fivedev/five
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
90eafcfc0651d961945fbb6c133d9a6a4fd4365a
five/tests/pgserver/run.sh
CharlesKWON 90eafcfc06 feat(pgserver): Phase 5 — password + MD5 authentication 
Trust mode (v1.0 default) accepts anyone; that's fine for embedded
demo but unshipping a multi-client database without credentials
would be irresponsible. This commit adds two of libpq's three
standard auth flows. SCRAM-SHA-256 is Phase 5.1 — pgx/psql both
fall back to MD5 cleanly when the server advertises only md5, so
v1.0's functional coverage is complete with the pair landed here.

Auth subsystem
--------------

`hbrtl/pgserver/auth.go` adds:

* An in-memory role registry: `roleMap map[string]*role` guarded by
  sync.RWMutex. Reads (lookupRole) are hot-path during connection
  startup so the RWMutex lets multiple sessions auth in parallel
  without serialising through a plain Mutex.

* `AddRole(name, password)` / `RemoveRole(name)` Go API consumed
  by the new HB_FUNCs `PG_ADD_ROLE` / `PG_REMOVE_ROLE` (see
  register.go). Bootstrap PRG idiom:

      PG_ADD_ROLE("alice", "swordfish")
      PG_ADD_ROLE("bob",   "hunter2")
      PG_SERVER_START(":5432", "md5")

* `authPassword()` — cleartext PasswordMessage exchange. The wire
  payload is plain so intended for TLS-protected links only;
  Phase 6 ties the warning to actual TLS detection on the session.

* `authMD5()` — libpq's md5 challenge:

      server → AuthenticationMD5Password{salt: 4 random bytes}
      client → "md5" || md5_hex( md5_hex(password || user) || salt )

  We recompute the canonical hash from the stored plaintext and
  compare. md5Challenge() is exported for pinning by a Go unit
  test (vector cross-checked against libpq's fe-auth-md5.c).

Salt is sourced from crypto/rand on every challenge so replay
attacks against a captured wire trace can't reuse a prior hash.

Dispatch matrix (Config.AuthMode → flow):
  "" / "trust" → AuthenticationOk immediately, no lookup
  "password"   → authPassword()
  "md5"        → authMD5()
  anything else→ 28000 + connection close

Tests
-----

Unit (hbrtl/pgserver/pgserver_test.go):
  PASS  TestMD5Challenge           (vector + determinism + diff)
  PASS  TestRoleRegistry           (add/replace/remove/lookup)

Integration (tests/pgserver/run.sh):
  PASS  Simple Query: SELECT 1, 'hello'
  PASS  Multi-statement Simple Query
  PASS  Transaction control: BEGIN/COMMIT round-trip
  PASS  MD5 auth: wrong password rejected
  PASS  MD5 auth: correct password accepted

End-to-end matrix with real psql:
  wrong password   → "ERROR: md5 authentication failed for user 'alice'"
  correct password → SELECT returns row
  unknown user     → "ERROR: md5 authentication failed for user 'eve'"
  password mode    → cleartext exchange works equivalently

All six release gates green:
  go test ./...               ✓
  FiveSql2 SQL:1999 43/43     ✓
  Harbour compat 56/56        ✓
  std.ch 17/17                ✓
  FRB 7/7                     ✓
  pgserver integration 5/5    ✓ (up from 3/3 in Phase 4)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 14:01:30 +09:00

