mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-11-27 07:21:09 +08:00
Heimdal support (Kerberos V implementation from KTH)
This commit is contained in:
parent
0055a39390
commit
42c3381fc7
@ -1,5 +1,5 @@
|
||||
# Macros that test various C library quirks
|
||||
# $Header: /cvsroot/pgsql/config/c-library.m4,v 1.10 2001/12/20 21:23:05 momjian Exp $
|
||||
# $Header: /cvsroot/pgsql/config/c-library.m4,v 1.11 2002/02/23 04:17:45 petere Exp $
|
||||
|
||||
|
||||
# PGAC_VAR_INT_TIMEZONE
|
||||
@ -196,3 +196,34 @@ if test x"$pgac_cv_header_strings_both" = x"yes"; then
|
||||
AC_DEFINE([STRING_H_WITH_STRINGS_H], 1,
|
||||
[Define if string.h and strings.h may both be included])
|
||||
fi])
|
||||
|
||||
|
||||
# PGAC_CHECK_MEMBER(AGGREGATE.MEMBER,
|
||||
# [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND],
|
||||
# [INCLUDES])
|
||||
# -----------------------------------------------------------
|
||||
|
||||
AC_DEFUN([PGAC_CHECK_MEMBER],
|
||||
[changequote(<<, >>)dnl
|
||||
dnl The name to #define.
|
||||
define(<<pgac_define_name>>, translit(HAVE_$1, [a-z .*], [A-Z__P]))dnl
|
||||
dnl The cache variable name.
|
||||
define(<<pgac_cache_name>>, translit(pgac_cv_member_$1, [ .*], [__p]))dnl
|
||||
changequote([, ])dnl
|
||||
AC_CACHE_CHECK([for $1], [pgac_cache_name],
|
||||
[AC_TRY_COMPILE([$4],
|
||||
[static ]patsubst([$1], [\..*])[ pgac_var;
|
||||
if (pgac_var.]patsubst([$1], [^[^.]*\.])[)
|
||||
return 0;],
|
||||
[pgac_cache_name=yes],
|
||||
[pgac_cache_name=no])])
|
||||
|
||||
if test x"[$]pgac_cache_name" = x"yes"; then
|
||||
AC_DEFINE_UNQUOTED(pgac_define_name)
|
||||
$2
|
||||
else
|
||||
ifelse([$3], [], :, [$3])
|
||||
fi
|
||||
undefine([pgac_define_name])[]dnl
|
||||
undefine([pgac_cache_name])[]dnl
|
||||
])
|
||||
|
25
configure.in
25
configure.in
@ -725,10 +725,12 @@ if test "$with_krb4" = yes ; then
|
||||
fi
|
||||
|
||||
if test "$with_krb5" = yes ; then
|
||||
AC_CHECK_LIB(com_err, [com_err], [], [AC_MSG_ERROR([library 'com_err' is required for Kerberos 5])])
|
||||
AC_CHECK_LIB(crypto, [krb5_encrypt], [],
|
||||
[AC_CHECK_LIB(k5crypto, [krb5_encrypt], [], [AC_MSG_ERROR([library 'crypto' or 'k5crypto' is required for Kerberos 5])])])
|
||||
AC_CHECK_LIB(krb5, [krb5_sendauth], [], [AC_MSG_ERROR([library 'krb5' is required for Kerberos 5])])
|
||||
AC_SEARCH_LIBS(com_err, [krb5 'krb5 -ldes -lasn1 -lroken' com_err], [],
|
||||
[AC_MSG_ERROR([could not find function 'com_err' required for Kerberos 5])])
|
||||
AC_SEARCH_LIBS(krb5_encrypt, [krb5 'krb5 -ldes -lasn1 -lroken' crypto k5crypto], [],
|
||||
[AC_MSG_ERROR([could not find function 'krb5_encrypt' required for Kerberos 5])])
|
||||
AC_SEARCH_LIBS(krb5_sendauth, [krb5 'krb5 -ldes -lasn1 -lroken'], [],
|
||||
[AC_MSG_ERROR([could not find function 'krb5_sendauth' required for Kerberos 5])])
|
||||
fi
|
||||
|
||||
if test "$with_openssl" = yes ; then
|
||||
@ -802,6 +804,21 @@ PGAC_STRUCT_FCRED
|
||||
PGAC_STRUCT_SOCKCRED
|
||||
PGAC_STRUCT_SOCKADDR_UN
|
||||
|
||||
if test "$with_krb5" = yes; then
|
||||
# Check for differences between MIT and Heimdal (KTH) releases
|
||||
PGAC_CHECK_MEMBER([krb5_ticket.enc_part2], [],
|
||||
[PGAC_CHECK_MEMBER([krb5_ticket.client], [],
|
||||
[AC_MSG_ERROR([could not determine how to get client name from Kerberos 5 ticket])],
|
||||
[#include <krb5.h>])],
|
||||
[#include <krb5.h>])
|
||||
PGAC_CHECK_MEMBER([krb5_error.text.data], [],
|
||||
[PGAC_CHECK_MEMBER([krb5_error.e_data], [],
|
||||
[AC_MSG_ERROR([could not determine how to extract Kerberos 5 error messages])],
|
||||
[#include <krb5.h>])],
|
||||
[#include <krb5.h>])
|
||||
fi
|
||||
|
||||
|
||||
##
|
||||
## Functions, global variables
|
||||
##
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.116 2002/02/18 23:11:00 petere Exp $
|
||||
$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.117 2002/02/23 04:17:45 petere Exp $
|
||||
-->
|
||||
|
||||
<appendix id="release">
|
||||
@ -26,6 +26,7 @@ worries about funny characters.
