in InitializeSessionUserId().
|
||||
\c - regress_authenticated_user_db_ssa
|
||||
SELECT current_user, session_user;
|
||||
current_user | session_user
|
||||
-----------------------------------+-----------------------------------
|
||||
regress_authenticated_user_db_ssa | regress_authenticated_user_db_ssa
|
||||
(1 row)
|
||||
|
||||
-- We document "The DEFAULT and RESET forms reset the session and current user
|
||||
-- identifiers to be the originally authenticated user name." If we let
|
||||
-- session_authorization in setconfig have an effect, we'll need to decide
|
||||
-- whether to make RESET differ from DEFAULT.
|
||||
RESET SESSION AUTHORIZATION;
|
||||
SELECT current_user, session_user;
|
||||
current_user | session_user
|
||||
-----------------------------------+-----------------------------------
|
||||
regress_authenticated_user_db_ssa | regress_authenticated_user_db_ssa
|
||||
(1 row)
|
||||
|
||||
DO $$BEGIN
|
||||
EXECUTE format(
|
||||
'ALTER DATABASE %I RESET session_authorization', current_catalog);
|
||||
EXECUTE format(
|
||||
'ALTER DATABASE %I SET role = regress_current_user', current_catalog);
|
||||
END$$;
|
||||
\c - regress_authenticated_user_db_sr
|
||||
SELECT current_user, session_user;
|
||||
current_user | session_user
|
||||
----------------------+----------------------------------
|
||||
regress_current_user | regress_authenticated_user_db_sr
|
||||
(1 row)
|
||||
|
||||
-- Back to superuser, to reverse ALTER DATABASE
|
||||
\c - regress_authenticated_user_db_ssa
|
||||
SELECT current_user, session_user;
|
||||
current_user | session_user
|
||||
----------------------+-----------------------------------
|
||||
regress_current_user | regress_authenticated_user_db_ssa
|
||||
(1 row)
|
||||
|
||||
SET ROLE NONE;
|
||||
DO $$BEGIN EXECUTE format(
|
||||
'ALTER DATABASE %I RESET role', current_catalog); END$$;
|
||||
-- Test connection string options
|
||||
\c -reuse-previous=on "user=regress_authenticated_user_db_sr options=-crole=regress_current_user"
|
||||
SELECT current_user, session_user;
|
||||
current_user | session_user
|
||||
----------------------+----------------------------------
|
||||
regress_current_user | regress_authenticated_user_db_sr
|
||||
(1 row)
|
||||
|
||||
-- As above, session_authorization has no effect.
|
||||
\c -reuse-previous=on "user=regress_authenticated_user_db_ssa options=-csession_authorization=regress_session_user"
|
||||
SELECT current_user, session_user;
|
||||
current_user | session_user
|
||||
-----------------------------------+-----------------------------------
|
||||
regress_authenticated_user_db_ssa | regress_authenticated_user_db_ssa
|
||||
(1 row)
|
||||
|
||||
-- Test ALTER ROLE consequences
|
||||
\c -reuse-previous=on "user=regress_authenticated_user_sr options="
|
||||
SELECT current_user, session_user;
|
||||
current_user | session_user
|
||||
----------------------+-------------------------------
|
||||
regress_current_user | regress_authenticated_user_sr
|
||||
(1 row)
|
||||
|
||||
-- The longstanding historical behavior is that session_authorization in
|
||||
-- setconfig has no effect. Hence, session_user remains
|
||||
-- regress_authenticated_user_ssa. See comment in InitializeSessionUserId().
|
||||
-- As above, session_authorization has no effect.
|
||||
\c - regress_authenticated_user_ssa
|
||||
SELECT current_user, session_user;
|
||||
current_user | session_user
|
||||
|
||||
@ -11,7 +11,9 @@ tests += {
|
||||
'alter_system_table',
|
||||
'guc_privs',
|
||||
],
|
||||
'regress_args': ['--create-role=regress_authenticated_user_sr',
|
||||
'regress_args': ['--create-role=regress_authenticated_user_db_sr',
|
||||
'--create-role=regress_authenticated_user_db_ssa',
|
||||
'--create-role=regress_authenticated_user_sr',
|
||||
'--create-role=regress_authenticated_user_ssa'],
|
||||
'runningcheck': false,
|
||||
},
|
||||
|
||||
@ -2,21 +2,70 @@
|
||||
-- during the test run. Under installcheck, a too-permissive pg_hba.conf
|
||||
-- might allow unwanted logins as regress_authenticated_user_ssa.
