diff options
Diffstat (limited to 'src/test/kerberos/t/001_auth.pl')
| -rw-r--r-- | src/test/kerberos/t/001_auth.pl | 76 |
1 files changed, 38 insertions, 38 deletions
diff --git a/src/test/kerberos/t/001_auth.pl b/src/test/kerberos/t/001_auth.pl index 5aff49a5131..bff26fda0c9 100644 --- a/src/test/kerberos/t/001_auth.pl +++ b/src/test/kerberos/t/001_auth.pl @@ -351,7 +351,7 @@ test_access( '', 'succeeds with mapping with default gssencmode and host hba, ticket not forwardable', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)" ); test_access( @@ -362,7 +362,7 @@ test_access( 'gssencmode=prefer', 'succeeds with GSS-encrypted access preferred with host hba, ticket not forwardable', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)" ); test_access( @@ -373,7 +373,7 @@ test_access( 'gssencmode=require', 'succeeds with GSS-encrypted access required with host hba, ticket not forwardable', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)" ); test_access( @@ -381,20 +381,20 @@ test_access( 'test1', 'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();', 0, - 'gssencmode=prefer gssdeleg=enable', + 'gssencmode=prefer gssdelegation=enable', 'succeeds with GSS-encrypted access preferred with host hba and credentials not delegated even though asked for (ticket not forwardable)', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)" ); test_access( $node, 'test1', 'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();', 0, - 'gssencmode=require gssdeleg=enable', + 'gssencmode=require gssdelegation=enable', 'succeeds with GSS-encrypted access required with host hba and credentials not delegated even though asked for (ticket not forwardable)', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)" ); @@ -480,20 +480,20 @@ test_access( 'test1', 'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();', 0, - 'gssencmode=prefer gssdeleg=enable', + 'gssencmode=prefer gssdelegation=enable', 'succeeds with GSS-encrypted access preferred and hostgssenc hba and credentials not forwarded (server does not accept them, default)', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)" ); test_access( $node, 'test1', 'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();', 0, - 'gssencmode=require gssdeleg=enable', + 'gssencmode=require gssdelegation=enable', 'succeeds with GSS-encrypted access required and hostgssenc hba and credentials not forwarded (server does not accept them, default)', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)" ); $node->append_conf('postgresql.conf', qq{gss_accept_delegation=off}); @@ -504,20 +504,20 @@ test_access( 'test1', 'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();', 0, - 'gssencmode=prefer gssdeleg=enable', + 'gssencmode=prefer gssdelegation=enable', 'succeeds with GSS-encrypted access preferred and hostgssenc hba and credentials not forwarded (server does not accept them, explicitly disabled)', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)" ); test_access( $node, 'test1', 'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();', 0, - 'gssencmode=require gssdeleg=enable', + 'gssencmode=require gssdelegation=enable', 'succeeds with GSS-encrypted access required and hostgssenc hba and credentials not forwarded (server does not accept them, explicitly disabled)', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)" ); $node->append_conf('postgresql.conf', qq{gss_accept_delegation=on}); @@ -528,20 +528,20 @@ test_access( 'test1', 'SELECT gss_authenticated AND encrypted AND credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();', 0, - 'gssencmode=prefer gssdeleg=enable', + 'gssencmode=prefer gssdelegation=enable', 'succeeds with GSS-encrypted access preferred and hostgssenc hba and credentials forwarded', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=yes, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=yes, principal=test1\@$realm)" ); test_access( $node, 'test1', 'SELECT gss_authenticated AND encrypted AND credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();', 0, - 'gssencmode=require gssdeleg=enable', + 'gssencmode=require gssdelegation=enable', 'succeeds with GSS-encrypted access required and hostgssenc hba and credentials forwarded', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=yes, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=yes, principal=test1\@$realm)" ); test_access( $node, @@ -551,17 +551,17 @@ test_access( 'gssencmode=prefer', 'succeeds with GSS-encrypted access preferred and hostgssenc hba and credentials not forwarded', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)" ); test_access( $node, 'test1', 'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();', 0, - 'gssencmode=require gssdeleg=disable', + 'gssencmode=require gssdelegation=disable', 'succeeds with GSS-encrypted access required and hostgssenc hba and credentials explicitly not forwarded', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)" ); my $psql_out = ''; @@ -572,7 +572,7 @@ $psql_rc = $node->psql( 