From 75224ac20e90d2a9ba18ead1af62c74858d48c41 Mon Sep 17 00:00:00 2001 From: Noah Misch Date: Fri, 3 Aug 2018 20:53:25 -0700 Subject: [PATCH] Make "kerberos" test suite independent of "localhost" name resolution. This suite malfunctioned if the canonical name of "localhost" was something other than "localhost", such as "localhost.localdomain". Use hostaddr=127.0.0.1 and a fictitious host=, so the resolver's answers for "localhost" don't affect the outcome. Back-patch to v11, which introduced this test suite. Discussion: https://postgr.es/m/20180801050903.GA1392916@rfd.leadboat.com --- src/test/kerberos/t/001_auth.pl | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/src/test/kerberos/t/001_auth.pl b/src/test/kerberos/t/001_auth.pl index 54f564779d..1be89aef4f 100644 --- a/src/test/kerberos/t/001_auth.pl +++ b/src/test/kerberos/t/001_auth.pl @@ -48,6 +48,8 @@ if ($krb5_sbin_dir && -d $krb5_sbin_dir) $krb5kdc = $krb5_sbin_dir . '/' . $krb5kdc; } +my $host = 'auth-test-localhost.postgresql.example.com'; +my $hostaddr = '127.0.0.1'; my $realm = 'EXAMPLE.COM'; my $krb5_conf = "${TestLib::tmp_check}/krb5.conf"; @@ -80,7 +82,7 @@ default_realm = $realm [realms] $realm = { - kdc = localhost:$kdc_port + kdc = $hostaddr:$kdc_port }!); append_to_file( @@ -94,8 +96,8 @@ if ($krb5_version >= 1.15) { append_to_file( $kdc_conf, - qq!kdc_listen = localhost:$kdc_port -kdc_tcp_listen = localhost:$kdc_port + qq!kdc_listen = $hostaddr:$kdc_port +kdc_tcp_listen = $hostaddr:$kdc_port !); } else @@ -122,7 +124,7 @@ mkdir $kdc_datadir or die; $ENV{'KRB5_CONFIG'} = $krb5_conf; $ENV{'KRB5_KDC_PROFILE'} = $kdc_conf; -my $service_principal = "$ENV{with_krb_srvnam}/localhost"; +my $service_principal = "$ENV{with_krb_srvnam}/$host"; system_or_bail $kdb5_util, 'create', '-s', '-P', 'secret0'; @@ -143,7 +145,7 @@ note "setting up PostgreSQL instance"; my $node = get_new_node('node'); $node->init; -$node->append_conf('postgresql.conf', "listen_addresses = 'localhost'"); +$node->append_conf('postgresql.conf', "listen_addresses = '$hostaddr'"); $node->append_conf('postgresql.conf', "krb_server_keyfile = '$keytab'"); $node->start; @@ -160,7 +162,8 @@ sub test_access 'postgres', 'SELECT 1', extra_params => [ - '-d', $node->connstr('postgres') . ' host=localhost', + '-d', + $node->connstr('postgres') . " host=$host hostaddr=$hostaddr", '-U', $role ]); is($res, $expected_res, $test_name); @@ -168,7 +171,8 @@ sub test_access } unlink($node->data_dir . '/pg_hba.conf'); -$node->append_conf('pg_hba.conf', qq{host all all localhost gss map=mymap}); +$node->append_conf('pg_hba.conf', + qq{host all all $hostaddr/32 gss map=mymap}); $node->restart; test_access($node, 'test1', 2, 'fails without ticket'); @@ -185,7 +189,7 @@ test_access($node, 'test1', 0, 'succeeds with mapping'); truncate($node->data_dir . '/pg_ident.conf', 0); unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf('pg_hba.conf', - qq{host all all localhost gss include_realm=0}); + qq{host all all $hostaddr/32 gss include_realm=0}); $node->restart; test_access($node, 'test1', 0, 'succeeds with include_realm=0'); -- 2.40.0