diff options
| author | Tom Lane | 2025-07-13 17:52:32 +0000 |
|---|---|---|
| committer | Tom Lane | 2025-07-13 17:52:32 +0000 |
| commit | 3c4e26a62c31ebe296e3aedb13ac51a7a35103bd (patch) | |
| tree | bba4ec55d490bb359f793183008f566853e30f3d /src/test/authentication | |
| parent | 092f3c63efc6a6ce235cfbed45bd05b739de8540 (diff) | |
If the system-name field of a pg_ident.conf line is a regex
containing capturing parentheses, you can write \1 in the
user-name field to represent the captured part of the system
name. But what happens if you write \1 more than once?
The only reasonable expectation IMO is that each \1 gets
replaced, but presently our code replaces only the first.
Fix that.
Also, improve the tests for this feature to exercise cases
where a non-empty string needs to be substituted for \1.
The previous testing didn't inspire much faith that it
was verifying correct operation of the substitution code.
Given the lack of field complaints about this, I don't
feel a need to back-patch.
Reported-by: David G. Johnston <david.g.johnston@gmail.com>
Author: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/CAKFQuwZu6kZ8ZPvJ3pWXig+6UX4nTVK-hdL_ZS3fSdps=RJQQQ@mail.gmail.com
Diffstat (limited to 'src/test/authentication')
| -rw-r--r-- | src/test/authentication/t/003_peer.pl | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/src/test/authentication/t/003_peer.pl b/src/test/authentication/t/003_peer.pl index f2320b62c87..c751fbdbaa5 100644 --- a/src/test/authentication/t/003_peer.pl +++ b/src/test/authentication/t/003_peer.pl @@ -171,7 +171,8 @@ test_role( # Test with regular expression in user name map. # Extract the last 3 characters from the system_user -# or the entire system_user (if its length is <= -3). +# or the entire system_user name (if its length is <= 3). +# We trust this will not include any regex metacharacters. my $regex_test_string = substr($system_user, -3); # Success as the system user regular expression matches. @@ -210,12 +211,17 @@ test_role( log_like => [qr/connection authenticated: identity="$system_user" method=peer/]); +# Create target role for \1 tests. +my $mapped_name = "test${regex_test_string}map${regex_test_string}user"; +$node->safe_psql('postgres', "CREATE ROLE $mapped_name LOGIN"); + # Success as the regular expression matches and \1 is replaced in the given # subexpression. -reset_pg_ident($node, 'mypeermap', qq{/^$system_user(.*)\$}, 'test\1mapuser'); +reset_pg_ident($node, 'mypeermap', qq{/^.*($regex_test_string)\$}, + 'test\1map\1user'); test_role( $node, - qq{testmapuser}, + $mapped_name, 'peer', 0, 'with regular expression in user name map with \1 replaced', @@ -224,11 +230,11 @@ test_role( # Success as the regular expression matches and \1 is replaced in the given # subexpression, even if quoted. -reset_pg_ident($node, 'mypeermap', qq{/^$system_user(.*)\$}, - '"test\1mapuser"'); +reset_pg_ident($node, 'mypeermap', qq{/^.*($regex_test_string)\$}, + '"test\1map\1user"'); test_role( $node, - qq{testmapuser}, + $mapped_name, 'peer', 0, 'with regular expression in user name map with quoted \1 replaced', |