Blind attempt to fix SSPI-auth case in 010_dump_connstr.pl.

Up to now, pg_regress --config-auth had a hard-wired assumption
that the target cluster uses the default bootstrap superuser name.
pg_dump's 010_dump_connstr.pl TAP test uses non-default superuser
names, and was klugily getting around the restriction by listing
the desired superuser name as a role to "create".  This is pretty
confusing (or at least, it confused me).  Let's make it clearer by
allowing --config-auth mode to be told the bootstrap superuser name.
Repurpose the existing --user switch for that, since it has no
other function in --config-auth mode.

Per buildfarm.  I don't have an environment at hand in which I can
test this fix, but the buildfarm should soon show if it works.

Discussion: https://postgr.es/m/3142.1561840611@sss.pgh.pa.us

diff --git a/src/bin/pg_dump/t/010_dump_connstr.pl b/src/bin/pg_dump/t/010_dump_connstr.pl
index d221682790e3126e378ca5ad0b6ce957e2cef548..048ecf24eb46e3c0999b332273f7e6010cee1c6b 100644 (file)
--- a/src/bin/pg_dump/t/010_dump_connstr.pl
+++ b/src/bin/pg_dump/t/010_dump_connstr.pl
@@ -55,8 +55,9 @@ $node->init(extra =>
 # prep pg_hba.conf and pg_ident.conf
 $node->run_log(
        [
-               $ENV{PG_REGRESS}, '--config-auth',
-               $node->data_dir,  '--create-role',
+               $ENV{PG_REGRESS},     '--config-auth',
+               $node->data_dir,      '--user',
+               $src_bootstrap_super, '--create-role',
                "$username1,$username2,$username3,$username4"
        ]);
 $node->start;
@@ -181,8 +182,9 @@ $envar_node->init(extra =>
 $envar_node->run_log(
        [
                $ENV{PG_REGRESS},      '--config-auth',
-               $envar_node->data_dir, '--create-role',
-               "$dst_bootstrap_super,$restore_super"
+               $envar_node->data_dir, '--user',
+               $dst_bootstrap_super,  '--create-role',
+               $restore_super
        ]);
 $envar_node->start;
 
@@ -213,8 +215,9 @@ $cmdline_node->init(extra =>
 $cmdline_node->run_log(
        [
                $ENV{PG_REGRESS},        '--config-auth',
-               $cmdline_node->data_dir, '--create-role',
-               "$dst_bootstrap_super,$restore_super"
+               $cmdline_node->data_dir, '--user',
+               $dst_bootstrap_super,    '--create-role',
+               $restore_super
        ]);
 $cmdline_node->start;
 $cmdline_node->run_log(

diff --git a/src/test/regress/pg_regress.c b/src/test/regress/pg_regress.c
index 7beee00dbd1e037b596f2ff511cf0cdfd83be253..117a9544eaf1e27869bbfb01cf57f22070615a9b 100644 (file)
--- a/src/test/regress/pg_regress.c
+++ b/src/test/regress/pg_regress.c
@@ -965,13 +965,15 @@ current_windows_user(const char **acct, const char **dom)
  * Rewrite pg_hba.conf and pg_ident.conf to use SSPI authentication.  Permit
  * the current OS user to authenticate as the bootstrap superuser and as any
  * user named in a --create-role option.
+ *
+ * In --config-auth mode, the --user switch can be used to specify the
+ * bootstrap superuser's name, otherwise we assume it is the default.
  */
 static void
-config_sspi_auth(const char *pgdata)
+config_sspi_auth(const char *pgdata, const char *superuser_name)
 {
        const char *accountname,
                           *domainname;
-       const char *username;
        char       *errstr;
        bool            have_ipv6;
        char            fname[MAXPGPATH];
@@ -980,17 +982,25 @@ config_sspi_auth(const char *pgdata)
                           *ident;
        _stringlist *sl;
 
-       /*
-        * "username", the initdb-chosen bootstrap superuser name, may always
-        * match "accountname", the value SSPI authentication discovers.  The
-        * underlying system functions do not clearly guarantee that.
-        */
+       /* Find out the name of the current OS user */
        current_windows_user(&accountname, &domainname);
-       username = get_user_name(&errstr);
-       if (username == NULL)
+
+       /* Determine the bootstrap superuser's name */
+       if (superuser_name == NULL)
        {
-               fprintf(stderr, "%s: %s\n", progname, errstr);
-               exit(2);
+               /*
+                * Compute the default superuser name the same way initdb does.
+                *
+                * It's possible that this result always matches "accountname", the
+                * value SSPI authentication discovers.  But the underlying system
+                * functions do not clearly guarantee that.
+                */
+               superuser_name = get_user_name(&errstr);
+               if (superuser_name == NULL)
+               {
+                       fprintf(stderr, "%s: %s\n", progname, errstr);
+                       exit(2);
+               }
        }
 
        /*
@@ -1067,7 +1077,7 @@ config_sspi_auth(const char *pgdata)
         * bother escaping embedded double-quote characters.
         */
        CW(fprintf(ident, "regress  \"%s@%s\"  %s\n",
-                          accountname, domainname, fmtHba(username)) >= 0);
+                          accountname, domainname, fmtHba(superuser_name)) >= 0);
        for (sl = extraroles; sl; sl = sl->next)
                CW(fprintf(ident, "regress  \"%s@%s\"  %s\n",
                                   accountname, domainname, fmtHba(sl->str)) >= 0);
@@ -2227,7 +2237,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc
        if (config_auth_datadir)
        {
 #ifdef ENABLE_SSPI
-               config_sspi_auth(config_auth_datadir);
+               config_sspi_auth(config_auth_datadir, user);
 #endif
                exit(0);
        }
@@ -2354,7 +2364,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc
                 * "initdb" command, this can't truncate.
                 */
                snprintf(buf, sizeof(buf), "%s/data", temp_instance);
-               config_sspi_auth(buf);
+               config_sspi_auth(buf, NULL);
 #elif !defined(HAVE_UNIX_SOCKETS)
 #error Platform has no means to secure the test installation.
 #endif