Skip to content

Commit ef7fa90

Browse files
hlinnakahlinnaka
committed
Add tests for errors during SSL or GSSAPI handshake
These test that libpq correctly falls back to a plaintext connection on handshake error, in the "prefer" modes. Reviewed-by: Michael Paquier Discussion: https://www.postgresql.org/message-id/CAOYmi%2Bnwvu21mJ4DYKUa98HdfM_KZJi7B1MhyXtnsyOO-PB6Ww%40mail.gmail.com
1 parent 20e0e7d commit ef7fa90

File tree

3 files changed

+26
-0
lines changed

3 files changed

+26
-0
lines changed

src/backend/libpq/be-secure-gssapi.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
#include "libpq/pqformat.h"
2222
#include "miscadmin.h"
2323
#include "pgstat.h"
24+
#include "utils/injection_point.h"
2425
#include "utils/memutils.h"
2526

2627

@@ -499,6 +500,8 @@ secure_open_gssapi(Port *port)
499500
minor;
500501
gss_cred_id_t delegated_creds;
501502

503+
INJECTION_POINT("backend-gssapi-startup");
504+
502505
/*
503506
* Allocate subsidiary Port data for GSSAPI operations.
504507
*/

src/backend/libpq/be-secure.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@
3030
#include "libpq/libpq.h"
3131
#include "miscadmin.h"
3232
#include "tcop/tcopprot.h"
33+
#include "utils/injection_point.h"
3334
#include "utils/wait_event.h"
3435

3536
char *ssl_library;
@@ -129,6 +130,8 @@ secure_open_server(Port *port)
129130
}
130131
Assert(pq_buffer_remaining_data() == 0);
131132

133+
INJECTION_POINT("backend-ssl-startup");
134+
132135
r = be_tls_open_server(port);
133136

134137
if (port->raw_buf_remaining > 0)

src/interfaces/libpq/t/005_negotiate_encryption.pl

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -339,6 +339,16 @@ BEGIN
339339
"user=testuser sslmode=prefer",
340340
'connect, v2error -> fail');
341341
$node->restart;
342+
343+
$node->safe_psql(
344+
'postgres',
345+
"SELECT injection_points_attach('backend-ssl-startup', 'error');",
346+
connstr => "user=localuser host=$unixdir");
347+
connect_test(
348+
$node,
349+
"user=testuser sslmode=prefer",
350+
'connect, sslaccept, backenderror, reconnect, authok -> plain');
351+
$node->restart;
342352
}
343353

344354
# Disable SSL again
@@ -444,6 +454,16 @@ BEGIN
444454
"user=testuser gssencmode=prefer sslmode=disable",
445455
'connect, v2error -> fail');
446456
$node->restart;
457+
458+
$node->safe_psql(
459+
'postgres',
460+
"SELECT injection_points_attach('backend-gssapi-startup', 'error');",
461+
connstr => "user=localuser host=$unixdir");
462+
connect_test(
463+
$node,
464+
"user=testuser gssencmode=prefer sslmode=disable",
465+
'connect, gssaccept, backenderror, reconnect, authok -> plain');
466+
$node->restart;
447467
}
448468
}
449469

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy