Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Commit 4cc1c76

Browse filesBrowse files
committed
Document PG_TEST_EXTRA=libpq_encryption and also check 'kerberos'
In the libpq encryption negotiation tests, don't run the GSSAPI tests unless PG_TEST_EXTRA='kerberos' is also set. That makes it possible to still run most of the tests when GSSAPI support is compiled in, but there's no MIT Kerberos installation.
1 parent 65dfe9d commit 4cc1c76
Copy full SHA for 4cc1c76

File tree

Expand file treeCollapse file tree

2 files changed

+23
-5
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+23
-5
lines changed

‎doc/src/sgml/regress.sgml

Copy file name to clipboardExpand all lines: doc/src/sgml/regress.sgml
+13-1Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -259,7 +259,7 @@ make check-world -j8 >/dev/null
259259
variable <varname>PG_TEST_EXTRA</varname> to a whitespace-separated list,
260260
for example:
261261
<programlisting>
262-
make check-world PG_TEST_EXTRA='kerberos ldap ssl load_balance'
262+
make check-world PG_TEST_EXTRA='kerberos ldap ssl load_balance libpq_encryption'
263263
</programlisting>
264264
The following values are currently supported:
265265
<variablelist>
@@ -304,6 +304,18 @@ make check-world PG_TEST_EXTRA='kerberos ldap ssl load_balance'
304304
</listitem>
305305
</varlistentry>
306306

307+
<varlistentry>
308+
<term><literal>libpq_encryption</literal></term>
309+
<listitem>
310+
<para>
311+
Runs the test <filename>src/interfaces/libpq/t/005_negotiate_encryption.pl</filename>.
312+
This opens TCP/IP listen sockets. If <varname>PG_TEST_EXTRA</varname>
313+
also includes <literal>kerberos</literal>, additional tests that require
314+
an MIT Kerberos installation are enabled.
315+
</para>
316+
</listitem>
317+
</varlistentry>
318+
307319
<varlistentry>
308320
<term><literal>wal_consistency_checking</literal></term>
309321
<listitem>

‎src/interfaces/libpq/t/005_negotiate_encryption.pl

Copy file name to clipboardExpand all lines: src/interfaces/libpq/t/005_negotiate_encryption.pl
+10-4Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -83,8 +83,11 @@
8383
'Potentially unsafe test libpq_encryption not enabled in PG_TEST_EXTRA';
8484
}
8585

86-
my $ssl_supported = $ENV{with_ssl} eq 'openssl';
86+
# Only run the GSSAPI tests when compiled with GSSAPI support and
87+
# PG_TEST_EXTRA includes 'kerberos'
8788
my $gss_supported = $ENV{with_gssapi} eq 'yes';
89+
my $kerberos_enabled = $ENV{PG_TEST_EXTRA} && $ENV{PG_TEST_EXTRA} =~ /\bkerberos\b/;
90+
my $ssl_supported = $ENV{with_ssl} eq 'openssl';
8891

8992
###
9093
### Prepare test server for GSSAPI and SSL authentication, with a few
@@ -118,7 +121,7 @@
118121

119122
my $krb;
120123

121-
if ($gss_supported != 0)
124+
if ($gss_supported != 0 && $kerberos_enabled != 0)
122125
{
123126
note "setting up Kerberos";
124127

@@ -197,7 +200,7 @@ BEGIN
197200

198201
print $hba qq{
199202
hostgssenc postgres gssuser $servercidr trust
200-
} if ($gss_supported != 0);
203+
} if ($gss_supported != 0 && $kerberos_enabled != 0);
201204
close $hba;
202205
$node->reload;
203206

@@ -331,6 +334,7 @@ BEGIN
331334
SKIP:
332335
{
333336
skip "GSSAPI/Kerberos not supported by this build" if $gss_supported == 0;
337+
skip "kerberos not enabled in PG_TEST_EXTRA" if $kerberos_enabled == 0;
334338

335339
$krb->create_principal('gssuser', $gssuser_password);
336340
$krb->create_ticket('gssuser', $gssuser_password);
@@ -413,7 +417,9 @@ BEGIN
413417
###
414418
SKIP:
415419
{
416-
skip "GSSAPI/Kerberos or SSL not supported by this build" unless ($ssl_supported && $gss_supported);
420+
skip "SSL not supported by this build" if $ssl_supported == 0;
421+
skip "GSSAPI/Kerberos not supported by this build" if $gss_supported == 0;
422+
skip "kerberos not enabled in PG_TEST_EXTRA" if $kerberos_enabled == 0;
417423

418424
# Sanity check that GSSAPI is still enabled from previous test.
419425
connect_test($node, 'user=testuser gssencmode=prefer sslmode=prefer', 'connect, gssaccept, authok -> gss');

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.