# Set of tests for authentication and pg_hba.conf. The following password # methods are checked through this test: # - Plain # - MD5-encrypted # This test cannot run on Windows as Postgres cannot be set up with Unix # sockets and needs to go through SSPI. use strict; use warnings; use PostgresNode; use TestLib; use Test::More tests => 6; # Delete pg_hba.conf from the given node, add a new entry to it # and then execute a reload to refresh it. sub reset_pg_hba { my $node = shift; my $hba_method = shift; unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf('pg_hba.conf', "local all all $hba_method"); $node->reload; } # Test access for a single role, useful to wrap all tests into one. sub test_role { my $node = shift; my $role = shift; my $method = shift; my $expected_res = shift; my $status_string = 'failed'; $status_string = 'success' if ($expected_res eq 0); my $res = $node->psql('postgres', 'SELECT 1', extra_params => ['-U', $role]); is($res, $expected_res, "authentication $status_string for method $method, role $role"); } SKIP: { skip "authentication tests cannot run on Windows", 12 if ($windows_os); # Initialize master node my $node = get_new_node('master'); $node->init; $node->start; # Create 3 roles with different password methods for each one. The same # password is used for all of them. $node->safe_psql('postgres', "CREATE ROLE md5_role LOGIN ENCRYPTED PASSWORD 'pass';"); $node->safe_psql('postgres', "CREATE ROLE plain_role LOGIN UNENCRYPTED PASSWORD 'pass';"); $ENV{"PGPASSWORD"} = 'pass'; # For "trust" method, all users should be able to connect. reset_pg_hba($node, 'trust'); test_role($node, 'md5_role', 'trust', 0); test_role($node, 'plain_role', 'trust', 0); # For "plain" method, users "plain_role" and "md5_role" should be able to # connect. reset_pg_hba($node, 'password'); test_role($node, 'md5_role', 'password', 0); test_role($node, 'plain_role', 'password', 0); # For "md5" method, users "plain_role" and "md5_role" should be able to # connect. reset_pg_hba($node, 'md5'); test_role($node, 'md5_role', 'md5', 0); test_role($node, 'plain_role', 'md5', 0); }