sharpetronics/PostgreSQL
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-31 00:01:57 -04:00
Code Issues Projects Releases Wiki Activity

Add a test using ldapbindpasswd in pg_hba.conf

Browse Source 
This feature has not been covered in tests up to now.

John Naylor and Andrew Dunstan

Discussion: https://postgr.es/m/06005bfb-0fd7-9d08-e0e5-440f277b73b4@dunslane.net
This commit is contained in:
Andrew Dunstan 2023-01-23 08:40:18 -05:00
parent ee4613d2b7
commit a9dc7f9419
2 changed files with 96 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/test/ldap/meson.build
View File

@ -7,6 +7,7 @@ tests += {
'tap': {
'tests': [
't/001_auth.pl',
't/002_bindpasswd.pl',
],
'env': {
'with_ldap': ldap.found() ? 'yes' : 'no',

95
src/test/ldap/t/002_bindpasswd.pl Normal file
View File

@ -0,0 +1,95 @@
# Copyright (c) 2023, PostgreSQL Global Development Group
use strict;
use warnings;
use FindBin;
use lib "$FindBin::RealBin/..";
use File::Copy;
use File::Basename;
use LdapServer;
use PostgreSQL::Test::Utils;
use PostgreSQL::Test::Cluster;
use Test::More;
if ($ENV{with_ldap} ne 'yes')
{
plan skip_all => 'LDAP not supported by this build';
}
elsif ($ENV{PG_TEST_EXTRA} !~ /\bldap\b/)
{
plan skip_all =>
'Potentially unsafe test LDAP not enabled in PG_TEST_EXTRA';
}
elsif (!$LdapServer::setup)
{
plan skip_all =>
"ldap tests not supported on $^O or dependencies not installed";
}
note "setting up LDAP server";
my $ldap_rootpw = 'secret';
my $ldap = LdapServer->new($ldap_rootpw, 'users'); # no anonymous auth
$ldap->ldapadd_file('authdata.ldif');
$ldap->ldapsetpw('uid=test1,dc=example,dc=net', 'secret1');
$ldap->ldapsetpw('uid=test2,dc=example,dc=net', 'secret2');
my ($ldap_server, $ldap_port, $ldap_basedn, $ldap_rootdn) =
$ldap->prop(qw(server port basedn rootdn));
note "setting up PostgreSQL instance";
my $node = PostgreSQL::Test::Cluster->new('node');
$node->init;
$node->append_conf('postgresql.conf', "log_connections = on\n");
$node->start;
$node->safe_psql('postgres', 'CREATE USER test0;');
$node->safe_psql('postgres', 'CREATE USER test1;');
$node->safe_psql('postgres', 'CREATE USER "test2@example.net";');
note "running tests";
sub test_access
{
local $Test::Builder::Level = $Test::Builder::Level + 1;
my ($node, $role, $expected_res, $test_name, %params) = @_;
my $connstr = "user=$role";
if ($expected_res eq 0)
{
$node->connect_ok($connstr, $test_name, %params);
}
else
{
# No checks of the error message, only the status code.
$node->connect_fails($connstr, $test_name, %params);
}
}
note "use ldapbindpasswd";
unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf',
qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapbasedn="$ldap_basedn" ldapbinddn="$ldap_rootdn ldapbindpasswd=wrong}
);
$node->restart;
$ENV{"PGPASSWORD"} = 'secret1';
test_access($node, 'test1', 2,
'search+bind authentication fails with wrong ldapbindpasswd');
unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf',
qq{local all all ldap ldapserver=$ldap_server ldapport=$ldap_port ldapbasedn="$ldap_basedn" ldapbinddn="$ldap_rootdn" ldapbindpasswd="$ldap_rootpw"}
);
$node->restart;
test_access($node, 'test1', 0,
'search+bind authentication succeeds with ldapbindpasswd');
done_testing();