Skip to content

Commit edf0ecb

Browse files
afiskonafiskon
committed
Apply 0008-Add-regression-tests-for-passwords.patch
1 parent a34c18a commit edf0ecb

File tree

4 files changed

+173
-1
lines changed

4 files changed

+173
-1
lines changed

src/test/regress/expected/password.out

Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,102 @@
1+
--
2+
-- Tests for password verifiers
3+
--
4+
-- Tests for GUC password_encryption
5+
SET password_encryption = 'novalue'; -- error
6+
ERROR: invalid value for parameter "password_encryption": "novalue"
7+
HINT: Available values: plain, md5, scram, off, on.
8+
SET password_encryption = true; -- ok
9+
SET password_encryption = 'md5'; -- ok
10+
SET password_encryption = 'plain'; -- ok
11+
SET password_encryption = 'scram'; -- ok
12+
-- consistency of password entries
13+
SET password_encryption = 'plain';
14+
CREATE ROLE regress_passwd1 PASSWORD 'role_pwd1';
15+
SET password_encryption = 'md5';
16+
CREATE ROLE regress_passwd2 PASSWORD 'role_pwd2';
17+
SET password_encryption = 'on';
18+
CREATE ROLE regress_passwd3 PASSWORD 'role_pwd3';
19+
SET password_encryption = 'scram';
20+
CREATE ROLE regress_passwd4 PASSWORD 'role_pwd4';
21+
SET password_encryption = 'plain';
22+
CREATE ROLE regress_passwd5 PASSWORD NULL;
23+
-- check list of created entries
24+
SELECT rolname, rolpassword
25+
FROM pg_authid
26+
WHERE rolname LIKE 'regress_passwd%'
27+
ORDER BY rolname, rolpassword;
28+
rolname | rolpassword
29+
-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------
30+
regress_passwd1 | role_pwd1
31+
regress_passwd2 | md54044304ba511dd062133eb5b4b84a2a3
32+
regress_passwd3 | md50e5699b6911d87f17a08b8d76a21e8b8
33+
regress_passwd4 | AAAAAAAAAAAAAA==:4096:c32d0b9681e3d827fe5b5287c0ba9c9e276fe69e611dcc93cddd41f122b82e5b:51c60a9394db319302dc2727e2b8cb6c463a507312dbbf53a09adbc01ec276d3
34+
regress_passwd5 |
35+
(5 rows)
36+
37+
-- Rename a role
38+
ALTER ROLE regress_passwd3 RENAME TO regress_passwd3_new;
39+
NOTICE: MD5 password cleared because of role rename
40+
-- md5 entry should have been removed
41+
SELECT rolname, rolpassword
42+
FROM pg_authid
43+
WHERE rolname LIKE 'regress_passwd3_new'
44+
ORDER BY rolname, rolpassword;
45+
rolname | rolpassword
46+
---------------------+-------------
47+
regress_passwd3_new |
48+
(1 row)
49+
50+
ALTER ROLE regress_passwd3_new RENAME TO regress_passwd3;
51+
-- ENCRYPTED and UNENCRYPTED passwords
52+