151 lines
4.9 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# tests/pgserver/run.sh — integration harness for the pgserver wire
# layer. Builds a bootstrap PRG that starts the server, then drives
# it from a Go-side pgx client (located alongside this script).
#
# Verified scope (Phase 3):
# * CREATE TABLE / INSERT / UPDATE / DELETE over Simple Query
# * BEGIN / COMMIT / ROLLBACK from the wire
# * Two-connection cross-visibility on shared DBF
# * Per-session ROLLBACK doesn't affect other connection
#
# Known limitation (tracked for Phase 7):
# * ≥3 concurrent connections doing in-flight INSERT/SELECT in
# their own transactions can race at the hbrdd workarea layer
# — surfaces as one worker's just-inserted row missing from its
# own SELECT. Two-connection serial use, and N-connection use
# where each goroutine completes its txn before the next starts,
# are both reliable. Multi-way append-time WA arbitration is
# deferred until the audit's "WorkArea collision under multi-
# session" Top-Risk #2 fix lands.
set -e
ROOT="$(cd "$(dirname "$0")/../.." && pwd)"
FIVE="$ROOT/five"
PORT="${PGSERVER_TEST_PORT:-15432}"
if [ ! -x "$FIVE" ]; then
echo "five binary not found at $FIVE — run 'go build -o five ./cmd/five' first" >&2
exit 2
fi
if ! command -v psql >/dev/null 2>&1; then
echo "psql not in PATH — install PostgreSQL client tools to run this suite" >&2
exit 2
fi
work="$(mktemp -d)"
trap 'rm -rf "$work"' EXIT
# Bootstrap PRG — opens nothing, just stands up the server.
cat > "$work/boot.prg" <<EOF
PROCEDURE Main()
PG_SERVER_START( ":$PORT" )
RETURN
EOF
"$FIVE" build "$work/boot.prg" "$ROOT/_FiveSql2/src/"*.prg -o "$work/boot" >/dev/null 2>&1
"$work/boot" &
SERVER_PID=$!
sleep 1
trap "kill $SERVER_PID 2>/dev/null; rm -rf '$work'" EXIT
pass=0
total=0
ok() {
pass=$((pass+1))
total=$((total+1))
echo "PASS $1"
}
fail() {
total=$((total+1))
echo "FAIL $1"
echo "$2" | sed 's/^/ /'
}
# 1) Simple Query via psql.
out="$(psql "postgres://alice:any@127.0.0.1:$PORT/alice?sslmode=disable" \
-c "SELECT 1 AS one, 'hello' AS greet" -At 2>&1 || true)"
if echo "$out" | grep -q "1|hello"; then
ok "Simple Query: SELECT 1, 'hello'"
else
fail "Simple Query: SELECT 1, 'hello'" "$out"
fi
# 2) Multi-statement Simple Query — each ';'-separated stmt rolls
# through the engine independently. Verifies wire reuses one
# session across statements without bleed.
out="$(psql "postgres://alice:any@127.0.0.1:$PORT/alice?sslmode=disable" -At <<SQL 2>&1 || true
SELECT 'first';
SELECT 2 AS n;
SQL
)"
if echo "$out" | grep -q "first" && echo "$out" | grep -q "^2$"; then
ok "Multi-statement Simple Query"
else
fail "Multi-statement Simple Query" "$out"
fi
# Note on Extended Protocol coverage:
# psql can't drive raw Parse/Bind/Execute from -c invocations
# (PG's SQL-level PREPARE/EXECUTE is a separate feature that
# FiveSql2 doesn't parse). The Extended Protocol path is instead
# covered by hbrtl/pgserver/wire_test.go (Go unit) plus the
# pgx-driven manual sanity script in /tmp/pgs_test/. Adding a
# self-contained Go integration that bootstraps the server +
# drives pgx in one process is Phase 7 work.
# 3) Transaction control via simple query — BEGIN/COMMIT round-trip
# must leave ReadyForQuery in 'I' state so psql doesn't hang on
# the next command.
out="$(psql "postgres://alice:any@127.0.0.1:$PORT/alice?sslmode=disable" -At <<SQL 2>&1 || true
BEGIN;
SELECT 'in-txn';
COMMIT;
SELECT 'post-commit';
SQL
)"
if echo "$out" | grep -q "in-txn" && echo "$out" | grep -q "post-commit"; then
ok "Transaction control: BEGIN/COMMIT round-trip"
else
fail "Transaction control: BEGIN/COMMIT round-trip" "$out"
fi
# 4) MD5 authentication — kill the trust-mode server, restart with
# md5 + a known role, then verify both the rejection and success
# paths.
kill $SERVER_PID 2>/dev/null
wait 2>/dev/null
cat > "$work/auth.prg" <<EOF
PROCEDURE Main()
PG_ADD_ROLE( "alice", "swordfish" )
PG_SERVER_START( ":$PORT", "md5" )
RETURN
EOF
"$FIVE" build "$work/auth.prg" "$ROOT/_FiveSql2/src/"*.prg -o "$work/auth" >/dev/null 2>&1
"$work/auth" &
SERVER_PID=$!
sleep 1
trap "kill $SERVER_PID 2>/dev/null; rm -rf '$work'" EXIT
bad="$(PGPASSWORD=wrong psql "postgres://alice@127.0.0.1:$PORT/alice?sslmode=disable" \
-c "SELECT 1" 2>&1 | head -1 || true)"
if echo "$bad" | grep -qi "md5 authentication failed"; then
ok "MD5 auth: wrong password rejected"
else
fail "MD5 auth: wrong password rejected" "$bad"
fi
good="$(PGPASSWORD=swordfish psql "postgres://alice@127.0.0.1:$PORT/alice?sslmode=disable" \
-c "SELECT 'ok' AS x" -At 2>&1 || true)"
if echo "$good" | grep -q "^ok$"; then
ok "MD5 auth: correct password accepted"
else
fail "MD5 auth: correct password accepted" "$good"
fi
echo "================================================================"
echo " pgserver integration: $pass / $total passed"
echo "================================================================"
[ $pass -eq $total ]
Reference in New Issue View Git Blame Copy Permalink