Blind attempt to fix SSPI-auth case in 010_dump_connstr.pl.

tglsfdc · tglsfdc · commit 681cca86f507 · 2019-06-30T13:34:45.000-04:00
Up to now, pg_regress --config-auth had a hard-wired assumption that the target cluster uses the default bootstrap superuser name. pg_dump's 010_dump_connstr.pl TAP test uses non-default superuser names, and was klugily getting around the restriction by listing the desired superuser name as a role to "create". This is pretty confusing (or at least, it confused me). Let's make it clearer by allowing --config-auth mode to be told the bootstrap superuser name. Repurpose the existing --user switch for that, since it has no other function in --config-auth mode. Per buildfarm. I don't have an environment at hand in which I can test this fix, but the buildfarm should soon show if it works. Discussion: https://postgr.es/m/3142.1561840611@sss.pgh.pa.us
diff --git a/src/bin/pg_dump/t/010_dump_connstr.pl b/src/bin/pg_dump/t/010_dump_connstr.pl
@@ -55,8 +55,9 @@
 # prep pg_hba.conf and pg_ident.conf
 $node->run_log(
 	[
-		$ENV{PG_REGRESS}, '--config-auth',
-		$node->data_dir,  '--create-role',
+		$ENV{PG_REGRESS},     '--config-auth',
+		$node->data_dir,      '--user',
+		$src_bootstrap_super, '--create-role',
 		"$username1,$username2,$username3,$username4"
 	]);
 $node->start;
@@ -181,8 +182,9 @@
 $envar_node->run_log(
 	[
 		$ENV{PG_REGRESS},      '--config-auth',
-		$envar_node->data_dir, '--create-role',
-		"$dst_bootstrap_super,$restore_super"
+		$envar_node->data_dir, '--user',
+		$dst_bootstrap_super,  '--create-role',
+		$restore_super
 	]);
 $envar_node->start;
 
@@ -213,8 +215,9 @@
 $cmdline_node->run_log(
 	[
 		$ENV{PG_REGRESS},        '--config-auth',
-		$cmdline_node->data_dir, '--create-role',
-		"$dst_bootstrap_super,$restore_super"
+		$cmdline_node->data_dir, '--user',
+		$dst_bootstrap_super,    '--create-role',
+		$restore_super
 	]);
 $cmdline_node->start;
 $cmdline_node->run_log(
diff --git a/src/test/regress/pg_regress.c b/src/test/regress/pg_regress.c
@@ -965,13 +965,15 @@ current_windows_user(const char **acct, const char **dom)
  * Rewrite pg_hba.conf and pg_ident.conf to use SSPI authentication.  Permit
  * the current OS user to authenticate as the bootstrap superuser and as any
  * user named in a --create-role option.
+ *
+ * In --config-auth mode, the --user switch can be used to specify the
+ * bootstrap superuser's name, otherwise we assume it is the default.
  */
 static void
-config_sspi_auth(const char *pgdata)
+config_sspi_auth(const char *pgdata, const char *superuser_name)
 {
 	const char *accountname,
 			   *domainname;
-	const char *username;
 	char	   *errstr;
 	bool		have_ipv6;
 	char		fname[MAXPGPATH];
@@ -980,17 +982,25 @@ config_sspi_auth(const char *pgdata)
 			   *ident;
 	_stringlist *sl;
 
-	/*
-	 * "username", the initdb-chosen bootstrap superuser name, may always
-	 * match "accountname", the value SSPI authentication discovers.  The
-	 * underlying system functions do not clearly guarantee that.
-	 */
+	/* Find out the name of the current OS user */
 	current_windows_user(&accountname, &domainname);
-	username = get_user_name(&errstr);
-	if (username == NULL)
+
+	/* Determine the bootstrap superuser's name */
+	if (superuser_name == NULL)
 	{
-		fprintf(stderr, "%s: %s\n", progname, errstr);
-		exit(2);
+		/*
+		 * Compute the default superuser name the same way initdb does.
+		 *
+		 * It's possible that this result always matches "accountname", the
+		 * value SSPI authentication discovers.  But the underlying system
+		 * functions do not clearly guarantee that.
+		 */
+		superuser_name = get_user_name(&errstr);
+		if (superuser_name == NULL)
+		{
+			fprintf(stderr, "%s: %s\n", progname, errstr);
+			exit(2);
+		}
 	}
 
 	/*
@@ -1067,7 +1077,7 @@ config_sspi_auth(const char *pgdata)
 	 * bother escaping embedded double-quote characters.
 	 */
 	CW(fprintf(ident, "regress  \"%s@%s\"  %s\n",
-			   accountname, domainname, fmtHba(username)) >= 0);
+			   accountname, domainname, fmtHba(superuser_name)) >= 0);
 	for (sl = extraroles; sl; sl = sl->next)
 		CW(fprintf(ident, "regress  \"%s@%s\"  %s\n",
 				   accountname, domainname, fmtHba(sl->str)) >= 0);
@@ -2227,7 +2237,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc
 	if (config_auth_datadir)
 	{
 #ifdef ENABLE_SSPI
-		config_sspi_auth(config_auth_datadir);
+		config_sspi_auth(config_auth_datadir, user);
 #endif
 		exit(0);
 	}
@@ -2354,7 +2364,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc
 		 * "initdb" command, this can't truncate.
 		 */
 		snprintf(buf, sizeof(buf), "%s/data", temp_instance);
-		config_sspi_auth(buf);
+		config_sspi_auth(buf, NULL);
 #elif !defined(HAVE_UNIX_SOCKETS)
 #error Platform has no means to secure the test installation.
 #endif