ALTER ROLE regress_passwd1 UNENCRYPTED PASSWORD 'foo'; -- unencrypted
53+
ALTER ROLE regress_passwd2 UNENCRYPTED PASSWORD 'md5deaeed29b1cf796ea981d53e82cd5856'; -- encrypted with MD5
54+
ALTER ROLE regress_passwd3 ENCRYPTED PASSWORD 'foo'; -- encrypted with MD5
55+
ALTER ROLE regress_passwd4 ENCRYPTED PASSWORD 'md5deaeed29b1cf796ea981d53e82cd5856'; -- encrypted with MD5
56+
SELECT rolname, rolpassword
57+
FROM pg_authid
58+
WHERE rolname LIKE 'regress_passwd%'
59+
ORDER BY rolname, rolpassword;
60+
rolname | rolpassword
61+
-----------------+-------------------------------------
62+
regress_passwd1 | foo
63+
regress_passwd2 | md5deaeed29b1cf796ea981d53e82cd5856
64+
regress_passwd3 | md5530de4c298af94b3b9f7d20305d2a1bf
65+
regress_passwd4 | md5deaeed29b1cf796ea981d53e82cd5856
66+
regress_passwd5 |
67+
(5 rows)
68+
69+
-- PASSWORD val USING protocol
70+
ALTER ROLE regress_passwd1 PASSWORD ('foo' USING 'non_existent');
71+
ERROR: unsupported password method non_existent
72+
ALTER ROLE regress_passwd1 PASSWORD ('md5deaeed29b1cf796ea981d53e82cd5856' USING 'plain'); -- ok, as md5
73+
ALTER ROLE regress_passwd2 PASSWORD ('foo' USING 'plain'); -- ok, as plain
74+
ALTER ROLE regress_passwd3 PASSWORD ('md5deaeed29b1cf796ea981d53e82cd5856' USING 'scram'); -- ok, as md5
75+
ALTER ROLE regress_passwd4 PASSWORD ('kfSJjF3tdoxDNA==:4096:c52173111c7354ca17c66ba570e230ccec51c15c9f510b998d28297f723af5fa:a55cacd2a24bc2673c3d4266b8b90fa58231a674ae1b08e02236beba283fc2d5' USING 'plain'); -- ok, as scram
76+
SELECT rolname, rolpassword
77+
FROM pg_authid
78+
WHERE rolname LIKE 'regress_passwd%'
79+
ORDER BY rolname, rolpassword;
80+
rolname | rolpassword
81+
-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------
82+
regress_passwd1 | md5deaeed29b1cf796ea981d53e82cd5856
83+
regress_passwd2 | foo
84+
regress_passwd3 | md5deaeed29b1cf796ea981d53e82cd5856
85+
regress_passwd4 | kfSJjF3tdoxDNA==:4096:c52173111c7354ca17c66ba570e230ccec51c15c9f510b998d28297f723af5fa:a55cacd2a24bc2673c3d4266b8b90fa58231a674ae1b08e02236beba283fc2d5
86+
regress_passwd5 |
87+
(5 rows)
88+
89+
DROP ROLE regress_passwd1;
90+
DROP ROLE regress_passwd2;
91+
DROP ROLE regress_passwd3;
92+
DROP ROLE regress_passwd4;
93+
DROP ROLE regress_passwd5;
94+
-- all entries should have been removed
95+
SELECT rolname, rolpassword
96+
FROM pg_authid
97+
WHERE rolname LIKE 'regress_passwd%'
98+
ORDER BY rolname, rolpassword;
99+
rolname | rolpassword
100+
---------+-------------
101+
(0 rows)
102+

