Skip to content

P
Postgres FD Implementation
Commit b4e2ada3 authored by Peter Eisentraut's avatar Peter Eisentraut
Browse files
Options

In LDAP test, restart after pg_hba.conf changes 

Instead of issuing a reload after pg_hba.conf changes between test
cases, run a full restart.  With a reload, an error in the new
pg_hba.conf is ignored and the tests will continue to run with the old
settings, invalidating the subsequent test cases.  With a restart, a
faulty pg_hba.conf will lead to the test being aborted, which is what
we'd rather want.
parent ebdb42a0
Show whitespace changes
Inline Side-by-side
Showing with 11 additions and 11 deletions
src/test/ldap/t/001_auth.pl
View file @ b4e2ada3
...@@ -130,7 +130,7 @@ note "simple bind"; ...@@ -130,7 +130,7 @@ note "simple bind";
unlink($node->data_dir . '/pg_hba.conf'); unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapprefix="uid=" ldapsuffix=",dc=example,dc=net"}); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapprefix="uid=" ldapsuffix=",dc=example,dc=net"});
$node->reload; $node->restart;
$ENV{"PGPASSWORD"} = 'wrong'; $ENV{"PGPASSWORD"} = 'wrong';
test_access($node, 'test0', 2, 'simple bind authentication fails if user not found in LDAP'); test_access($node, 'test0', 2, 'simple bind authentication fails if user not found in LDAP');
...@@ -142,7 +142,7 @@ note "search+bind"; ...@@ -142,7 +142,7 @@ note "search+bind";
unlink($node->data_dir . '/pg_hba.conf'); unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapbasedn="$ldap_basedn"}); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapbasedn="$ldap_basedn"});
$node->reload; $node->restart;
$ENV{"PGPASSWORD"} = 'wrong'; $ENV{"PGPASSWORD"} = 'wrong';
test_access($node, 'test0', 2, 'search+bind authentication fails if user not found in LDAP'); test_access($node, 'test0', 2, 'search+bind authentication fails if user not found in LDAP');
...@@ -154,7 +154,7 @@ note "LDAP URLs"; ...@@ -154,7 +154,7 @@ note "LDAP URLs";
unlink($node->data_dir . '/pg_hba.conf'); unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldap_url/$ldap_basedn?uid?sub"}); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldap_url/$ldap_basedn?uid?sub"});
$node->reload; $node->restart;
$ENV{"PGPASSWORD"} = 'wrong'; $ENV{"PGPASSWORD"} = 'wrong';
test_access($node, 'test0', 2, 'search+bind with LDAP URL authentication fails if user not found in LDAP'); test_access($node, 'test0', 2, 'search+bind with LDAP URL authentication fails if user not found in LDAP');
...@@ -166,7 +166,7 @@ note "search filters"; ...@@ -166,7 +166,7 @@ note "search filters";
unlink($node->data_dir . '/pg_hba.conf'); unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapbasedn="$ldap_basedn" ldapsearchfilter="(|(uid=\$username)(mail=\$username))"}); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapbasedn="$ldap_basedn" ldapsearchfilter="(|(uid=\$username)(mail=\$username))"});
$node->reload; $node->restart;
$ENV{"PGPASSWORD"} = 'secret1'; $ENV{"PGPASSWORD"} = 'secret1';
test_access($node, 'test1', 0, 'search filter finds by uid'); test_access($node, 'test1', 0, 'search filter finds by uid');
...@@ -177,7 +177,7 @@ note "search filters in LDAP URLs"; ...@@ -177,7 +177,7 @@ note "search filters in LDAP URLs";
unlink($node->data_dir . '/pg_hba.conf'); unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldap_url/$ldap_basedn??sub?(|(uid=\$username)(mail=\$username))"}); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldap_url/$ldap_basedn??sub?(|(uid=\$username)(mail=\$username))"});
$node->reload; $node->restart;
$ENV{"PGPASSWORD"} = 'secret1'; $ENV{"PGPASSWORD"} = 'secret1';
test_access($node, 'test1', 0, 'search filter finds by uid'); test_access($node, 'test1', 0, 'search filter finds by uid');
...@@ -189,7 +189,7 @@ test_access($node, 'test2@example.net', 0, 'search filter finds by mail'); ...@@ -189,7 +189,7 @@ test_access($node, 'test2@example.net', 0, 'search filter finds by mail');
