mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make "kerberos" test suite independent of "localhost" name resolution.

Browse Source 
This suite malfunctioned if the canonical name of "localhost" was
something other than "localhost", such as "localhost.localdomain".  Use
hostaddr=127.0.0.1 and a fictitious host=, so the resolver's answers for
"localhost" don't affect the outcome.  Back-patch to v11, which
introduced this test suite.

Discussion: https://postgr.es/m/20180801050903.GA1392916@rfd.leadboat.com
This commit is contained in:
Noah Misch 2018-08-03 20:53:25 -07:00
parent b9612e5cfa
commit 75224ac20e
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/test/kerberos/t/001_auth.pl
View File

@ -48,6 +48,8 @@ if ($krb5_sbin_dir && -d $krb5_sbin_dir)
$krb5kdc = $krb5_sbin_dir . '/' . $krb5kdc; $krb5kdc = $krb5_sbin_dir . '/' . $krb5kdc;
} }
my $host = 'auth-test-localhost.postgresql.example.com';
my $hostaddr = '127.0.0.1';
my $realm = 'EXAMPLE.COM'; my $realm = 'EXAMPLE.COM';
my $krb5_conf = "${TestLib::tmp_check}/krb5.conf"; my $krb5_conf = "${TestLib::tmp_check}/krb5.conf";
@ -80,7 +82,7 @@ default_realm = $realm
[realms] [realms]
$realm = { $realm = {
kdc = localhost:$kdc_port kdc = $hostaddr:$kdc_port
}!); }!);
append_to_file( append_to_file(
@ -94,8 +96,8 @@ if ($krb5_version >= 1.15)
{ {
append_to_file( append_to_file(
$kdc_conf, $kdc_conf,
qq!kdc_listen = localhost:$kdc_port qq!kdc_listen = $hostaddr:$kdc_port
kdc_tcp_listen = localhost:$kdc_port kdc_tcp_listen = $hostaddr:$kdc_port
!); !);
} }
else else
@ -122,7 +124,7 @@ mkdir $kdc_datadir or die;
$ENV{'KRB5_CONFIG'} = $krb5_conf; $ENV{'KRB5_CONFIG'} = $krb5_conf;
$ENV{'KRB5_KDC_PROFILE'} = $kdc_conf; $ENV{'KRB5_KDC_PROFILE'} = $kdc_conf;
my $service_principal = "$ENV{with_krb_srvnam}/localhost"; my $service_principal = "$ENV{with_krb_srvnam}/$host";
system_or_bail $kdb5_util, 'create', '-s', '-P', 'secret0'; system_or_bail $kdb5_util, 'create', '-s', '-P', 'secret0';
@ -143,7 +145,7 @@ note "setting up PostgreSQL instance";
my $node = get_new_node('node'); my $node = get_new_node('node');
$node->init; $node->init;
$node->append_conf('postgresql.conf', "listen_addresses = 'localhost'"); $node->append_conf('postgresql.conf', "listen_addresses = '$hostaddr'");
$node->append_conf('postgresql.conf', "krb_server_keyfile = '$keytab'"); $node->append_conf('postgresql.conf', "krb_server_keyfile = '$keytab'");
$node->start; $node->start;
@ -160,7 +162,8 @@ sub test_access
'postgres', 'postgres',
'SELECT 1', 'SELECT 1',
extra_params => [ extra_params => [
'-d', $node->connstr('postgres') . ' host=localhost', '-d',
$node->connstr('postgres') . " host=$host hostaddr=$hostaddr",
'-U', $role '-U', $role
]); ]);
is($res, $expected_res, $test_name); is($res, $expected_res, $test_name);
@ -168,7 +171,8 @@ sub test_access
} }
unlink($node->data_dir . '/pg_hba.conf'); unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf', qq{host all all localhost gss map=mymap}); $node->append_conf('pg_hba.conf',
qq{host all all $hostaddr/32 gss map=mymap});
$node->restart; $node->restart;
test_access($node, 'test1', 2, 'fails without ticket'); test_access($node, 'test1', 2, 'fails without ticket');
@ -185,7 +189,7 @@ test_access($node, 'test1', 0, 'succeeds with mapping');
truncate($node->data_dir . '/pg_ident.conf', 0); truncate($node->data_dir . '/pg_ident.conf', 0);
unlink($node->data_dir . '/pg_hba.conf'); unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf', $node->append_conf('pg_hba.conf',
qq{host all all localhost gss include_realm=0}); qq{host all all $hostaddr/32 gss include_realm=0});
$node->restart; $node->restart;
test_access($node, 'test1', 0, 'succeeds with include_realm=0'); test_access($node, 'test1', 0, 'succeeds with include_realm=0');