aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/test/modules/unsafe_tests/Makefile2
-rw-r--r--src/test/modules/unsafe_tests/expected/setconfig.out76
-rw-r--r--src/test/modules/unsafe_tests/meson.build4
-rw-r--r--src/test/modules/unsafe_tests/sql/setconfig.sql53
4 files changed, 128 insertions, 7 deletions
diff --git a/src/test/modules/unsafe_tests/Makefile b/src/test/modules/unsafe_tests/Makefile
index d4ff227ef07..a85c854392d 100644
--- a/src/test/modules/unsafe_tests/Makefile
+++ b/src/test/modules/unsafe_tests/Makefile
@@ -2,6 +2,8 @@
REGRESS = rolenames setconfig alter_system_table guc_privs
REGRESS_OPTS = \
+ --create-role=regress_authenticated_user_db_sr \
+ --create-role=regress_authenticated_user_db_ssa \
--create-role=regress_authenticated_user_sr \
--create-role=regress_authenticated_user_ssa
diff --git a/src/test/modules/unsafe_tests/expected/setconfig.out b/src/test/modules/unsafe_tests/expected/setconfig.out
index 6a021d9ad03..5f42443e144 100644
--- a/src/test/modules/unsafe_tests/expected/setconfig.out
+++ b/src/test/modules/unsafe_tests/expected/setconfig.out
@@ -1,24 +1,92 @@
-- This is borderline unsafe in that an additional login-capable user exists
-- during the test run. Under installcheck, a too-permissive pg_hba.conf
-- might allow unwanted logins as regress_authenticated_user_ssa.
+-- Setup catalog state.
+ALTER USER regress_authenticated_user_db_ssa superuser;
ALTER USER regress_authenticated_user_ssa superuser;
CREATE ROLE regress_session_user;
CREATE ROLE regress_current_user;
+GRANT regress_current_user TO regress_authenticated_user_db_sr;
GRANT regress_current_user TO regress_authenticated_user_sr;
+GRANT regress_session_user TO regress_authenticated_user_db_ssa;
GRANT regress_session_user TO regress_authenticated_user_ssa;
+DO $$BEGIN EXECUTE format(
+ 'ALTER DATABASE %I SET session_authorization = regress_session_user',
+ current_catalog); END$$;
ALTER ROLE regress_authenticated_user_ssa
SET session_authorization = regress_session_user;
ALTER ROLE regress_authenticated_user_sr SET ROLE = regress_current_user;
-\c - regress_authenticated_user_sr
+-- Test ALTER DATABASE consequences
+-- The longstanding historical behavior is that session_authorization in
+-- setconfig has no effect. Hence, session_user remains
+-- regress_authenticated_user_ssa. See comment in InitializeSessionUserId().
+\c - regress_authenticated_user_db_ssa
+SELECT current_user, session_user;
+ current_user | session_user
+-----------------------------------+-----------------------------------
+ regress_authenticated_user_db_ssa | regress_authenticated_user_db_ssa
+(1 row)
+
+-- We document "The DEFAULT and RESET forms reset the session and current user
+-- identifiers to be the originally authenticated user name." If we let
+-- session_authorization in setconfig have an effect, we'll need to decide
+-- whether to make RESET differ from DEFAULT.
+RESET SESSION AUTHORIZATION;
+SELECT current_user, session_user;
+ current_user | session_user
+-----------------------------------+-----------------------------------
+ regress_authenticated_user_db_ssa | regress_authenticated_user_db_ssa
+(1 row)
+
+DO $$BEGIN
+ EXECUTE format(
+ 'ALTER DATABASE %I RESET session_authorization', current_catalog);
+ EXECUTE format(
+ 'ALTER DATABASE %I SET role = regress_current_user', current_catalog);
+END$$;
+\c - regress_authenticated_user_db_sr
+SELECT current_user, session_user;
+ current_user | session_user
+----------------------+----------------------------------
+ regress_current_user | regress_authenticated_user_db_sr
+(1 row)
+
+-- Back to superuser, to reverse ALTER DATABASE
+\c - regress_authenticated_user_db_ssa
+SELECT current_user, session_user;
+ current_user | session_user
+----------------------+-----------------------------------
+ regress_current_user | regress_authenticated_user_db_ssa
+(1 row)
+
+SET ROLE NONE;
+DO $$BEGIN EXECUTE format(
+ 'ALTER DATABASE %I RESET role', current_catalog); END$$;
+-- Test connection string options
+\c -reuse-previous=on "user=regress_authenticated_user_db_sr options=-crole=regress_current_user"
+SELECT current_user, session_user;
+ current_user | session_user
+----------------------+----------------------------------
+ regress_current_user | regress_authenticated_user_db_sr
+(1 row)
+
+-- As above, session_authorization has no effect.