|
||||
<literallayout><![CDATA[
|
||||
Access privileges on functions
|
||||
Access privileges on procedural languages
|
||||
Kerberos 5 support now works with Heimdal
|
||||
]]></literallayout>
|
||||
|
||||
</sect1>
|
||||
|
@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.73 2002/02/19 19:49:09 tgl Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.74 2002/02/23 04:17:46 petere Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@ -229,7 +229,7 @@ pg_krb5_init(void)
|
||||
" Kerberos error %d\n", retval);
|
||||
com_err("postgres", retval,
|
||||
"while getting server principal for service %s",
|
||||
pg_krb_server_keyfile);
|
||||
PG_KRB_SRVNAM);
|
||||
krb5_kt_close(pg_krb5_context, pg_krb5_keytab);
|
||||
krb5_free_context(pg_krb5_context);
|
||||
return STATUS_ERROR;
|
||||
@ -283,8 +283,15 @@ pg_krb5_recvauth(Port *port)
|
||||
*
|
||||
* I have no idea why this is considered necessary.
|
||||
*/
|
||||
#if defined(HAVE_KRB5_TICKET_ENC_PART2)
|
||||
retval = krb5_unparse_name(pg_krb5_context,
|
||||
ticket->enc_part2->client, &kusername);
|
||||
#elif defined(HAVE_KRB5_TICKET_CLIENT)
|
||||
retval = krb5_unparse_name(pg_krb5_context,
|
||||
ticket->client, &kusername);
|
||||
#else
|
||||
#error "bogus configuration"
|
||||
#endif
|
||||
if (retval)
|
||||
{
|
||||
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
|
||||
|
@ -8,7 +8,7 @@
|
||||
* or in pg_config.h afterwards. Of course, if you edit pg_config.h, then your
|
||||
* changes will be overwritten the next time you run configure.
|
||||
*
|
||||
* $Id: pg_config.h.in,v 1.16 2002/01/22 19:02:40 tgl Exp $
|
||||
* $Id: pg_config.h.in,v 1.17 2002/02/23 04:17:46 petere Exp $
|
||||
*/
|
||||
|
||||
#ifndef PG_CONFIG_H
|
||||
@ -622,6 +622,18 @@ extern int fdatasync(int fildes);
|
||||
/* Set to 1 if you have struct sockaddr_un */
|
||||
#undef HAVE_STRUCT_SOCKADDR_UN
|
||||
|
||||
/* Set to 1 if you have krb5_ticket.enc_part2 */
|
||||
#undef HAVE_KRB5_TICKET_ENC_PART2
|
||||
|
||||
/* Set to 1 if you have krb5_ticket.client */
|
||||
#undef HAVE_KRB5_TICKET_CLIENT
|
||||
|
||||
/* Set to 1 if you have krb5_error.text.data */
|
||||
#undef HAVE_KRB5_ERROR_TEXT_DATA
|
||||
|
||||
/* Set to 1 if you have krb5_ticket.e_data */
|
||||
#undef HAVE_KRB5_ERROR_E_DATA
|
||||
|
||||
/* Set to 1 if type "long int" works and is 64 bits */
|
||||
#undef HAVE_LONG_INT_64
|
||||
|
||||
|
@ -10,7 +10,7 @@
|
||||
* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.63 2001/11/05 17:46:37 momjian Exp $
|
||||
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.64 2002/02/23 04:17:47 petere Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@ -403,9 +403,18 @@ pg_krb5_sendauth(char *PQerrormsg, int sock,
|
||||
{
|
||||
if (retval == KRB5_SENDAUTH_REJECTED && err_ret)
|
||||
{
|
||||
#if defined(HAVE_KRB5_ERROR_TEXT_DATA)
|
||||
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
|
||||
libpq_gettext("Kerberos 5 authentication rejected: %*s\n"),
|
||||
err_ret->text.length, err_ret->text.data);
|
||||
#elif defined(HAVE_KRB5_ERROR_E_DATA)
|
||||
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
|
||||
libpq_gettext("Kerberos 5 authentication rejected: %*s\n"),
|
||||
err_ret->e_data->length,
|
||||
(const char *)err_ret->e_data->data);
|
||||
#else
|
||||
#error "bogus configuration"
|
||||
#endif
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -683,7 +692,7 @@ fe_getauthsvc(char *PQerrormsg)
|
||||
char *
|
||||
fe_getauthname(char *PQerrormsg)
|
||||
{
|
||||
char *name = (char *) NULL;
|
||||
const char *name = (char *) NULL;
|
||||
char *authn = (char *) NULL;
|
||||
MsgType authsvc;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user