Skip to content

Commit 4cc1c76

Browse files
hlinnakahlinnaka
committed
Document PG_TEST_EXTRA=libpq_encryption and also check 'kerberos'
In the libpq encryption negotiation tests, don't run the GSSAPI tests unless PG_TEST_EXTRA='kerberos' is also set. That makes it possible to still run most of the tests when GSSAPI support is compiled in, but there's no MIT Kerberos installation.
1 parent 65dfe9d commit 4cc1c76

File tree

2 files changed

+23
-5
lines changed

2 files changed

+23
-5
lines changed

doc/src/sgml/regress.sgml

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -259,7 +259,7 @@ make check-world -j8 >/dev/null
259259
variable <varname>PG_TEST_EXTRA</varname> to a whitespace-separated list,
260260
for example:
261261
<programlisting>
262-
make check-world PG_TEST_EXTRA='kerberos ldap ssl load_balance'
262+
make check-world PG_TEST_EXTRA='kerberos ldap ssl load_balance libpq_encryption'
263263
</programlisting>
264264
The following values are currently supported:
265265
<variablelist>
@@ -304,6 +304,18 @@ make check-world PG_TEST_EXTRA='kerberos ldap ssl load_balance'
304304
</listitem>
305305
</varlistentry>
306306

307+
<varlistentry>
308+
<term><literal>libpq_encryption</literal></term>
309+
<listitem>
310+
<para>
311+
Runs the test <filename>src/interfaces/libpq/t/005_negotiate_encryption.pl</filename>.
312+
This opens TCP/IP listen sockets. If <varname>PG_TEST_EXTRA</varname>
313+
also includes <literal>kerberos</literal>, additional tests that require
314+
an MIT Kerberos installation are enabled.
315+
</para>
316+
</listitem>
317+
</varlistentry>
318+
307319
<varlistentry>
308320
<term><literal>wal_consistency_checking</literal></term>
309321
<listitem>

src/interfaces/libpq/t/005_negotiate_encryption.pl

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -83,8 +83,11 @@
8383
'Potentially unsafe test libpq_encryption not enabled in PG_TEST_EXTRA';
8484
}
8585

86-
my $ssl_supported = $ENV{with_ssl} eq 'openssl';
86+
# Only run the GSSAPI tests when compiled with GSSAPI support and
87+
# PG_TEST_EXTRA includes 'kerberos'
8788
my $gss_supported = $ENV{with_gssapi} eq 'yes';
89+
my $kerberos_enabled = $ENV{PG_TEST_EXTRA} && $ENV{PG_TEST_EXTRA} =~ /\bkerberos\b/;
90+
my $ssl_supported = $ENV{with_ssl} eq 'openssl';
8891

8992
###
9093
### Prepare test server for GSSAPI and SSL authentication, with a few
@@ -118,7 +121,7 @@
118121

119122
my $krb;
120123

121-
if ($gss_supported != 0)
124+
if ($gss_supported != 0 && $kerberos_enabled != 0)
122125
{
123126
note "setting up Kerberos";
124127

@@ -197,7 +200,7 @@ BEGIN
197200

198201
print $hba qq{
199202
hostgssenc postgres gssuser $servercidr trust
200-
} if ($gss_supported != 0);
203+
} if ($gss_supported != 0 && $kerberos_enabled != 0);
201204
close $hba;
202205
$node->reload;
203206

@@ -331,6 +334,7 @@ BEGIN
331334
SKIP:
332335
{
333336
skip "GSSAPI/Kerberos not supported by this build" if $gss_supported == 0;
337+
skip "kerberos not enabled in PG_TEST_EXTRA" if $kerberos_enabled == 0;
334338

335339
$krb->create_principal('gssuser', $gssuser_password);
336340
$krb->create_ticket('gssuser', $gssuser_password);
@@ -413,7 +417,9 @@ BEGIN
413417
###
414418
SKIP:
415419
{
416-
skip "GSSAPI/Kerberos or SSL not supported by this build" unless ($ssl_supported && $gss_supported);
420+
skip "SSL not supported by this build" if $ssl_supported == 0;
421+
skip "GSSAPI/Kerberos not supported by this build" if $gss_supported == 0;
422+
skip "kerberos not enabled in PG_TEST_EXTRA" if $kerberos_enabled == 0;
417423

418424
# Sanity check that GSSAPI is still enabled from previous test.
419425
connect_test($node, 'user=testuser gssencmode=prefer sslmode=prefer', 'connect, gssaccept, authok -> gss');

0 commit comments

Comments
 (0)