# prep pg_hba.conf and pg_ident.conf
$node->run_log(
[
- $ENV{PG_REGRESS}, '--config-auth',
- $node->data_dir, '--create-role',
+ $ENV{PG_REGRESS}, '--config-auth',
+ $node->data_dir, '--user',
+ $src_bootstrap_super, '--create-role',
"$username1,$username2,$username3,$username4"
]);
$node->start;
$envar_node->run_log(
[
$ENV{PG_REGRESS}, '--config-auth',
- $envar_node->data_dir, '--create-role',
- "$dst_bootstrap_super,$restore_super"
+ $envar_node->data_dir, '--user',
+ $dst_bootstrap_super, '--create-role',
+ $restore_super
]);
$envar_node->start;
$cmdline_node->run_log(
[
$ENV{PG_REGRESS}, '--config-auth',
- $cmdline_node->data_dir, '--create-role',
- "$dst_bootstrap_super,$restore_super"
+ $cmdline_node->data_dir, '--user',
+ $dst_bootstrap_super, '--create-role',
+ $restore_super
]);
$cmdline_node->start;
$cmdline_node->run_log(
* Rewrite pg_hba.conf and pg_ident.conf to use SSPI authentication. Permit
* the current OS user to authenticate as the bootstrap superuser and as any
* user named in a --create-role option.
+ *
+ * In --config-auth mode, the --user switch can be used to specify the
+ * bootstrap superuser's name, otherwise we assume it is the default.
*/
static void
-config_sspi_auth(const char *pgdata)
+config_sspi_auth(const char *pgdata, const char *superuser_name)
{
const char *accountname,
*domainname;
- const char *username;
char *errstr;
bool have_ipv6;
char fname[MAXPGPATH];
*ident;
_stringlist *sl;
- /*
- * "username", the initdb-chosen bootstrap superuser name, may always
- * match "accountname", the value SSPI authentication discovers. The
- * underlying system functions do not clearly guarantee that.
- */
+ /* Find out the name of the current OS user */
current_windows_user(&accountname, &domainname);
- username = get_user_name(&errstr);
- if (username == NULL)
+
+ /* Determine the bootstrap superuser's name */
+ if (superuser_name == NULL)
{
- fprintf(stderr, "%s: %s\n", progname, errstr);
- exit(2);
+ /*
+ * Compute the default superuser name the same way initdb does.
+ *
+ * It's possible that this result always matches "accountname", the
+ * value SSPI authentication discovers. But the underlying system
+ * functions do not clearly guarantee that.
+ */
+ superuser_name = get_user_name(&errstr);
+ if (superuser_name == NULL)
+ {
+ fprintf(stderr, "%s: %s\n", progname, errstr);
+ exit(2);
+ }
}
/*
* bother escaping embedded double-quote characters.
*/
CW(fprintf(ident, "regress \"%s@%s\" %s\n",
- accountname, domainname, fmtHba(username)) >= 0);
+ accountname, domainname, fmtHba(superuser_name)) >= 0);
for (sl = extraroles; sl; sl = sl->next)
CW(fprintf(ident, "regress \"%s@%s\" %s\n",
accountname, domainname, fmtHba(sl->str)) >= 0);
if (config_auth_datadir)
{
#ifdef ENABLE_SSPI
- config_sspi_auth(config_auth_datadir);
+ config_sspi_auth(config_auth_datadir, user);
#endif
exit(0);
}
* "initdb" command, this can't truncate.
*/
snprintf(buf, sizeof(buf), "%s/data", temp_instance);
- config_sspi_auth(buf);
+ config_sspi_auth(buf, NULL);
#elif !defined(HAVE_UNIX_SOCKETS)
#error Platform has no means to secure the test installation.
#endif
projects / users / gsingh / postgres.git / commitdiff