Re: Log message for GSS connection is missing once connection authorization is successful.

From: Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com>
To: vignesh C <vignesh21(at)gmail(dot)com>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Log message for GSS connection is missing once connection authorization is successful.
Date: 2020-10-31 04:48:31
Message-ID: CALj2ACXJdMuY65=bTxHepA8aKx0wExNskMyQi5VjCK0x13d8NQ@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Fri, Oct 30, 2020 at 6:13 PM vignesh C <vignesh21(at)gmail(dot)com> wrote:
>
> I have added the log validation to the existing tests that are present
> for authentication.
>

I took a look at v3 patch. Here are some comments.

1. Why are the input strings(not the newly added GSS log message
string) to test_access() function are in some places double-quoted and
in some places single quoted?

'succeeds with mapping with default gssencmode and host hba',
'connection authorized: user=test1 database=postgres
application_name=001_auth.pl GSS \(authenticated=yes, encrypted=yes,
principal=test1\(at)EXAMPLE(dot)COM\)'
);
"succeeds with GSS-encrypted access required with host hba",
'connection authorized: user=test1 database=postgres
application_name=001_auth.pl GSS \(authenticated=yes, encrypted=yes,
principal=test1\(at)EXAMPLE(dot)COM\)'
);

And also for

test_access(
$node,
'test1', <<< single quotes

test_access(
$node,
"test1", <<< double quotes

Looks like we use double quoted strings in perl if we have any
variables inside the string to be replaced by the interpreter or else
single quoted strings are fine[1]. If this is true, can we make it
uniform across this file at least?

2. Instead of using hardcoded values for application_name and
principal, can we use variables? For application_name we can directly
use a single variable and use it. I think principal name is a formed
value, can we use that formed variable?

application_name=001_auth.pl GSS \(authenticated=yes, encrypted=yes,
principal=test1\(at)EXAMPLE(dot)COM\)'

3. Why are we using escape character before ( and @, IIUC, to not let
interpreter replace it with any value. If this is correct, it doesn't
make sense here as we are using single quoted strings. The perl
interpreter replaces the variables only when strings are used in
double quotes[1].

+ 'connection authorized: user=test1 database=postgres
application_name=001_auth.pl GSS \(authenticated=yes, encrypted=yes,
principal=test1\(at)EXAMPLE(dot)COM\)'
+);

I ran the keroberos tests on my dev machine. make check of 001_auth.pl
is passing.

[1] - https://www.geeksforgeeks.org/perl-quoted-interpolated-and-escaped-strings/

With Regards,
Bharath Rupireddy.
EnterpriseDB: http://www.enterprisedb.com

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Justin Pryzby 2020-10-31 06:31:17 CREATE INDEX CONCURRENTLY on partitioned index
Previous Message Bharath Rupireddy 2020-10-31 03:49:15 Re: Log message for GSS connection is missing once connection authorization is successful.