Blind attempt to fix SSPI-auth case in 010_dump_connstr.pl.

Up to now, pg_regress --config-auth had a hard-wired assumption that the target cluster uses the default bootstrap superuser name. pg_dump's 010_dump_connstr.pl TAP test uses non-default superuser names, and was klugily getting around the restriction by listing the desired superuser name as a role to "create". This is pretty confusing (or at least, it confused me). Let's make it clearer by allowing --config-auth mode to be told the bootstrap superuser name. Repurpose the existing --user switch for that, since it has no other function in --config-auth mode. Per buildfarm. I don't have an environment at hand in which I can test this fix, but the buildfarm should soon show if it works. Discussion: https://postgr.es/m/3142.1561840611@sss.pgh.pa.us

Blind attempt to fix SSPI-auth case in 010_dump_connstr.pl.
Up to now, pg_regress --config-auth had a hard-wired assumption that the target cluster uses the default bootstrap superuser name. pg_dump's 010_dump_connstr.pl TAP test uses non-default superuser names, and was klugily getting around the restriction by listing the desired superuser name as a role to "create". This is pretty confusing (or at least, it confused me). Let's make it clearer by allowing --config-auth mode to be told the bootstrap superuser name. Repurpose the existing --user switch for that, since it has no other function in --config-auth mode. Per buildfarm. I don't have an environment at hand in which I can test this fix, but the buildfarm should soon show if it works. Discussion: https://postgr.es/m/3142.1561840611@sss.pgh.pa.us
681cca86 · Tom Lane · c91504b9 · 681cca86 · 681cca86
Commit 681cca86 authored Jun 30, 2019 by Tom Lane
Show whitespace changes
Inline Side-by-side

Showing with 33 additions and 20 deletions

src/bin/pg_dump/t/010_dump_connstr.pl src/bin/pg_dump/t/010_dump_connstr.pl +9 -6

src/test/regress/pg_regress.c src/test/regress/pg_regress.c +24 -14

No files found.
--- a/src/bin/pg_dump/t/010_dump_connstr.pl
+++ b/src/bin/pg_dump/t/010_dump_connstr.pl
@@ -56,7 +56,8 @@ $node->init(extra =>
 $node->run_log(
 	[
 		$ENV{PG_REGRESS},     '--config-auth',
-		$node->data_dir,  '--create-role',
+		$node->data_dir,      '--user',
+		$src_bootstrap_super, '--create-role',
 		"$username1,$username2,$username3,$username4"
 	]);
 $node->start;
@@ -181,8 +182,9 @@ $envar_node->init(extra =>
 $envar_node->run_log(
 	[
 		$ENV{PG_REGRESS},      '--config-auth',
-		$envar_node->data_dir, '--create-role',
+		$envar_node->data_dir, '--user',
-		"$dst_bootstrap_super,$restore_super"
+		$dst_bootstrap_super,  '--create-role',
+		$restore_super
 	]);
 $envar_node->start;
@@ -213,8 +215,9 @@ $cmdline_node->init(extra =>
 $cmdline_node->run_log(
 	[
 		$ENV{PG_REGRESS},        '--config-auth',
-		$cmdline_node->data_dir, '--create-role',
+		$cmdline_node->data_dir, '--user',
-		"$dst_bootstrap_super,$restore_super"
+		$dst_bootstrap_super,    '--create-role',
+		$restore_super
 	]);
 $cmdline_node->start;
 $cmdline_node->run_log(

--- a/src/test/regress/pg_regress.c
+++ b/src/test/regress/pg_regress.c
@@ -965,13 +965,15 @@ current_windows_user(const char **acct, const char **dom)
 * Rewrite pg_hba.conf and pg_ident.conf to use SSPI authentication.  Permit
 * the current OS user to authenticate as the bootstrap superuser and as any
 * user named in a --create-role option.
+ *
+ * In --config-auth mode, the --user switch can be used to specify the
+ * bootstrap superuser's name, otherwise we assume it is the default.
 */
 static void
-config_sspi_auth(const char *pgdata)
+config_sspi_auth(const char *pgdata, const char *superuser_name)
 {
 	const char *accountname,
 			   *domainname;
-	const char *username;
 	char	   *errstr;
 	bool		have_ipv6;
 	char		fname[MAXPGPATH];
@@ -980,18 +982,26 @@ config_sspi_auth(const char *pgdata)
 			   *ident;
 	_stringlist *sl;
+	/* Find out the name of the current OS user */
+	current_windows_user(&accountname, &domainname);
+	/* Determine the bootstrap superuser's name */
+	if (superuser_name == NULL)
+	{
 		/*
-	 * "username", the initdb-chosen bootstrap superuser name, may always
+		 * Compute the default superuser name the same way initdb does.
-	 * match "accountname", the value SSPI authentication discovers.  The
+		 *
-	 * underlying system functions do not clearly guarantee that.
+		 * It's possible that this result always matches "accountname", the
+		 * value SSPI authentication discovers.  But the underlying system
+		 * functions do not clearly guarantee that.
 		 */
-	current_windows_user(&accountname, &domainname);
+		superuser_name = get_user_name(&errstr);
-	username = get_user_name(&errstr);
+		if (superuser_name == NULL)
-	if (username == NULL)
 		{
 			fprintf(stderr, "%s: %s\n", progname, errstr);
 			exit(2);
 		}
+	}
 	/*
 	 * Like initdb.c:setup_config(), determine whether the platform recognizes
@@ -1067,7 +1077,7 @@ config_sspi_auth(const char *pgdata)
 	 * bother escaping embedded double-quote characters.
 	 */
 	CW(fprintf(ident, "regress  \"%s@%s\"  %s\n",
-			   accountname, domainname, fmtHba(username)) >= 0);
+			   accountname, domainname, fmtHba(superuser_name)) >= 0);
 	for (sl = extraroles; sl; sl = sl->next)
 		CW(fprintf(ident, "regress  \"%s@%s\"  %s\n",
 				   accountname, domainname, fmtHba(sl->str)) >= 0);
@@ -2227,7 +2237,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc
 	if (config_auth_datadir)
 	{
 #ifdef ENABLE_SSPI
-		config_sspi_auth(config_auth_datadir);
+		config_sspi_auth(config_auth_datadir, user);
 #endif
 		exit(0);
 	}
@@ -2354,7 +2364,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc
 		 * "initdb" command, this can't truncate.
 		 */
 		snprintf(buf, sizeof(buf), "%s/data", temp_instance);
-		config_sspi_auth(buf);
+		config_sspi_auth(buf, NULL);
 #elif !defined(HAVE_UNIX_SOCKETS)
 #error Platform has no means to secure the test installation.
 #endif