+\c -reuse-previous=on "user=regress_authenticated_user_db_ssa options=-csession_authorization=regress_session_user"
+SELECT current_user, session_user;
+ current_user | session_user
+-----------------------------------+-----------------------------------
+ regress_authenticated_user_db_ssa | regress_authenticated_user_db_ssa
+(1 row)
+
+-- Test ALTER ROLE consequences
+\c -reuse-previous=on "user=regress_authenticated_user_sr options="
SELECT current_user, session_user;
current_user | session_user
----------------------+-------------------------------
regress_current_user | regress_authenticated_user_sr
(1 row)
--- The longstanding historical behavior is that session_authorization in
--- setconfig has no effect. Hence, session_user remains
--- regress_authenticated_user_ssa. See comment in InitializeSessionUserId().
+-- As above, session_authorization has no effect.
\c - regress_authenticated_user_ssa
SELECT current_user, session_user;
current_user | session_user
diff --git a/src/test/modules/unsafe_tests/meson.build b/src/test/modules/unsafe_tests/meson.build
index 3e174c7425a..cf1480a74c6 100644
--- a/src/test/modules/unsafe_tests/meson.build
+++ b/src/test/modules/unsafe_tests/meson.build
@@ -11,7 +11,9 @@ tests += {
'alter_system_table',
'guc_privs',
],
- 'regress_args': ['--create-role=regress_authenticated_user_sr',
+ 'regress_args': ['--create-role=regress_authenticated_user_db_sr',
+ '--create-role=regress_authenticated_user_db_ssa',
+ '--create-role=regress_authenticated_user_sr',
'--create-role=regress_authenticated_user_ssa'],
'runningcheck': false,
},
diff --git a/src/test/modules/unsafe_tests/sql/setconfig.sql b/src/test/modules/unsafe_tests/sql/setconfig.sql
index 8817a7c7636..81296d1091b 100644
--- a/src/test/modules/unsafe_tests/sql/setconfig.sql
+++ b/src/test/modules/unsafe_tests/sql/setconfig.sql
@@ -2,21 +2,70 @@
-- during the test run. Under installcheck, a too-permissive pg_hba.conf
-- might allow unwanted logins as regress_authenticated_user_ssa.
+-- Setup catalog state.
+ALTER USER regress_authenticated_user_db_ssa superuser;
ALTER USER regress_authenticated_user_ssa superuser;
CREATE ROLE regress_session_user;
CREATE ROLE regress_current_user;
+GRANT regress_current_user TO regress_authenticated_user_db_sr;
GRANT regress_current_user TO regress_authenticated_user_sr;
+GRANT regress_session_user TO regress_authenticated_user_db_ssa;
GRANT regress_session_user TO regress_authenticated_user_ssa;
+DO $$BEGIN EXECUTE format(
+ 'ALTER DATABASE %I SET session_authorization = regress_session_user',
+ current_catalog); END$$;
ALTER ROLE regress_authenticated_user_ssa
SET session_authorization = regress_session_user;
ALTER ROLE regress_authenticated_user_sr SET ROLE = regress_current_user;
-\c - regress_authenticated_user_sr
-SELECT current_user, session_user;
+
+-- Test ALTER DATABASE consequences
-- The longstanding historical behavior is that session_authorization in
-- setconfig has no effect. Hence, session_user remains
-- regress_authenticated_user_ssa. See comment in InitializeSessionUserId().
+\c - regress_authenticated_user_db_ssa
+SELECT current_user, session_user;
+-- We document "The DEFAULT and RESET forms reset the session and current user
+-- identifiers to be the originally authenticated user name." If we let
+-- session_authorization in setconfig have an effect, we'll need to decide
+-- whether to make RESET differ from DEFAULT.
+RESET SESSION AUTHORIZATION;
+SELECT current_user, session_user;
+DO $$BEGIN
+ EXECUTE format(
+ 'ALTER DATABASE %I RESET session_authorization', current_catalog);
+ EXECUTE format(
+ 'ALTER DATABASE %I SET role = regress_current_user', current_catalog);
+END$$;
+
+\c - regress_authenticated_user_db_sr
+SELECT current_user, session_user;
+
+-- Back to superuser, to reverse ALTER DATABASE
+\c - regress_authenticated_user_db_ssa
+SELECT current_user, session_user;
+SET ROLE NONE;
+DO $$BEGIN EXECUTE format(
+ 'ALTER DATABASE %I RESET role', current_catalog); END$$;
+
+
+-- Test connection string options
+
+\c -reuse-previous=on "user=regress_authenticated_user_db_sr options=-crole=regress_current_user"
+SELECT current_user, session_user;
+
+-- As above, session_authorization has no effect.
+\c -reuse-previous=on "user=regress_authenticated_user_db_ssa options=-csession_authorization=regress_session_user"
+SELECT current_user, session_user;
+
+
+-- Test ALTER ROLE consequences
+
+\c -reuse-previous=on "user=regress_authenticated_user_sr options="
+SELECT current_user, session_user;
+
+-- As above, session_authorization has no effect.
\c - regress_authenticated_user_ssa
SELECT current_user, session_user;
RESET SESSION AUTHORIZATION;
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-24 20:24:07 +0000