Add tests for errors during SSL or GSSAPI handshake

These test that libpq correctly falls back to a plaintext connection on handshake error, in the "prefer" modes. Reviewed-by: Michael Paquier Discussion: https://www.postgresql.org/message-id/CAOYmi%2Bnwvu21mJ4DYKUa98HdfM_KZJi7B1MhyXtnsyOO-PB6Ww%40mail.gmail.com
2024-07-26 15:12:23 +03:00 · 2024-07-26 15:12:23 +03:00 · ef7fa900fb
commit ef7fa900fb
parent 20e0e7da9b
3 changed files with 26 additions and 0 deletions
--- a/src/backend/libpq/be-secure-gssapi.c
+++ b/src/backend/libpq/be-secure-gssapi.c
@ -21,6 +21,7 @@
 #include "libpq/pqformat.h"
 #include "miscadmin.h"
 #include "pgstat.h"
+#include "utils/injection_point.h"
 #include "utils/memutils.h"


@ -499,6 +500,8 @@ secure_open_gssapi(Port *port)
 				minor;
 	gss_cred_id_t delegated_creds;

+	INJECTION_POINT("backend-gssapi-startup");
+
 	/*
 	 * Allocate subsidiary Port data for GSSAPI operations.
 	 */
--- a/src/backend/libpq/be-secure.c
+++ b/src/backend/libpq/be-secure.c
@ -30,6 +30,7 @@
 #include "libpq/libpq.h"
 #include "miscadmin.h"
 #include "tcop/tcopprot.h"
+#include "utils/injection_point.h"
 #include "utils/wait_event.h"

 char	   *ssl_library;
@ -129,6 +130,8 @@ secure_open_server(Port *port)
 	}
 	Assert(pq_buffer_remaining_data() == 0);

+	INJECTION_POINT("backend-ssl-startup");
+
 	r = be_tls_open_server(port);

 	if (port->raw_buf_remaining > 0)
--- a/src/interfaces/libpq/t/005_negotiate_encryption.pl
+++ b/src/interfaces/libpq/t/005_negotiate_encryption.pl
@ -339,6 +339,16 @@ nossluser   .            disable      postgres       connect, authok
 			"user=testuser sslmode=prefer",
 			'connect, v2error -> fail');
 		$node->restart;
+
+		$node->safe_psql(
+			'postgres',
+			"SELECT injection_points_attach('backend-ssl-startup', 'error');",
+			connstr => "user=localuser host=$unixdir");
+		connect_test(
+			$node,
+			"user=testuser sslmode=prefer",
+			'connect, sslaccept, backenderror, reconnect, authok -> plain');
+		$node->restart;
 	}

 	# Disable SSL again
@ -444,6 +454,16 @@ nogssuser   disable      disable      postgres       connect, authok
 			"user=testuser gssencmode=prefer sslmode=disable",
 			'connect, v2error -> fail');
 		$node->restart;
+
+		$node->safe_psql(
+			'postgres',
+			"SELECT injection_points_attach('backend-gssapi-startup', 'error');",
+			connstr => "user=localuser host=$unixdir");
+		connect_test(
+			$node,
+			"user=testuser gssencmode=prefer sslmode=disable",
+			'connect, gssaccept, backenderror, reconnect, authok -> plain');
+		$node->restart;
 	}
 }