mirror of
https://github.com/postgres/postgres.git
synced 2025-06-04 12:42:24 +03:00
Test "options=-crole=" and "ALTER DATABASE SET role".
Commit 7b88529f4363994450bd4cd3c172006a8a77e222 fixed a regression spanning these features, but it didn't test them. It did test code paths sufficient for their present implementations, so no back-patch. Reported by Matthew Woodcraft. Discussion: https://postgr.es/m/87iksnsbhx.fsf@golux.woodcraft.me.uk
This commit is contained in:
Noah Misch
parent
ae4569161a
commit
5de08f136a
@ -2,6 +2,8 @@
|
|||||||
|
|
||||||
REGRESS = rolenames setconfig alter_system_table guc_privs
|
REGRESS = rolenames setconfig alter_system_table guc_privs
|
||||||
REGRESS_OPTS = \
|
REGRESS_OPTS = \
|
||||||
|
--create-role=regress_authenticated_user_db_sr \
|
||||||
|
--create-role=regress_authenticated_user_db_ssa \
|
||||||
--create-role=regress_authenticated_user_sr \
|
--create-role=regress_authenticated_user_sr \
|
||||||
--create-role=regress_authenticated_user_ssa
|
--create-role=regress_authenticated_user_ssa
|
||||||
|
|
||||||
|
|||||||
@ -1,24 +1,92 @@
|
|||||||
-- This is borderline unsafe in that an additional login-capable user exists
|
-- This is borderline unsafe in that an additional login-capable user exists
|
||||||
-- during the test run. Under installcheck, a too-permissive pg_hba.conf
|
-- during the test run. Under installcheck, a too-permissive pg_hba.conf
|
||||||
-- might allow unwanted logins as regress_authenticated_user_ssa.
|
-- might allow unwanted logins as regress_authenticated_user_ssa.
|
||||||
|
-- Setup catalog state.
|
||||||
|
ALTER USER regress_authenticated_user_db_ssa superuser;
|
||||||
ALTER USER regress_authenticated_user_ssa superuser;
|
ALTER USER regress_authenticated_user_ssa superuser;
|
||||||
CREATE ROLE regress_session_user;
|
CREATE ROLE regress_session_user;
|
||||||
CREATE ROLE regress_current_user;
|
CREATE ROLE regress_current_user;
|
||||||
|
GRANT regress_current_user TO regress_authenticated_user_db_sr;
|
||||||
GRANT regress_current_user TO regress_authenticated_user_sr;
|
GRANT regress_current_user TO regress_authenticated_user_sr;
|
||||||
|
GRANT regress_session_user TO regress_authenticated_user_db_ssa;
|
||||||
GRANT regress_session_user TO regress_authenticated_user_ssa;
|
GRANT regress_session_user TO regress_authenticated_user_ssa;
|
||||||
|
DO $$BEGIN EXECUTE format(
|
||||||
|
'ALTER DATABASE %I SET session_authorization = regress_session_user',
|
||||||
|
current_catalog); END$$;
|
||||||
ALTER ROLE regress_authenticated_user_ssa
|
ALTER ROLE regress_authenticated_user_ssa
|
||||||
SET session_authorization = regress_session_user;
|
SET session_authorization = regress_session_user;
|
||||||
ALTER ROLE regress_authenticated_user_sr SET ROLE = regress_current_user;
|
ALTER ROLE regress_authenticated_user_sr SET ROLE = regress_current_user;
|
||||||
\c - regress_authenticated_user_sr
|
-- Test ALTER DATABASE consequences
|
||||||
|
-- The longstanding historical behavior is that session_authorization in
|
||||||
|
-- setconfig has no effect. Hence, session_user remains
|
||||||
|
-- regress_authenticated_user_ssa. See comment in InitializeSessionUserId().
|
||||||
|
\c - regress_authenticated_user_db_ssa
|
||||||
|
SELECT current_user, session_user;
|
||||||
|
current_user | session_user
|
||||||
|
-----------------------------------+-----------------------------------
|
||||||
|
regress_authenticated_user_db_ssa | regress_authenticated_user_db_ssa
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
-- We document "The DEFAULT and RESET forms reset the session and current user
|
||||||
|
-- identifiers to be the originally authenticated user name." If we let
|
||||||
|
-- session_authorization in setconfig have an effect, we'll need to decide
|
||||||
|
-- whether to make RESET differ from DEFAULT.
