From b5851a88f66a7860a43262afabe9e0ae95094498 Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <peter@eisentraut.org>
Date: Sat, 3 Aug 2019 17:32:30 +0200
Subject: [PATCH] Add tests for plain-text password authentication

---
 test/test.ini     |  2 ++
 test/test.sh      | 37 ++++++++++++++++++++++++++++++++++++-
 test/userlist.txt |  3 +++
 3 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/test/test.ini b/test/test.ini
index b45634a..9ce357a 100644
--- a/test/test.ini
+++ b/test/test.ini
@@ -4,6 +4,8 @@
 p0 = port=6666 host=127.0.0.1 dbname=p0 user=bouncer pool_size=2
 p1 = port=6666 host=127.0.0.1 dbname=p1 user=bouncer
 p3 = port=6666 host=127.0.0.1 dbname=p0 user=bouncer pool_mode=session
+p4 = port=6666 host=127.0.0.1 dbname=p4 user=muser1 password=foo
+p4x= port=6666 host=127.0.0.1 dbname=p4 user=muser1 password=wrong
 p5 = port=6666 host=127.0.0.1 dbname=p5 user=muser1 password=foo
 p5x= port=6666 host=127.0.0.1 dbname=p5 user=muser1 password=wrong
 
diff --git a/test/test.sh b/test/test.sh
index 9847203..d39a4f7 100755
--- a/test/test.sh
+++ b/test/test.sh
@@ -85,6 +85,9 @@ if [ ! -d $PGDATA ]; then
 	log_connections = on
 	EOF
 	cat >pgdata/pg_hba.conf <<-EOF
+	local  p4   all                password
+	host   p4   all  127.0.0.1/32  password
+	host   p4   all  ::1/128       password
 	local  p5   all                md5
 	host   p5   all  127.0.0.1/32  md5
 	host   p5   all  ::1/128       md5
@@ -99,7 +102,7 @@ pgctl start
 echo "Creating databases"
 psql -X -p $PG_PORT -l | grep p0 > /dev/null || {
 	psql -X -o /dev/null -p $PG_PORT -c "create user bouncer" template1 || exit 1
-	for dbname in p0 p1 p3 p5; do
+	for dbname in p0 p1 p3 p4 p5; do
 		createdb -p $PG_PORT $dbname || exit 1
 	done
 }
@@ -584,6 +587,36 @@ test_auth_user() {
 	return 0
 }
 
+# test plain-text password authentication from PgBouncer to PostgreSQL server
+#
+# The PostgreSQL server no longer supports storing plain-text
+# passwords, so the server-side user actually uses md5 passwords in
+# this test case, but the communication is still in plain text.
+test_password_server() {
+	admin "set auth_type='trust'"
+
+	# good password
+	psql -X -c "select 1" p4 || return 1
+	# bad password
+	psql -X -c "select 2" p4x && return 1
+
+	return 0
+}
+
+# test plain-text password authentication from client to PgBouncer
+test_password_client() {
+	admin "set auth_type='plain'"
+
+	# good password
+	PGPASSWORD=foo psql -X -U puser1 -c "select 1" p1 || return 1
+	# bad password
+	PGPASSWORD=wrong psql -X -U puser2 -c "select 2" p1 && return 1
+
+	admin "set auth_type='trust'"
+
+	return 0
+}
+
 # test md5 authentication from PgBouncer to PostgreSQL server
 test_md5_server() {
 	admin "set auth_type='trust'"
@@ -632,6 +665,8 @@ test_database_change
 test_reconnect
 test_fast_close
 test_wait_close
+test_password_server
+test_password_client
 test_md5_server
 test_md5_client
 "
diff --git a/test/userlist.txt b/test/userlist.txt
index 7a735a6..dd722b3 100644
--- a/test/userlist.txt
+++ b/test/userlist.txt
@@ -6,5 +6,8 @@
 
 ;the following pairs of passwords are "foo" and "bar"
 
+"puser1" "foo"
+"puser2" "bar"
+
 "muser1" "md5ab8b744ff66bee42dc47bae34ca17959"
 "muser2" "md598455b3585818e23c2653a59f6d84551"
-- 
2.40.0