Skip to content

Commit 8f154dc

Browse files
afiskonafiskon
committed
apply 0008-Add-regression-tests-for-passwords.patch
1 parent 54ff1d3 commit 8f154dc

File tree

4 files changed

+172
-1
lines changed

4 files changed

+172
-1
lines changed

src/test/regress/expected/password.out

Lines changed: 101 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,101 @@
1+
--
2+
-- Tests for password verifiers
3+
--
4+
-- Tests for GUC password_encryption
5+
SET password_encryption = 'novalue'; -- error
6+
ERROR: invalid value for parameter "password_encryption": "novalue"
7+
HINT: Available values: off, on, md5, scram, plain.
8+
SET password_encryption = true; -- ok
9+
SET password_encryption = 'md5'; -- ok
10+
SET password_encryption = 'plain'; -- ok
11+
SET password_encryption = 'scram'; -- ok
12+
-- consistency of password entries
13+
SET password_encryption = 'plain';
14+
CREATE ROLE regress_passwd1 PASSWORD 'role_pwd1';
15+
SET password_encryption = 'md5';
16+
CREATE ROLE regress_passwd2 PASSWORD 'role_pwd2';
17+
SET password_encryption = 'on';
18+
CREATE ROLE regress_passwd3 PASSWORD 'role_pwd3';
19+
SET password_encryption = 'scram';
20+
CREATE ROLE regress_passwd4 PASSWORD 'role_pwd4';
21+
SET password_encryption = 'plain';
22+
CREATE ROLE regress_passwd5 PASSWORD NULL;
23+
-- check list of created entries
24+
SELECT rolname, rolpassword
25+
FROM pg_authid
26+
WHERE rolname LIKE 'regress_passwd%'
27+
ORDER BY rolname, rolpassword;
28+
rolname | rolpassword
29+
-----------------+-------------
30+
regress_passwd1 |
31+
regress_passwd2 |
32+
regress_passwd3 |
33+
regress_passwd4 |
34+
regress_passwd5 |
35+
(5 rows)
36+
37+
-- Rename a role
38+
ALTER ROLE regress_passwd3 RENAME TO regress_passwd3_new;
39+
-- md5 entry should have been removed
40+
SELECT rolname, rolpassword
41+
FROM pg_authid
42+
WHERE rolname LIKE 'regress_passwd3_new'
43+
ORDER BY rolname, rolpassword;
44+
rolname | rolpassword
45+
---------------------+-------------
46+
regress_passwd3_new |
47+
(1 row)
48+
49+
ALTER ROLE regress_passwd3_new RENAME TO regress_passwd3;
50+
-- ENCRYPTED and UNENCRYPTED passwords
51+
ALTER ROLE regress_passwd1 UNENCRYPTED PASSWORD 'foo'; -- unencrypted
52+
ALTER ROLE regress_passwd2 UNENCRYPTED PASSWORD 'md5deaeed29b1cf796ea981d53e82cd5856'; -- encrypted with MD5
53+
ALTER ROLE regress_passwd3 ENCRYPTED PASSWORD 'foo'; -- encrypted with MD5
54+
ALTER ROLE regress_passwd4 ENCRYPTED PASSWORD 'md5deaeed29b1cf796ea981d53e82cd5856'; -- encrypted with MD5
55+
SELECT rolname, rolpassword
56+
FROM pg_authid
57+
WHERE rolname LIKE 'regress_passwd%'
58+
ORDER BY rolname, rolpassword;
59+
rolname | rolpassword
60+
-----------------+-------------------------------------
61+
regress_passwd1 | foo
62+
regress_passwd2 | md5deaeed29b1cf796ea981d53e82cd5856
63+
regress_passwd3 | md5530de4c298af94b3b9f7d20305d2a1bf
64+
regress_passwd4 | md5deaeed29b1cf796ea981d53e82cd5856
65+
regress_passwd5 |
66+
(5 rows)
67+
68+
-- PASSWORD val USING protocol
69+
ALTER ROLE regress_passwd1 PASSWORD 'foo' USING 'non_existent';
70+
ERROR: unsupported password protocol non_existent
71+
ALTER ROLE regress_passwd1 PASSWORD 'md5deaeed29b1cf796ea981d53e82cd5856' USING 'plain'; -- ok, as md5
72+
ALTER ROLE regress_passwd2 PASSWORD 'foo' USING 'plain'; -- ok, as plain
73+
ALTER ROLE regress_passwd3 PASSWORD 'md5deaeed29b1cf796ea981d53e82cd5856' USING 'scram'; -- ok, as md5
74+
ALTER ROLE regress_passwd4 PASSWORD 'kfSJjF3tdoxDNA==:4096:c52173111c7354ca17c66ba570e230ccec51c15c9f510b998d28297f723af5fa:a55cacd2a24bc2673c3d4266b8b90fa58231a674ae1b08e02236beba283fc2d5' USING 'plain'; -- ok, as scram
75+
SELECT rolname, rolpassword
76+
FROM pg_authid
77+
WHERE rolname LIKE 'regress_passwd%'
78+
ORDER BY rolname, rolpassword;
79+
rolname | rolpassword
80+
-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------
81+
regress_passwd1 | md5deaeed29b1cf796ea981d53e82cd5856
82+
regress_passwd2 | foo
83+
regress_passwd3 | md5deaeed29b1cf796ea981d53e82cd5856
84+
regress_passwd4 | kfSJjF3tdoxDNA==:4096:c52173111c7354ca17c66ba570e230ccec51c15c9f510b998d28297f723af5fa:a55cacd2a24bc2673c3d4266b8b90fa58231a674ae1b08e02236beba283fc2d5
85+
regress_passwd5 |
86+
(5 rows)
87+
88+
DROP ROLE regress_passwd1;
89+
DROP ROLE regress_passwd2;
90+
DROP ROLE regress_passwd3;
91+
DROP ROLE regress_passwd4;
92+
DROP ROLE regress_passwd5;
93+
-- all entries should have been removed
94+
SELECT rolname, rolpassword
95+
FROM pg_authid
96+
WHERE rolname LIKE 'regress_passwd%'
97+
ORDER BY rolname, rolpassword;
98+
rolname | rolpassword
99+
---------+-------------
100+
(0 rows)
101+

