Re: pgsql: Superuser can permit passwordless connections on postgres_fdw

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Andrew Dunstan <andrew@dunslane.net>, pgsql-hackers@lists.postgresql.org
Date: 2019-12-21T02:18:06Z
Lists: pgsql-hackers
On Fri, Dec 20, 2019 at 02:42:22PM -0500, Tom Lane wrote:
> Concretely, I think we ought to do (and back-patch) the attached.

Thanks for the fix, I have not been able to look at that.

> I notice in testing this that the "nosuper" business added by
> 6136e94dc is broken in more ways than what the buildfarm is
> complaining about: it leaves the role around at the end of the
> test.  That's a HUGE violation of project policy, for security
> reasons as well as the fact that it makes it impossible to run
> "make installcheck" twice without getting different results.

Roles left behind at the end of a test are annoying.  Here is an idea:
make pg_regress check if any roles prefixed by "regress_" are left
behind at the end of a test.  This will not work until test_pg_dump is
cleaned up, just a thought.
--
Michael

Commits

  1. Adjust test case added by commit 6136e94dc.

  2. libpq should expose GSS-related parameters even when not implemented.

  3. Superuser can permit passwordless connections on postgres_fdw