blob: 6a021d9ad03084f551ca8e7484b181b82337162f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
-- This is borderline unsafe in that an additional login-capable user exists
-- during the test run. Under installcheck, a too-permissive pg_hba.conf
-- might allow unwanted logins as regress_authenticated_user_ssa.
ALTER USER regress_authenticated_user_ssa superuser;
CREATE ROLE regress_session_user;
CREATE ROLE regress_current_user;
GRANT regress_current_user TO regress_authenticated_user_sr;
GRANT regress_session_user TO regress_authenticated_user_ssa;
ALTER ROLE regress_authenticated_user_ssa
SET session_authorization = regress_session_user;
ALTER ROLE regress_authenticated_user_sr SET ROLE = regress_current_user;
\c - regress_authenticated_user_sr
SELECT current_user, session_user;
current_user | session_user
----------------------+-------------------------------
regress_current_user | regress_authenticated_user_sr
(1 row)
-- The longstanding historical behavior is that session_authorization in
-- setconfig has no effect. Hence, session_user remains
-- regress_authenticated_user_ssa. See comment in InitializeSessionUserId().
\c - regress_authenticated_user_ssa
SELECT current_user, session_user;
current_user | session_user
--------------------------------+--------------------------------
regress_authenticated_user_ssa | regress_authenticated_user_ssa
(1 row)
RESET SESSION AUTHORIZATION;
DROP USER regress_session_user;
DROP USER regress_current_user;
|