|
||||
|
||||
-- Setup catalog state.
|
||||
ALTER USER regress_authenticated_user_db_ssa superuser;
|
||||
ALTER USER regress_authenticated_user_ssa superuser;
|
||||
CREATE ROLE regress_session_user;
|
||||
CREATE ROLE regress_current_user;
|
||||
GRANT regress_current_user TO regress_authenticated_user_db_sr;
|
||||
GRANT regress_current_user TO regress_authenticated_user_sr;
|
||||
GRANT regress_session_user TO regress_authenticated_user_db_ssa;
|
||||
GRANT regress_session_user TO regress_authenticated_user_ssa;
|
||||
DO $$BEGIN EXECUTE format(
|
||||
'ALTER DATABASE %I SET session_authorization = regress_session_user',
|
||||
current_catalog); END$$;
|
||||
ALTER ROLE regress_authenticated_user_ssa
|
||||
SET session_authorization = regress_session_user;
|
||||
ALTER ROLE regress_authenticated_user_sr SET ROLE = regress_current_user;
|
||||
|
||||
\c - regress_authenticated_user_sr
|
||||
SELECT current_user, session_user;
|
||||
|
||||
-- Test ALTER DATABASE consequences
|
||||
|
||||
-- The longstanding historical behavior is that session_authorization in
|
||||
-- setconfig has no effect. Hence, session_user remains
|
||||
-- regress_authenticated_user_ssa. See comment in InitializeSessionUserId().
|
||||
\c - regress_authenticated_user_db_ssa
|
||||
SELECT current_user, session_user;
|
||||
-- We document "The DEFAULT and RESET forms reset the session and current user
|
||||
-- identifiers to be the originally authenticated user name." If we let
|
||||
-- session_authorization in setconfig have an effect, we'll need to decide
|
||||
-- whether to make RESET differ from DEFAULT.
|
||||
RESET SESSION AUTHORIZATION;
|
||||
SELECT current_user, session_user;
|
||||
DO $$BEGIN
|
||||
EXECUTE format(
|
||||
'ALTER DATABASE %I RESET session_authorization', current_catalog);
|
||||
EXECUTE format(
|
||||
'ALTER DATABASE %I SET role = regress_current_user', current_catalog);
|
||||
END$$;
|
||||
|
||||
\c - regress_authenticated_user_db_sr
|
||||
SELECT current_user, session_user;
|
||||
|
||||
-- Back to superuser, to reverse ALTER DATABASE
|
||||
\c - regress_authenticated_user_db_ssa
|
||||
SELECT current_user, session_user;
|
||||
SET ROLE NONE;
|
||||
DO $$BEGIN EXECUTE format(
|
||||
'ALTER DATABASE %I RESET role', current_catalog); END$$;
|
||||
|
||||
|
||||
-- Test connection string options
|
||||
|
||||
\c -reuse-previous=on "user=regress_authenticated_user_db_sr options=-crole=regress_current_user"
|
||||
SELECT current_user, session_user;
|
||||
|
||||
-- As above, session_authorization has no effect.
|
||||
\c -reuse-previous=on "user=regress_authenticated_user_db_ssa options=-csession_authorization=regress_session_user"
|
||||
SELECT current_user, session_user;
|
||||
|
||||
|
||||
-- Test ALTER ROLE consequences
|
||||
|
||||
\c -reuse-previous=on "user=regress_authenticated_user_sr options="
|
||||
SELECT current_user, session_user;
|
||||
|
||||
-- As above, session_authorization has no effect.
|
||||
\c - regress_authenticated_user_ssa
|
||||
SELECT current_user, session_user;
|
||||
RESET SESSION AUTHORIZATION;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user