src/test/regress/parallel_schedule

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ test: select_into select_distinct select_distinct_on select_implicit select_havi
8484
# ----------
8585
# Another group of parallel tests
8686
# ----------
87-
test: brin gin gist spgist privileges init_privs security_label collate matview lock replica_identity rowsecurity object_address tablesample groupingsets drop_operator
87+
test: brin gin gist spgist privileges init_privs security_label collate matview lock replica_identity rowsecurity object_address tablesample groupingsets drop_operator password
8888

8989
# ----------
9090
# Another group of parallel tests

src/test/regress/serial_schedule

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,7 @@ test: matview
113113
test: lock
114114
test: replica_identity
115115
test: rowsecurity
116+
test: password
116117
test: object_address
117118
test: tablesample
118119
test: groupingsets

src/test/regress/sql/password.sql

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
--
2+
-- Tests for password verifiers
3+
--
4+
5+
-- Tests for GUC password_encryption
6+
SET password_encryption = 'novalue'; -- error
7+
SET password_encryption = true; -- ok
8+
SET password_encryption = 'md5'; -- ok
9+
SET password_encryption = 'plain'; -- ok
10+
SET password_encryption = 'scram'; -- ok
11+
12+
-- consistency of password entries
13+
SET password_encryption = 'plain';
14+
CREATE ROLE regress_passwd1 PASSWORD 'role_pwd1';
15+
SET password_encryption = 'md5';
16+
CREATE ROLE regress_passwd2 PASSWORD 'role_pwd2';
17+
SET password_encryption = 'on';
18+
CREATE ROLE regress_passwd3 PASSWORD 'role_pwd3';
19+
SET password_encryption = 'scram';
20+
CREATE ROLE regress_passwd4 PASSWORD 'role_pwd4';
21+
SET password_encryption = 'plain';
22+
CREATE ROLE regress_passwd5 PASSWORD NULL;
23+
-- check list of created entries
24+
SELECT rolname, rolpassword
25+
FROM pg_authid
26+
WHERE rolname LIKE 'regress_passwd%'
27+
ORDER BY rolname, rolpassword;
28+
29+
-- Rename a role
30+
ALTER ROLE regress_passwd3 RENAME TO regress_passwd3_new;
31+
-- md5 entry should have been removed
32+
SELECT rolname, rolpassword
33+
FROM pg_authid
34+
WHERE rolname LIKE 'regress_passwd3_new'
35+
ORDER BY rolname, rolpassword;
36+
ALTER ROLE regress_passwd3_new RENAME TO regress_passwd3;
37+
38+
-- ENCRYPTED and UNENCRYPTED passwords
39+
ALTER ROLE regress_passwd1 UNENCRYPTED PASSWORD 'foo'; -- unencrypted
40+
ALTER ROLE regress_passwd2 UNENCRYPTED PASSWORD 'md5deaeed29b1cf796ea981d53e82cd5856'; -- encrypted with MD5
41+
ALTER ROLE regress_passwd3 ENCRYPTED PASSWORD 'foo'; -- encrypted with MD5
42+
ALTER ROLE regress_passwd4 ENCRYPTED PASSWORD 'md5deaeed29b1cf796ea981d53e82cd5856'; -- encrypted with MD5
43+
SELECT rolname, rolpassword
44+
FROM pg_authid
45+
WHERE rolname LIKE 'regress_passwd%'
46+
ORDER BY rolname, rolpassword;
47+
48+
-- PASSWORD val USING protocol
49+
ALTER ROLE regress_passwd1 PASSWORD 'foo' USING 'non_existent';
50+
ALTER ROLE regress_passwd1 PASSWORD 'md5deaeed29b1cf796ea981d53e82cd5856' USING 'plain'; -- ok, as md5
51+
ALTER ROLE regress_passwd2 PASSWORD 'foo' USING 'plain'; -- ok, as plain
52+
ALTER ROLE regress_passwd3 PASSWORD 'md5deaeed29b1cf796ea981d53e82cd5856' USING 'scram'; -- ok, as md5
53+
ALTER ROLE regress_passwd4 PASSWORD 'kfSJjF3tdoxDNA==:4096:c52173111c7354ca17c66ba570e230ccec51c15c9f510b998d28297f723af5fa:a55cacd2a24bc2673c3d4266b8b90fa58231a674ae1b08e02236beba283fc2d5' USING 'plain'; -- ok, as scram
54+
SELECT rolname, rolpassword
55+
FROM pg_authid
56+
WHERE rolname LIKE 'regress_passwd%'
57+
ORDER BY rolname, rolpassword;
58+
59+
DROP ROLE regress_passwd1;
60+
DROP ROLE regress_passwd2;
61+
DROP ROLE regress_passwd3;
62+
DROP ROLE regress_passwd4;
63+
DROP ROLE regress_passwd5;
64+
65+
-- all entries should have been removed
66+
SELECT rolname, rolpassword
67+
FROM pg_authid
68+
WHERE rolname LIKE 'regress_passwd%'
69+
ORDER BY rolname, rolpassword;

0 commit comments

Comments
 (0)