|
||||||
|
RESET SESSION AUTHORIZATION;
|
||||||
|
SELECT current_user, session_user;
|
||||||
|
current_user | session_user
|
||||||
|
-----------------------------------+-----------------------------------
|
||||||
|
regress_authenticated_user_db_ssa | regress_authenticated_user_db_ssa
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
DO $$BEGIN
|
||||||
|
EXECUTE format(
|
||||||
|
'ALTER DATABASE %I RESET session_authorization', current_catalog);
|
||||||
|
EXECUTE format(
|
||||||
|
'ALTER DATABASE %I SET role = regress_current_user', current_catalog);
|
||||||
|
END$$;
|
||||||
|
\c - regress_authenticated_user_db_sr
|
||||||
|
SELECT current_user, session_user;
|
||||||
|
current_user | session_user
|
||||||
|
----------------------+----------------------------------
|
||||||
|
regress_current_user | regress_authenticated_user_db_sr
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
-- Back to superuser, to reverse ALTER DATABASE
|
||||||
|
\c - regress_authenticated_user_db_ssa
|
||||||
|
SELECT current_user, session_user;
|
||||||
|
current_user | session_user
|
||||||
|
----------------------+-----------------------------------
|
||||||
|
regress_current_user | regress_authenticated_user_db_ssa
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
SET ROLE NONE;
|
||||||
|
DO $$BEGIN EXECUTE format(
|
||||||
|
'ALTER DATABASE %I RESET role', current_catalog); END$$;
|
||||||
|
-- Test connection string options
|
||||||
|
\c -reuse-previous=on "user=regress_authenticated_user_db_sr options=-crole=regress_current_user"
|
||||||
|
SELECT current_user, session_user;
|
||||||
|
current_user | session_user
|
||||||
|
----------------------+----------------------------------
|
||||||
|
regress_current_user | regress_authenticated_user_db_sr
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
-- As above, session_authorization has no effect.
|
||||||
|
\c -reuse-previous=on "user=regress_authenticated_user_db_ssa options=-csession_authorization=regress_session_user"
|
||||||
|
SELECT current_user, session_user;
|
||||||
|
current_user | session_user
|
||||||
|
-----------------------------------+-----------------------------------
|
||||||
|
regress_authenticated_user_db_ssa | regress_authenticated_user_db_ssa
|
||||||
|
(1 row)
|
||||||
|
|
||||||
|
-- Test ALTER ROLE consequences
|
||||||
|
\c -reuse-previous=on "user=regress_authenticated_user_sr options="
|
||||||
SELECT current_user, session_user;
|
SELECT current_user, session_user;
|
||||||
current_user | session_user
|
current_user | session_user
|
||||||
----------------------+-------------------------------
|
----------------------+-------------------------------
|
||||||
regress_current_user | regress_authenticated_user_sr
|
regress_current_user | regress_authenticated_user_sr
|
||||||
(1 row)
|
(1 row)
|
||||||
|
|
||||||
-- The longstanding historical behavior is that session_authorization in
|
-- As above, session_authorization has no effect.
|
||||||
-- setconfig has no effect. Hence, session_user remains
|
|
||||||
-- regress_authenticated_user_ssa. See comment in InitializeSessionUserId().
|
|
||||||
\c - regress_authenticated_user_ssa
|
\c - regress_authenticated_user_ssa
|
||||||
SELECT current_user, session_user;
|
SELECT current_user, session_user;
|
||||||
current_user | session_user
|
current_user | session_user
|
||||||
|
|||||||
@ -11,7 +11,9 @@ tests += {
|
|||||||
'alter_system_table',
|
'alter_system_table',
|
||||||
'guc_privs',
|
'guc_privs',
|
||||||
],
|
],
|
||||||
'regress_args': ['--create-role=regress_authenticated_user_sr',
|
'regress_args': ['--create-role=regress_authenticated_user_db_sr',
|
||||||
|
'--create-role=regress_authenticated_user_db_ssa',
|
||||||
|
'--create-role=regress_authenticated_user_sr',
|
||||||
'--create-role=regress_authenticated_user_ssa'],
|
'--create-role=regress_authenticated_user_ssa'],
|
||||||
'runningcheck': false,
|
'runningcheck': false,
|
||||||
},
|
},
|
||||||
|
|||||||
@ -2,21 +2,70 @@
|
|||||||
-- during the test run. Under installcheck, a too-permissive pg_hba.conf
|
-- during the test run. Under installcheck, a too-permissive pg_hba.conf
|
||||||
-- might allow unwanted logins as regress_authenticated_user_ssa.
|
-- might allow unwanted logins as regress_authenticated_user_ssa.
|
||||||
|
|
||||||
|
-- Setup catalog state.
