@@ -22,15 +22,15 @@ GRANT su TO joe;
2222GRANT postgres TO su;
2323-- test reset_user with no initial set
2424SELECT reset_user();
25- reset_user
25+ reset_user
2626------------
2727 OK
2828(1 row)
2929
3030-- test set_user
3131SET SESSION AUTHORIZATION dba;
3232SELECT SESSION_USER, CURRENT_USER;
33- session_user | current_user
33+ session_user | current_user
3434--------------+--------------
3535 dba | dba
3636(1 row)
@@ -39,27 +39,27 @@ SELECT set_user('postgres');
3939ERROR: switching to superuser not allowed
4040HINT: Use 'set_user_u' to escalate.
4141SELECT SESSION_USER, CURRENT_USER;
42- session_user | current_user
42+ session_user | current_user
4343--------------+--------------
4444 dba | dba
4545(1 row)
4646
4747-- test set_user_u
4848SET SESSION AUTHORIZATION dba;
4949SELECT SESSION_USER, CURRENT_USER;
50- session_user | current_user
50+ session_user | current_user
5151--------------+--------------
5252 dba | dba
5353(1 row)
5454
5555SELECT set_user_u('postgres');
56- set_user_u
56+ set_user_u
5757------------
5858 OK
5959(1 row)
6060
6161SELECT SESSION_USER, CURRENT_USER;
62- session_user | current_user
62+ session_user | current_user
6363--------------+--------------
6464 dba | postgres
6565(1 row)
@@ -101,32 +101,32 @@ RESET SESSION AUTHORIZATION; -- should fail
101101ERROR: "SET/RESET SESSION AUTHORIZATION" blocked by set_user
102102HINT: Use "SELECT set_user();" or "SELECT reset_user();" instead.
103103SELECT SESSION_USER, CURRENT_USER;
104- session_user | current_user
104+ session_user | current_user
105105--------------+--------------
106106 dba | postgres
107107(1 row)
108108
109109SELECT reset_user(); -- succeed
110- reset_user
110+ reset_user
111111------------
112112 OK
113113(1 row)
114114
115115-- test set_user and reset_user with token
116116SELECT SESSION_USER, CURRENT_USER;
117- session_user | current_user
117+ session_user | current_user
118118--------------+--------------
119119 dba | dba
120120(1 row)
121121
122122SELECT set_user('bob', 'secret');
123- set_user
123+ set_user
124124----------
125125 OK
126126(1 row)
127127
128128SELECT SESSION_USER, CURRENT_USER;
129- session_user | current_user
129+ session_user | current_user
130130--------------+--------------
131131 dba | bob
132132(1 row)
@@ -138,27 +138,27 @@ RESET SESSION AUTHORIZATION; -- should fail
138138ERROR: "SET/RESET SESSION AUTHORIZATION" blocked by set_user
139139HINT: Use "SELECT set_user();" or "SELECT reset_user();" instead.
140140SELECT SESSION_USER, CURRENT_USER;
141- session_user | current_user
141+ session_user | current_user
142142--------------+--------------
143143 dba | bob
144144(1 row)
145145
146146SELECT reset_user(); -- should fail
147147ERROR: reset token required but not provided
148148SELECT SESSION_USER, CURRENT_USER;
149- session_user | current_user
149+ session_user | current_user
150150--------------+--------------
151151 dba | bob
152152(1 row)
153153
154154SELECT reset_user('secret'); -- succeed
155- reset_user
155+ reset_user
156156------------
157157 OK
158158(1 row)
159159
160160SELECT SESSION_USER, CURRENT_USER;
161- session_user | current_user
161+ session_user | current_user
162162--------------+--------------
163163 dba | dba
164164(1 row)
175175$$ LANGUAGE plpgsql;
176176SET SESSION AUTHORIZATION dba;
177177SELECT SESSION_USER, CURRENT_USER;
178- session_user | current_user
178+ session_user | current_user
179179--------------+--------------
180180 dba | dba
181181(1 row)
@@ -185,71 +185,71 @@ SELECT set_user_u('postgres'), bail();
185185ERROR: bailing out !
186186CONTEXT: PL/pgSQL function bail() line 3 at RAISE
187187SELECT SESSION_USER, CURRENT_USER;
188- session_user | current_user
188+ session_user | current_user
189189--------------+--------------
190190 dba | dba
191191(1 row)
192192
193193SHOW log_statement;
194- log_statement
194+ log_statement
195195---------------
196196 none
197197(1 row)
198198
199199SHOW log_line_prefix;
200- log_line_prefix
200+ log_line_prefix
201201-----------------
202- %m [%p]
202+ %m [%p]
203203(1 row)
204204
205205-- bail on reset after successful set_user_u
206206SELECT set_user_u('postgres');
207- set_user_u
207+ set_user_u
208208------------
209209 OK
210210(1 row)
211211
212212SELECT SESSION_USER, CURRENT_USER;
213- session_user | current_user
213+ session_user | current_user
214214--------------+--------------
215215 dba | postgres
216216(1 row)
217217
218218SHOW log_statement;
219- log_statement
219+ log_statement
220220---------------
221221 all
222222(1 row)
223223
224224SHOW log_line_prefix;
225- log_line_prefix
225+ log_line_prefix
226226-----------------
227- %m [%p] AUDIT:
227+ %m [%p] AUDIT:
228228(1 row)
229229
230230SELECT reset_user(), bail();
231231ERROR: bailing out !