# override. It might be useful in a case like this. # override. It might be useful in a case like this.
unlink($node->data_dir . '/pg_hba.conf'); unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldap_url/$ldap_basedn??sub" ldapsearchfilter="(|(uid=\$username)(mail=\$username))"}); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldap_url/$ldap_basedn??sub" ldapsearchfilter="(|(uid=\$username)(mail=\$username))"});
$node->reload; $node->restart;
$ENV{"PGPASSWORD"} = 'secret1'; $ENV{"PGPASSWORD"} = 'secret1';
test_access($node, 'test1', 0, 'combined LDAP URL and search filter'); test_access($node, 'test1', 0, 'combined LDAP URL and search filter');
...@@ -199,7 +199,7 @@ note "diagnostic message"; ...@@ -199,7 +199,7 @@ note "diagnostic message";
# note bad ldapprefix with a question mark that triggers a diagnostic message # note bad ldapprefix with a question mark that triggers a diagnostic message
unlink($node->data_dir . '/pg_hba.conf'); unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapprefix="?uid=" ldapsuffix=""}); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapprefix="?uid=" ldapsuffix=""});
$node->reload; $node->restart;
$ENV{"PGPASSWORD"} = 'secret1'; $ENV{"PGPASSWORD"} = 'secret1';
test_access($node, 'test1', 2, 'any attempt fails due to bad search pattern'); test_access($node, 'test1', 2, 'any attempt fails due to bad search pattern');
...@@ -209,7 +209,7 @@ note "TLS"; ...@@ -209,7 +209,7 @@ note "TLS";
# request StartTLS with ldaptls=1 # request StartTLS with ldaptls=1
unlink($node->data_dir . '/pg_hba.conf'); unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapbasedn="$ldap_basedn" ldapsearchfilter="(uid=\$username)" ldaptls=1}); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapbasedn="$ldap_basedn" ldapsearchfilter="(uid=\$username)" ldaptls=1});
$node->reload; $node->restart;
$ENV{"PGPASSWORD"} = 'secret1'; $ENV{"PGPASSWORD"} = 'secret1';
test_access($node, 'test1', 0, 'StartTLS'); test_access($node, 'test1', 0, 'StartTLS');
...@@ -217,7 +217,7 @@ test_access($node, 'test1', 0, 'StartTLS'); ...@@ -217,7 +217,7 @@ test_access($node, 'test1', 0, 'StartTLS');
# request LDAPS with ldapscheme=ldaps # request LDAPS with ldapscheme=ldaps
unlink($node->data_dir . '/pg_hba.conf'); unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapscheme=ldaps ldapport=$ldaps_port ldapbasedn="$ldap_basedn" ldapsearchfilter="(uid=\$username)"}); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapserver=$ldap_server ldapscheme=ldaps ldapport=$ldaps_port ldapbasedn="$ldap_basedn" ldapsearchfilter="(uid=\$username)"});
$node->reload; $node->restart;
$ENV{"PGPASSWORD"} = 'secret1'; $ENV{"PGPASSWORD"} = 'secret1';
test_access($node, 'test1', 0, 'LDAPS'); test_access($node, 'test1', 0, 'LDAPS');
...@@ -225,7 +225,7 @@ test_access($node, 'test1', 0, 'LDAPS'); ...@@ -225,7 +225,7 @@ test_access($node, 'test1', 0, 'LDAPS');
# request LDAPS with ldapurl=ldaps://... # request LDAPS with ldapurl=ldaps://...
unlink($node->data_dir . '/pg_hba.conf'); unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldaps_url/$ldap_basedn??sub?(uid=\$username)"}); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldaps_url/$ldap_basedn??sub?(uid=\$username)"});
$node->reload; $node->restart;
$ENV{"PGPASSWORD"} = 'secret1'; $ENV{"PGPASSWORD"} = 'secret1';
test_access($node, 'test1', 0, 'LDAPS with URL'); test_access($node, 'test1', 0, 'LDAPS with URL');
...@@ -233,7 +233,7 @@ test_access($node, 'test1', 0, 'LDAPS with URL'); ...@@ -233,7 +233,7 @@ test_access($node, 'test1', 0, 'LDAPS with URL');
# bad combination of LDAPS and StartTLS # bad combination of LDAPS and StartTLS
unlink($node->data_dir . '/pg_hba.conf'); unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldaps_url/$ldap_basedn??sub?(uid=\$username)" ldaptls=1}); $node->append_conf('pg_hba.conf', qq{local all all ldap ldapurl="$ldaps_url/$ldap_basedn??sub?(uid=\$username)" ldaptls=1});
$node->reload; $node->restart;
$ENV{"PGPASSWORD"} = 'secret1'; $ENV{"PGPASSWORD"} = 'secret1';
test_access($node, 'test1', 2, 'bad combination of LDAPS and StartTLS'); test_access($node, 'test1', 2, 'bad combination of LDAPS and StartTLS');
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment