Thread: How come drongo didn't fail authentication here?

In commits 7c34555f8/e1bd4990b, I added a new role used by a TAP
script but neglected the auth_extra incantation needed to allow
login as that role.  This should have resulted in SSPI auth
failures on certain Windows configurations, and indeed it did
on drongo's next run in the v15 branch:

https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=drongo&dt=2022-07-27%2022%3A01%3A47

However, its immediately-following run on HEAD succeeded,
though I'd obviously not had time to put in the fix yet:

https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=drongo&dt=2022-07-27%2022%3A30%3A27

How can that be?  Have we somehow broken SSPI authentication
in HEAD?

            regards, tom lane

On 2022-07-28 Th 10:24, Tom Lane wrote:
> In commits 7c34555f8/e1bd4990b, I added a new role used by a TAP
> script but neglected the auth_extra incantation needed to allow
> login as that role.  This should have resulted in SSPI auth
> failures on certain Windows configurations, and indeed it did
> on drongo's next run in the v15 branch:
>
> https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=drongo&dt=2022-07-27%2022%3A01%3A47
>
> However, its immediately-following run on HEAD succeeded,
> though I'd obviously not had time to put in the fix yet:
>
> https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=drongo&dt=2022-07-27%2022%3A30%3A27
>
> How can that be?  Have we somehow broken SSPI authentication
> in HEAD?
>
>             


Nothing is broken. On HEAD drongo uses Unix sockets.


cheers


andrew


--
Andrew Dunstan
EDB: https://www.enterprisedb.com

Andrew Dunstan <andrew@dunslane.net> writes:
> On 2022-07-28 Th 10:24, Tom Lane wrote:
>> How can that be?  Have we somehow broken SSPI authentication
>> in HEAD?

> Nothing is broken. On HEAD drongo uses Unix sockets.

I see.  Seems like we've created a gotcha for ourselves:
a test script can look perfectly fine in Unix-based testing,
and even in Windows CI, and then fail when it hits the back
branches in the buildfarm.  Is it worth doing something to
cause the lack of a valid auth_extra spec to fail on Unix?

            regards, tom lane

On 2022-07-28 Th 10:55, Tom Lane wrote:
> Andrew Dunstan <andrew@dunslane.net> writes:
>> On 2022-07-28 Th 10:24, Tom Lane wrote:
>>> How can that be?  Have we somehow broken SSPI authentication
>>> in HEAD?
>> Nothing is broken. On HEAD drongo uses Unix sockets.
> I see.  Seems like we've created a gotcha for ourselves:
> a test script can look perfectly fine in Unix-based testing,
> and even in Windows CI, and then fail when it hits the back
> branches in the buildfarm.  Is it worth doing something to
> cause the lack of a valid auth_extra spec to fail on Unix?
>
>             


Maybe we should just have a windows testing instance that doesn't use
Unix sockets at all.


cheers


andrew


--
Andrew Dunstan
EDB: https://www.enterprisedb.com