Re: SYSTEM_USER reserved word implementation

Hi,

On 8/24/22 6:27 AM, Michael Paquier wrote:
> On Wed, Aug 17, 2022 at 04:48:42PM +0200, Drouvot, Bertrand wrote:
>> That way one could test the SYSTEM_USER behavior without the need to have
>> kerberos enabled.
> I was looking at this patch

Thanks for looking at it!

> and noticed that SYSTEM_USER returns a
> "name", meaning that the value would be automatically truncated at 63
> characters. We shouldn't imply that as authn_ids can be longer than
> that, and this issue gets a bit worse once with the auth_method
> appended to the string.

Good catch! I'll fix that in the next version.

Hmm, I think it would make sense to keep system_user() with his friends
current_user() and session_user().

But now that system_user() will not return a name anymore (but a text),
I think name.c is no longer the right place, what do you think? (If so,
where would you suggest?)

>
> +if (!$use_unix_sockets)
> +{
> + plan skip_all =>
> + "authentication tests cannot run without Unix-domain sockets";
> +}
>
> Are you sure that !$use_unix_sockets is safe here? Could we have
> platforms where we use our port's getpeereid() with $use_unix_sockets
> works? That would cause the test to fail with ENOSYS. Hmm. Without
> being able to rely on HAVE_GETPEEREID, we could check for the error
> generated when the fallback implementation does not work, and skip the
> rest of the test.

Oh right, I did not think about that, thanks for the suggestion.

I'll change this in the next version and simply skip the rest of the
test in case we get "peer authentication is not supported on this platform".

Regards,

--

Bertrand Drouvot
Amazon Web Services: https://aws.amazon.com