mirror of
https://git.postgresql.org/git/postgresql.git
synced 2026-02-16 03:17:00 +08:00
f8d8581ed8
Prior to this patch, the require_auth implementation assumed that the AuthenticationSASL protocol message was using SCRAM-SHA-256. In preparation for future SASL mechanisms, like OAUTHBEARER, split the implementation into two tiers: the first checks the acceptable AUTH_REQ_* codes, and the second checks acceptable mechanisms if AUTH_REQ_SASL et.al are permitted. conn->allowed_sasl_mechs contains a list of pointers to acceptable mechanisms, and pg_SASL_init() will bail if the selected mechanism isn't contained in this array. Since there's only one mechansism supported right now, one branch of the second tier cannot be exercised yet and is protected by an Assert(false) call. This assertion will need to be removed when the next mechanism is added. This patch is extracted from a larger body of work aimed at adding support for OAUTHBEARER in libpq. Author: Jacob Champion <jacob.champion@enterprisedb.com> Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Reviewed-by: Peter Eisentraut <peter@eisentraut.org> Discussion: https://postgr.es/m/CAOYmi+kJqzo6XsR9TEhvVfeVNQ-TyFM5LATypm9yoQVYk=4Wrw@mail.gmail.com
src/test/authentication/README
Regression tests for authentication
===================================
This directory contains a test suite for authentication. SSL certificate
authentication tests are kept separate, in src/test/ssl/, because they
are more complicated, and are not safe to run in a multi-user system.
Running the tests
=================
NOTE: You must have given the --enable-tap-tests argument to configure.
Run
make check
or
make installcheck
You can use "make installcheck" if you previously did "make install".
In that case, the code in the installation tree is tested. With
"make check", a temporary installation tree is built from the current
sources and then tested.
Either way, this test initializes, starts, and stops a test Postgres
cluster.
See src/test/perl/README for more info about running these tests.