src/test/regress/parallel_schedule

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ test: select_into select_distinct select_distinct_on select_implicit select_havi
8484
# ----------
8585
# Another group of parallel tests
8686
# ----------
87-
test: brin gin gist spgist privileges init_privs security_label collate matview lock replica_identity rowsecurity object_address tablesample groupingsets drop_operator atx
87+
test: brin gin gist spgist privileges init_privs security_label collate matview lock replica_identity rowsecurity object_address tablesample groupingsets drop_operator atx password
8888

8989
# ----------
9090
# Another group of parallel tests

src/test/regress/serial_schedule

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,7 @@ test: matview
113113
test: lock
114114
test: replica_identity
115115
test: rowsecurity
116+
test: password
116117
test: object_address
117118
test: tablesample
118119
test: groupingsets

src/test/regress/sql/password.sql

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
--
2+
-- Tests for password verifiers
3+
--
4+
5+
-- Tests for GUC password_encryption
6+
SET password_encryption = 'novalue'; -- error
7+
SET password_encryption = true; -- ok
8+
SET password_encryption = 'md5'; -- ok
9+
SET password_encryption = 'plain'; -- ok
10+
SET password_encryption = 'scram'; -- ok
11+
12+
-- consistency of password entries
13+
SET password_encryption = 'plain';
14+
CREATE ROLE regress_passwd1 PASSWORD 'role_pwd1';
15+
SET password_encryption = 'md5';
16+
CREATE ROLE regress_passwd2 PASSWORD 'role_pwd2';
17+
SET password_encryption = 'on';
18+
CREATE ROLE regress_passwd3 PASSWORD 'role_pwd3';
19+
SET password_encryption = 'scram';
20+
CREATE ROLE regress_passwd4 PASSWORD 'role_pwd4';
21+
SET password_encryption = 'plain';
22+
CREATE ROLE regress_passwd5 PASSWORD NULL;
23+
-- check list of created entries
24+
SELECT rolname, rolpassword
25+
FROM pg_authid
26+
WHERE rolname LIKE 'regress_passwd%'
27+
ORDER BY rolname, rolpassword;
28+
29+
-- Rename a role
30+
ALTER ROLE regress_passwd3 RENAME TO regress_passwd3_new;
31+
-- md5 entry should have been removed
32+
SELECT rolname, rolpassword
33+
FROM pg_authid
34+
WHERE rolname LIKE 'regress_passwd3_new'
35+
ORDER BY rolname, rolpassword;
36+
ALTER ROLE regress_passwd3_new RENAME TO regress_passwd3;
37+
38+
-- ENCRYPTED and UNENCRYPTED passwords
39+
ALTER ROLE regress_passwd1 UNENCRYPTED PASSWORD 'foo'; -- unencrypted
40+
ALTER ROLE regress_passwd2 UNENCRYPTED PASSWORD 'md5deaeed29b1cf796ea981d53e82cd5856'; -- encrypted with MD5
41+
ALTER ROLE regress_passwd3 ENCRYPTED PASSWORD 'foo'; -- encrypted with MD5
42+
ALTER ROLE regress_passwd4 ENCRYPTED PASSWORD 'md5deaeed29b1cf796ea981d53e82cd5856'; -- encrypted with MD5
43+
SELECT rolname, rolpassword
44+
FROM pg_authid
45+
WHERE rolname LIKE 'regress_passwd%'
46+
ORDER BY rolname, rolpassword;
47+
48+
-- PASSWORD val USING protocol
49+
ALTER ROLE regress_passwd1 PASSWORD ('foo' USING 'non_existent');
50+
ALTER ROLE regress_passwd1 PASSWORD ('md5deaeed29b1cf796ea981d53e82cd5856' USING 'plain'); -- ok, as md5
51+
ALTER ROLE regress_passwd2 PASSWORD ('foo' USING 'plain'); -- ok, as plain
52+
ALTER ROLE regress_passwd3 PASSWORD ('md5deaeed29b1cf796ea981d53e82cd5856' USING 'scram'); -- ok, as md5
53+
ALTER ROLE regress_passwd4 PASSWORD ('kfSJjF3tdoxDNA==:4096:c52173111c7354ca17c66ba570e230ccec51c15c9f510b998d28297f723af5fa:a55cacd2a24bc2673c3d4266b8b90fa58231a674ae1b08e02236beba283fc2d5' USING 'plain'); -- ok, as scram
54+
SELECT rolname, rolpassword
55+
FROM pg_authid
56+
WHERE rolname LIKE 'regress_passwd%'
57+
ORDER BY rolname, rolpassword;
58+
59+
DROP ROLE regress_passwd1;
60+
DROP ROLE regress_passwd2;
61+
DROP ROLE regress_passwd3;
62+
DROP ROLE regress_passwd4;
63+
DROP ROLE regress_passwd5;
64+
65+
-- all entries should have been removed
66+
SELECT rolname, rolpassword
67+
FROM pg_authid
68+
WHERE rolname LIKE 'regress_passwd%'
69+
ORDER BY rolname, rolpassword;

0 commit comments

Comments
 (0)