232232CONTEXT: PL/pgSQL function bail() line 3 at RAISE
233233SELECT SESSION_USER, CURRENT_USER;
234- session_user | current_user
234+ session_user | current_user
235235--------------+--------------
236236 dba | postgres
237237(1 row)
238238
239239SHOW log_statement;
240- log_statement
240+ log_statement
241241---------------
242242 all
243243(1 row)
244244
245245SHOW log_line_prefix;
246- log_line_prefix
246+ log_line_prefix
247247-----------------
248- %m [%p] AUDIT:
248+ %m [%p] AUDIT:
249249(1 row)
250250
251251SELECT reset_user();
252- reset_user
252+ reset_user
253253------------
254254 OK
255255(1 row)
@@ -259,54 +259,54 @@ SELECT set_user('bob'), bail();
259259ERROR: bailing out !
260260CONTEXT: PL/pgSQL function bail() line 3 at RAISE
261261SELECT SESSION_USER, CURRENT_USER;
262- session_user | current_user
262+ session_user | current_user
263263--------------+--------------
264264 dba | dba
265265(1 row)
266266
267267SHOW log_statement;
268- log_statement
268+ log_statement
269269---------------
270270 none
271271(1 row)
272272
273273SHOW log_line_prefix;
274- log_line_prefix
274+ log_line_prefix
275275-----------------
276- %m [%p]
276+ %m [%p]
277277(1 row)
278278
279279-- bail during set_user with token
280280SELECT set_user('bob', 'secret'), bail();
281281ERROR: bailing out !
282282CONTEXT: PL/pgSQL function bail() line 3 at RAISE
283283SELECT SESSION_USER, CURRENT_USER;
284- session_user | current_user
284+ session_user | current_user
285285--------------+--------------
286286 dba | dba
287287(1 row)
288288
289289SHOW log_statement;
290- log_statement
290+ log_statement
291291---------------
292292 none
293293(1 row)
294294
295295SHOW log_line_prefix;
296- log_line_prefix
296+ log_line_prefix
297297-----------------
298- %m [%p]
298+ %m [%p]
299299(1 row)
300300
301301-- bail during reset_user with token
302302SELECT set_user('bob', 'secret');
303- set_user
303+ set_user
304304----------
305305 OK
306306(1 row)
307307
308308SELECT SESSION_USER, CURRENT_USER;
309- session_user | current_user
309+ session_user | current_user
310310--------------+--------------
311311 dba | bob
312312(1 row)
@@ -315,13 +315,13 @@ SELECT reset_user('secret'), bail();
315315ERROR: bailing out !
316316CONTEXT: PL/pgSQL function bail() line 3 at RAISE
317317SELECT SESSION_USER, CURRENT_USER;
318- session_user | current_user
318+ session_user | current_user
319319--------------+--------------
320320 dba | bob
321321(1 row)
322322
323323SELECT reset_user('secret');
324- reset_user
324+ reset_user
325325------------
326326 OK
327327(1 row)
@@ -330,13 +330,13 @@ RESET SESSION AUTHORIZATION;
330330-- this is an example of how we might audit existing roles
331331SET SESSION AUTHORIZATION dba;
332332SELECT set_user_u('postgres');
333- set_user_u
333+ set_user_u
334334------------
335335 OK
336336(1 row)
337337
338338SELECT rolname FROM pg_authid WHERE rolsuper and rolcanlogin;
339- rolname
339+ rolname
340340----------
341341 postgres
342342(1 row)
395395 AND ri.rolsuper
396396 )
397397);
398- rolname | rolcanlogin | rolsuper | rolparents
398+ rolname | rolcanlogin | rolsuper | rolparents
399399----------+-------------+----------+---------------
400400 joe | t | f | {postgres,su}
401401 postgres | t | t | {}
406406-- since we don't really want to make the postgres user
407407-- nologin during regression testing
408408BEGIN;
409- REVOKE postgres FROM su;
409+ REVOKE postgress FROM su;
410410ALTER USER postgres NOLOGIN;
411411-- retest, this time successfully
412412SELECT
425425 AND ri.rolsuper
426426 )
427427);
428- rolname | rolcanlogin | rolsuper | rolparents
428+ rolname | rolcanlogin | rolsuper | rolparents
429429---------+-------------+----------+------------
430430(0 rows)
431431
0 commit comments