#!/bin/sh

# PostgreSQL SSL modes test script

# patch src/bin/psql/startup.c so SSL status prints even without tty
# build and install new PostgreSQL
# initdb
# ALTER USER jon PASSWORD 'testpass';
# install extra pg_hba.conf.? and postgresql.conf.? files in $PGDATA
# fix this next line:
prefix=/home/jon/pg/runpg
# ./testssl

echo -e "Testing PostgreSQL SSL modes\n"

data=$prefix/data

for conf in 1 2
do
	cp -p $data/postgresql.conf.$conf $data/postgresql.conf
	echo -e "\n\n\n\n**** postgresql.conf.$conf ****\n"

	for hba in 1 2 3 4 5 6 7 8 9 10
	do
		h=$hba
		pass=testpass
		if [ $hba = 8 -o $hba = 9 -o $hba = 10 ]; then
			h=$((hba-3))
			pass=badpass
		fi

		$prefix/bin/pg_ctl stop
		cp -p $data/pg_hba.conf.$h $data/pg_hba.conf
		$prefix/bin/pg_ctl start
		sleep 3

		echo -e "\n\n\n---- pg_hba.conf.$hba relevant lines ----"
		grep -i '^[ \t]*host' $data/pg_hba.conf
		echo -e "\npassword=$pass\n"

		for i in prevent allow prefer require
		do
			echo -e "\n---- $i ----"
			echo "select version();" | \
				PGPASSWORD=$pass PGSSLMODE=$i $prefix/bin/psql -h localhost template1
		done
	done
done
