Skip to content

Commit ef7fa90

Browse files
hlinnakahlinnaka
committed
Add tests for errors during SSL or GSSAPI handshake
These test that libpq correctly falls back to a plaintext connection on handshake error, in the "prefer" modes. Reviewed-by: Michael Paquier Discussion: https://www.postgresql.org/message-id/CAOYmi%2Bnwvu21mJ4DYKUa98HdfM_KZJi7B1MhyXtnsyOO-PB6Ww%40mail.gmail.com
1 parent 20e0e7d commit ef7fa90

File tree

3 files changed

+26
-0
lines changed

3 files changed

+26
-0
lines changed

src/backend/libpq/be-secure-gssapi.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
#include "libpq/pqformat.h"
2222
#include "miscadmin.h"
2323
#include "pgstat.h"
24+
#include "utils/injection_point.h"
2425
#include "utils/memutils.h"
2526

2627

@@ -499,6 +500,8 @@ secure_open_gssapi(Port *port)
499500
minor;
500501
gss_cred_id_t delegated_creds;
501502

503+
INJECTION_POINT("backend-gssapi-startup");
504+
502505
/*
503506
* Allocate subsidiary Port data for GSSAPI operations.
504507
*/

src/backend/libpq/be-secure.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@
3030
#include "libpq/libpq.h"
3131
#include "miscadmin.h"
3232
#include "tcop/tcopprot.h"
33+
#include "utils/injection_point.h"
3334
#include "utils/wait_event.h"
3435

3536
char *ssl_library;
@@ -129,6 +130,8 @@ secure_open_server(Port *port)
129130
}
130131
Assert(pq_buffer_remaining_data() == 0);
131132

133+
INJECTION_POINT("backend-ssl-startup");
134+
132135
r = be_tls_open_server(port);
133136

134137
if (port->raw_buf_remaining > 0)

src/interfaces/libpq/t/005_negotiate_encryption.pl

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -339,6 +339,16 @@ BEGIN
339339
"user=testuser sslmode=prefer",
340340
'connect, v2error -> fail');
341341
$node->restart;
342+
343+
$node->safe_psql(
344+
'postgres',
345+
"SELECT injection_points_attach('backend-ssl-startup', 'error');",
346+
connstr => "user=localuser host=$unixdir");
347+
connect_test(
348+
$node,
349+
"user=testuser sslmode=prefer",
350+
'connect, sslaccept, backenderror, reconnect, authok -> plain');
351+
$node->restart;
342352
}
343353

344354
# Disable SSL again
@@ -444,6 +454,16 @@ BEGIN
444454
"user=testuser gssencmode=prefer sslmode=disable",
445455
'connect, v2error -> fail');
446456
$node->restart;
457+
458+
$node->safe_psql(
459+
'postgres',
460+
"SELECT injection_points_attach('backend-gssapi-startup', 'error');",
461+
connstr => "user=localuser host=$unixdir");
462+
connect_test(
463+
$node,
464+
"user=testuser gssencmode=prefer sslmode=disable",
465+
'connect, gssaccept, backenderror, reconnect, authok -> plain');
466+
$node->restart;
447467
}
448468
}
449469

0 commit comments

Comments
 (0)