'postgres', "SELECT * FROM dblink('user=test1 dbname=$dbname host=$host hostaddr=$hostaddr port=$port','select 1') as t1(c1 int);", connstr => - "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdeleg=disable", + "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdelegation=disable", stdout => \$psql_out, stderr => \$psql_stderr); is($psql_rc, '3', 'dblink attempt fails without delegated credentials'); @@ -589,7 +589,7 @@ $psql_rc = $node->psql( 'postgres', "SELECT * FROM dblink('user=test2 dbname=$dbname port=$port passfile=$pgpass','select 1') as t1(c1 int);", connstr => - "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdeleg=disable", + "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdelegation=disable", stdout => \$psql_out, stderr => \$psql_stderr); is($psql_rc, '3', @@ -608,7 +608,7 @@ $psql_rc = $node->psql( 'postgres', "TABLE tf1;", connstr => - "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdeleg=disable", + "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdelegation=disable", stdout => \$psql_out, stderr => \$psql_stderr); is($psql_rc, '3', 'postgres_fdw does not work without delegated credentials'); @@ -626,7 +626,7 @@ $psql_rc = $node->psql( 'postgres', "TABLE tf2;", connstr => - "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdeleg=disable", + "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdelegation=disable", stdout => \$psql_out, stderr => \$psql_stderr); is($psql_rc, '3', @@ -668,10 +668,10 @@ test_access( 'test1', 'SELECT gss_authenticated AND NOT encrypted AND credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();', 0, - 'gssencmode=prefer gssdeleg=enable', + 'gssencmode=prefer gssdelegation=enable', 'succeeds with GSS-encrypted access preferred and hostnogssenc hba, but no encryption', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=no, deleg_credentials=yes, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=no, delegated_credentials=yes, principal=test1\@$realm)" ); test_access($node, 'test1', 'SELECT true', 2, 'gssencmode=require', 'fails with GSS-encrypted access required and hostnogssenc hba'); @@ -680,10 +680,10 @@ test_access( 'test1', 'SELECT gss_authenticated AND NOT encrypted AND credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();', 0, - 'gssencmode=disable gssdeleg=enable', + 'gssencmode=disable gssdelegation=enable', 'succeeds with GSS encryption disabled and hostnogssenc hba', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=no, deleg_credentials=yes, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=no, delegated_credentials=yes, principal=test1\@$realm)" ); test_query( @@ -691,7 +691,7 @@ test_query( 'test1', "SELECT * FROM dblink('user=test1 dbname=$dbname host=$host hostaddr=$hostaddr port=$port','select 1') as t1(c1 int);", qr/^1$/s, - 'gssencmode=prefer gssdeleg=enable', + 'gssencmode=prefer gssdelegation=enable', 'dblink works not-encrypted (server not configured to accept encrypted GSSAPI connections)' ); @@ -700,7 +700,7 @@ test_query( 'test1', "TABLE tf1;", qr/^1$/s, - 'gssencmode=prefer gssdeleg=enable', + 'gssencmode=prefer gssdelegation=enable', 'postgres_fdw works not-encrypted (server not configured to accept encrypted GSSAPI connections)' ); @@ -711,7 +711,7 @@ $psql_rc = $node->psql( 'postgres', "SELECT * FROM dblink('user=test2 dbname=$dbname port=$port passfile=$pgpass','select 1') as t1(c1 int);", connstr => - "user=test1 host=$host hostaddr=$hostaddr gssencmode=prefer gssdeleg=enable", + "user=test1 host=$host hostaddr=$hostaddr gssencmode=prefer gssdelegation=enable", stdout => \$psql_out, stderr => \$psql_stderr); is($psql_rc, '3', @@ -730,7 +730,7 @@ $psql_rc = $node->psql( 'postgres', "TABLE tf2;", connstr => - "user=test1 host=$host hostaddr=$hostaddr gssencmode=prefer gssdeleg=enable", + "user=test1 host=$host hostaddr=$hostaddr gssencmode=prefer gssdelegation=enable", stdout => \$psql_out, stderr => \$psql_stderr); is($psql_rc, '3', @@ -760,10 +760,10 @@ test_access( 'test1', 'SELECT gss_authenticated AND encrypted AND credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();', 0, - 'gssdeleg=enable', + 'gssdelegation=enable', 'succeeds with include_realm=0 and defaults', "connection authenticated: identity=\"test1\@$realm\" method=gss", - "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=yes, principal=test1\@$realm)" + "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=yes, principal=test1\@$realm)" ); test_query( @@ -771,12 +771,12 @@ test_query( 'test1', "SELECT * FROM dblink('user=test1 dbname=$dbname host=$host hostaddr=$hostaddr port=$port password=1234','select 1') as t1(c1 int);", qr/^1$/s, - 'gssencmode=require gssdeleg=enable', + 'gssencmode=require gssdelegation=enable', 'dblink works encrypted'); test_query( $node, 'test1', "TABLE tf1;", qr/^1$/s, - 'gssencmode=require gssdeleg=enable', + 'gssencmode=require gssdelegation=enable', 'postgres_fdw works encrypted'); # Reset pg_hba.conf, and cause a usermap failure with an authentication |