Participants
Tom Lane
Tom Lane
Andrew Dunstan
Andrew Dunstan
Attachments

No attachments in this thread

Thread Outline
#1Tom LaneTom Lane
Jul 28, 2022
#2Andrew DunstanAndrew Dunstanto Tom Lane (#1)
Jul 28, 2022
#3Tom LaneTom Laneto Andrew Dunstan (#2)
Jul 28, 2022
#4Andrew DunstanAndrew Dunstanto Tom Lane (#3)
Jul 28, 2022

How come drongo didn't fail authentication here?

Started by Tom Laneover 3 years ago4 messages
#1Tom Lane
Tom Lane
tgl@sss.pgh.pa.us

In commits 7c34555f8/e1bd4990b, I added a new role used by a TAP
script but neglected the auth_extra incantation needed to allow
login as that role. This should have resulted in SSPI auth
failures on certain Windows configurations, and indeed it did
on drongo's next run in the v15 branch:

https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=drongo&dt=2022-07-27%2022%3A01%3A47

However, its immediately-following run on HEAD succeeded,
though I'd obviously not had time to put in the fix yet:

https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=drongo&dt=2022-07-27%2022%3A30%3A27

How can that be? Have we somehow broken SSPI authentication
in HEAD?

regards, tom lane

#2Andrew Dunstan
Andrew Dunstan
andrew@dunslane.net
In reply to: Tom Lane (#1)
Re: How come drongo didn't fail authentication here?

On 2022-07-28 Th 10:24, Tom Lane wrote:

In commits 7c34555f8/e1bd4990b, I added a new role used by a TAP
script but neglected the auth_extra incantation needed to allow
login as that role. This should have resulted in SSPI auth
failures on certain Windows configurations, and indeed it did
on drongo's next run in the v15 branch:

https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=drongo&dt=2022-07-27%2022%3A01%3A47

However, its immediately-following run on HEAD succeeded,
though I'd obviously not had time to put in the fix yet:

https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=drongo&dt=2022-07-27%2022%3A30%3A27

How can that be? Have we somehow broken SSPI authentication
in HEAD?

Nothing is broken. On HEAD drongo uses Unix sockets.

cheers

andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com

#3Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Andrew Dunstan (#2)
Re: How come drongo didn't fail authentication here?

Andrew Dunstan <andrew@dunslane.net> writes:

On 2022-07-28 Th 10:24, Tom Lane wrote:

How can that be? Have we somehow broken SSPI authentication
in HEAD?

Nothing is broken. On HEAD drongo uses Unix sockets.

I see. Seems like we've created a gotcha for ourselves:
a test script can look perfectly fine in Unix-based testing,
and even in Windows CI, and then fail when it hits the back
branches in the buildfarm. Is it worth doing something to
cause the lack of a valid auth_extra spec to fail on Unix?

regards, tom lane

#4Andrew Dunstan
Andrew Dunstan
andrew@dunslane.net
In reply to: Tom Lane (#3)
Re: How come drongo didn't fail authentication here?

On 2022-07-28 Th 10:55, Tom Lane wrote:

Andrew Dunstan <andrew@dunslane.net> writes:

On 2022-07-28 Th 10:24, Tom Lane wrote:

How can that be? Have we somehow broken SSPI authentication
in HEAD?

Nothing is broken. On HEAD drongo uses Unix sockets.

I see. Seems like we've created a gotcha for ourselves:
a test script can look perfectly fine in Unix-based testing,
and even in Windows CI, and then fail when it hits the back
branches in the buildfarm. Is it worth doing something to
cause the lack of a valid auth_extra spec to fail on Unix?

Maybe we should just have a windows testing instance that doesn't use
Unix sockets at all.

cheers

andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com

← Back to Topics