From cf6634891d73653fbb97b55045101c309f913ceb Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Fri, 31 Mar 2023 14:52:41 +0200 Subject: [PATCH v5 2/2] Add test SCRAM iteration changes with psql \password A version of this test was included in the original patch for altering SCRAM iteration count, but was omitted due to how interactive psql TAP sessions worked before being refactored. Discussion: https://postgr.es/m/xxx --- src/test/authentication/t/001_password.pl | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/test/authentication/t/001_password.pl b/src/test/authentication/t/001_password.pl index 00857fdae5..4e0eb5fdbe 100644 --- a/src/test/authentication/t/001_password.pl +++ b/src/test/authentication/t/001_password.pl @@ -101,6 +101,25 @@ my $res = $node->safe_psql('postgres', WHERE rolname = 'scram_role_iter'"); is($res, 'SCRAM-SHA-256$1024:', 'scram_iterations in server side ROLE'); +# Alter the password on the created role using \password in psql to ensure +# that clientside password changes use the scram_iterations value when +# calculating SCRAM secrets. +my $session = $node->interactive_psql('postgres'); + +$session->set_query_timer_restart(); +$session->query("SET password_encryption='scram-sha-256';"); +$session->query("SET scram_iterations=42;"); +$session->query_until(qr/Enter new password/, "\\password scram_role_iter\n"); +$session->query_until(qr/Enter it again/, "pass\n"); +$session->query_until(qr/postgres=# /, "pass\n"); +$session->quit; + +$res = $node->safe_psql('postgres', + "SELECT substr(rolpassword,1,17) + FROM pg_authid + WHERE rolname = 'scram_role_iter'"); +is($res, 'SCRAM-SHA-256$42:', 'scram_iterations in psql \password command'); + # Create a database to test regular expression. $node->safe_psql('postgres', "CREATE database regex_testdb;"); -- 2.32.1 (Apple Git-133)