Document PG_TEST_EXTRA=libpq_encryption and also check 'kerberos'

author Heikki Linnakangas

Fri, 12 Apr 2024 16:52:39 +0000 (19:52 +0300)

committer Heikki Linnakangas

Fri, 12 Apr 2024 16:52:39 +0000 (19:52 +0300)
author Heikki Linnakangas
Fri, 12 Apr 2024 16:52:39 +0000 (19:52 +0300)
committer Heikki Linnakangas
Fri, 12 Apr 2024 16:52:39 +0000 (19:52 +0300)
diff --git a/doc/src/sgml/regress.sgml b/doc/src/sgml/regress.sgml

index 6a27aae31951278964b16a849cb8666a676546cc..d7e78204adc92d688941300db170545dff636454 100644 (file)
--- a/doc/src/sgml/regress.sgml
+++ b/doc/src/sgml/regress.sgml
@@ -259,7 +259,7 @@ make check-world -j8 >/dev/null
     variable PG_TEST_EXTRA to a whitespace-separated list,
     for example:
  
-make check-world PG_TEST_EXTRA='kerberos ldap ssl load_balance'
+make check-world PG_TEST_EXTRA='kerberos ldap ssl load_balance libpq_encryption'
  
     The following values are currently supported:
     
@@ -304,6 +304,18 @@ make check-world PG_TEST_EXTRA='kerberos ldap ssl load_balance'
       
      
  
+    
+     libpq_encryption
+     
+      
+       Runs the test src/interfaces/libpq/t/005_negotiate_encryption.pl.
+       This opens TCP/IP listen sockets. If PG_TEST_EXTRA
+       also includes kerberos, additional tests that require
+       an MIT Kerberos installation are enabled.
+      
+     
+    
+
      
       wal_consistency_checking
       
diff --git a/src/interfaces/libpq/t/005_negotiate_encryption.pl b/src/interfaces/libpq/t/005_negotiate_encryption.pl

index b369289ef1d01489a7addc87a07bb1ef059410fe..1c37f832e761579c5118815536e3720ffb6753aa 100644 (file)
--- a/src/interfaces/libpq/t/005_negotiate_encryption.pl
+++ b/src/interfaces/libpq/t/005_negotiate_encryption.pl
@@ -83,8 +83,11 @@ if (!$ENV{PG_TEST_EXTRA} || $ENV{PG_TEST_EXTRA} !~ /\blibpq_encryption\b/)
       'Potentially unsafe test libpq_encryption not enabled in PG_TEST_EXTRA';
  }
  
-my $ssl_supported = $ENV{with_ssl} eq 'openssl';
+# Only run the GSSAPI tests when compiled with GSSAPI support and
+# PG_TEST_EXTRA includes 'kerberos'
  my $gss_supported = $ENV{with_gssapi} eq 'yes';
+my $kerberos_enabled = $ENV{PG_TEST_EXTRA} && $ENV{PG_TEST_EXTRA} =~ /\bkerberos\b/;
+my $ssl_supported = $ENV{with_ssl} eq 'openssl';
  
  ###
  ### Prepare test server for GSSAPI and SSL authentication, with a few
@@ -118,7 +121,7 @@ my $gssuser_password = 'secret1';
  
  my $krb;
  
-if ($gss_supported != 0)
+if ($gss_supported != 0 && $kerberos_enabled != 0)
  {
     note "setting up Kerberos";
  
@@ -197,7 +200,7 @@ hostssl       postgres        ssluser         $servercidr             trust
  
  print $hba qq{
  hostgssenc    postgres        gssuser         $servercidr             trust
-} if ($gss_supported != 0);
+} if ($gss_supported != 0 && $kerberos_enabled != 0);
  close $hba;
  $node->reload;
  
@@ -331,6 +334,7 @@ nossluser   .            disable      *              connect, authok
  SKIP:
  {
     skip "GSSAPI/Kerberos not supported by this build" if $gss_supported == 0;
+   skip "kerberos not enabled in PG_TEST_EXTRA" if $kerberos_enabled == 0;
  
     $krb->create_principal('gssuser', $gssuser_password);
     $krb->create_ticket('gssuser', $gssuser_password);
@@ -413,7 +417,9 @@ nogssuser   disable      disable      *              connect, authok
  ###
  SKIP:
  {
-   skip "GSSAPI/Kerberos or SSL not supported by this build" unless ($ssl_supported && $gss_supported);
+   skip "SSL not supported by this build" if $ssl_supported == 0;
+   skip "GSSAPI/Kerberos not supported by this build" if $gss_supported == 0;
+   skip "kerberos not enabled in PG_TEST_EXTRA" if $kerberos_enabled == 0;
  
     # Sanity check that GSSAPI is still enabled from previous test.
     connect_test($node, 'user=testuser gssencmode=prefer sslmode=prefer', 'connect, gssaccept, authok -> gss');
author	Heikki Linnakangas
	Fri, 12 Apr 2024 16:52:39 +0000 (19:52 +0300)
committer	Heikki Linnakangas
	Fri, 12 Apr 2024 16:52:39 +0000 (19:52 +0300)
doc/src/sgml/regress.sgml		patch \| blob \| blame \| history
src/interfaces/libpq/t/005_negotiate_encryption.pl		patch \| blob \| blame \| history