|
||||||
|
ALTER USER regress_authenticated_user_db_ssa superuser;
|
||||||
ALTER USER regress_authenticated_user_ssa superuser;
|
ALTER USER regress_authenticated_user_ssa superuser;
|
||||||
CREATE ROLE regress_session_user;
|
CREATE ROLE regress_session_user;
|
||||||
CREATE ROLE regress_current_user;
|
CREATE ROLE regress_current_user;
|
||||||
|
GRANT regress_current_user TO regress_authenticated_user_db_sr;
|
||||||
GRANT regress_current_user TO regress_authenticated_user_sr;
|
GRANT regress_current_user TO regress_authenticated_user_sr;
|
||||||
|
GRANT regress_session_user TO regress_authenticated_user_db_ssa;
|
||||||
GRANT regress_session_user TO regress_authenticated_user_ssa;
|
GRANT regress_session_user TO regress_authenticated_user_ssa;
|
||||||
|
DO $$BEGIN EXECUTE format(
|
||||||
|
'ALTER DATABASE %I SET session_authorization = regress_session_user',
|
||||||
|
current_catalog); END$$;
|
||||||
ALTER ROLE regress_authenticated_user_ssa
|
ALTER ROLE regress_authenticated_user_ssa
|
||||||
SET session_authorization = regress_session_user;
|
SET session_authorization = regress_session_user;
|
||||||
ALTER ROLE regress_authenticated_user_sr SET ROLE = regress_current_user;
|
ALTER ROLE regress_authenticated_user_sr SET ROLE = regress_current_user;
|
||||||
|
|
||||||
\c - regress_authenticated_user_sr
|
|
||||||
SELECT current_user, session_user;
|
-- Test ALTER DATABASE consequences
|
||||||
|
|
||||||
-- The longstanding historical behavior is that session_authorization in
|
-- The longstanding historical behavior is that session_authorization in
|
||||||
-- setconfig has no effect. Hence, session_user remains
|
-- setconfig has no effect. Hence, session_user remains
|
||||||
-- regress_authenticated_user_ssa. See comment in InitializeSessionUserId().
|
-- regress_authenticated_user_ssa. See comment in InitializeSessionUserId().
|
||||||
|
\c - regress_authenticated_user_db_ssa
|
||||||
|
SELECT current_user, session_user;
|
||||||
|
-- We document "The DEFAULT and RESET forms reset the session and current user
|
||||||
|
-- identifiers to be the originally authenticated user name." If we let
|
||||||
|
-- session_authorization in setconfig have an effect, we'll need to decide
|
||||||
|
-- whether to make RESET differ from DEFAULT.
|
||||||
|
RESET SESSION AUTHORIZATION;
|
||||||
|
SELECT current_user, session_user;
|
||||||
|
DO $$BEGIN
|
||||||
|
EXECUTE format(
|
||||||
|
'ALTER DATABASE %I RESET session_authorization', current_catalog);
|
||||||
|
EXECUTE format(
|
||||||
|
'ALTER DATABASE %I SET role = regress_current_user', current_catalog);
|
||||||
|
END$$;
|
||||||
|
|
||||||
|
\c - regress_authenticated_user_db_sr
|
||||||
|
SELECT current_user, session_user;
|
||||||
|
|
||||||
|
-- Back to superuser, to reverse ALTER DATABASE
|
||||||
|
\c - regress_authenticated_user_db_ssa
|
||||||
|
SELECT current_user, session_user;
|
||||||
|
SET ROLE NONE;
|
||||||
|
DO $$BEGIN EXECUTE format(
|
||||||
|
'ALTER DATABASE %I RESET role', current_catalog); END$$;
|
||||||
|
|
||||||
|
|
||||||
|
-- Test connection string options
|
||||||
|
|
||||||
|
\c -reuse-previous=on "user=regress_authenticated_user_db_sr options=-crole=regress_current_user"
|
||||||
|
SELECT current_user, session_user;
|
||||||
|
|
||||||
|
-- As above, session_authorization has no effect.
|
||||||
|
\c -reuse-previous=on "user=regress_authenticated_user_db_ssa options=-csession_authorization=regress_session_user"
|
||||||
|
SELECT current_user, session_user;
|
||||||
|
|
||||||
|
|
||||||
|
-- Test ALTER ROLE consequences
|
||||||
|
|
||||||
|
\c -reuse-previous=on "user=regress_authenticated_user_sr options="
|
||||||
|
SELECT current_user, session_user;
|
||||||
|
|
||||||
|
-- As above, session_authorization has no effect.
|
||||||
\c - regress_authenticated_user_ssa
|
\c - regress_authenticated_user_ssa
|
||||||
SELECT current_user, session_user;
|
SELECT current_user, session_user;
|
||||||
RESET SESSION AUTHORIZATION;
|
RESET SESSION AUTHORIZATION;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user