Add tests for errors during SSL or GSSAPI handshake
These test that libpq correctly falls back to a plaintext connection on handshake error, in the "prefer" modes. Reviewed-by: Michael Paquier Discussion: https://www.postgresql.org/message-id/CAOYmi%2Bnwvu21mJ4DYKUa98HdfM_KZJi7B1MhyXtnsyOO-PB6Ww%40mail.gmail.com
This commit is contained in:
Heikki Linnakangas
parent
20e0e7da9b
commit
ef7fa900fb
@ -21,6 +21,7 @@
|
|||||||
#include "libpq/pqformat.h"
|
#include "libpq/pqformat.h"
|
||||||
#include "miscadmin.h"
|
#include "miscadmin.h"
|
||||||
#include "pgstat.h"
|
#include "pgstat.h"
|
||||||
|
#include "utils/injection_point.h"
|
||||||
#include "utils/memutils.h"
|
#include "utils/memutils.h"
|
||||||
|
|
||||||
|
|
||||||
@ -499,6 +500,8 @@ secure_open_gssapi(Port *port)
|
|||||||
minor;
|
minor;
|
||||||
gss_cred_id_t delegated_creds;
|
gss_cred_id_t delegated_creds;
|
||||||
|
|
||||||
|
INJECTION_POINT("backend-gssapi-startup");
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Allocate subsidiary Port data for GSSAPI operations.
|
* Allocate subsidiary Port data for GSSAPI operations.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -30,6 +30,7 @@
|
|||||||
#include "libpq/libpq.h"
|
#include "libpq/libpq.h"
|
||||||
#include "miscadmin.h"
|
#include "miscadmin.h"
|
||||||
#include "tcop/tcopprot.h"
|
#include "tcop/tcopprot.h"
|
||||||
|
#include "utils/injection_point.h"
|
||||||
#include "utils/wait_event.h"
|
#include "utils/wait_event.h"
|
||||||
|
|
||||||
char *ssl_library;
|
char *ssl_library;
|
||||||
@ -129,6 +130,8 @@ secure_open_server(Port *port)
|
|||||||
}
|
}
|
||||||
Assert(pq_buffer_remaining_data() == 0);
|
Assert(pq_buffer_remaining_data() == 0);
|
||||||
|
|
||||||
|
INJECTION_POINT("backend-ssl-startup");
|
||||||
|
|
||||||
r = be_tls_open_server(port);
|
r = be_tls_open_server(port);
|
||||||
|
|
||||||
if (port->raw_buf_remaining > 0)
|
if (port->raw_buf_remaining > 0)
|
||||||
|
|||||||
@ -339,6 +339,16 @@ nossluser . disable postgres connect, authok
|
|||||||
"user=testuser sslmode=prefer",
|
"user=testuser sslmode=prefer",
|
||||||
'connect, v2error -> fail');
|
'connect, v2error -> fail');
|
||||||
$node->restart;
|
$node->restart;
|
||||||
|
|
||||||
|
$node->safe_psql(
|
||||||
|
'postgres',
|
||||||
|
"SELECT injection_points_attach('backend-ssl-startup', 'error');",
|
||||||
|
connstr => "user=localuser host=$unixdir");
|
||||||
|
connect_test(
|
||||||
|
$node,
|
||||||
|
"user=testuser sslmode=prefer",
|
||||||
|
'connect, sslaccept, backenderror, reconnect, authok -> plain');
|
||||||
|
$node->restart;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Disable SSL again
|
# Disable SSL again
|
||||||
@ -444,6 +454,16 @@ nogssuser disable disable postgres connect, authok
|
|||||||
"user=testuser gssencmode=prefer sslmode=disable",
|
"user=testuser gssencmode=prefer sslmode=disable",
|
||||||
'connect, v2error -> fail');
|
'connect, v2error -> fail');
|
||||||
$node->restart;
|
$node->restart;
|
||||||
|
|
||||||
|
$node->safe_psql(
|
||||||
|
'postgres',
|
||||||
|
"SELECT injection_points_attach('backend-gssapi-startup', 'error');",
|
||||||
|
connstr => "user=localuser host=$unixdir");
|
||||||
|
connect_test(
|
||||||
|
$node,
|
||||||
|
"user=testuser gssencmode=prefer sslmode=disable",
|
||||||
|
'connect, gssaccept, backenderror, reconnect, authok -> plain');
|
||||||
|
$node->restart;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user