mirror of
https://git.postgresql.org/git/postgresql.git
synced 2025-01-12 18:34:36 +08:00
Remove special-handling of usernames with Kerberos authentication. We will
now always use the system username as the default, and not try to pick it up from the kerberos ticket. This fixes the spurious error messages that show up on kerberos-enabled builds when not actually using kerberos, and puts it in line with how other authentication methods work.
This commit is contained in:
parent
afe8ac2078
commit
64580224f9
@ -7,7 +7,7 @@
|
|||||||
* Portions Copyright (c) 1994, Regents of the University of California
|
* Portions Copyright (c) 1994, Regents of the University of California
|
||||||
*
|
*
|
||||||
* IDENTIFICATION
|
* IDENTIFICATION
|
||||||
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.139 2009/01/01 17:24:03 momjian Exp $
|
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.140 2009/01/13 10:43:21 mha Exp $
|
||||||
*
|
*
|
||||||
*-------------------------------------------------------------------------
|
*-------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
@ -190,28 +190,6 @@ pg_krb5_destroy(struct krb5_info * info)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
|
||||||
* pg_krb5_authname -- returns a copy of whatever name the user
|
|
||||||
* has authenticated to the system, or NULL
|
|
||||||
*/
|
|
||||||
static char *
|
|
||||||
pg_krb5_authname(PQExpBuffer errorMessage)
|
|
||||||
{
|
|
||||||
char *tmp_name;
|
|
||||||
struct krb5_info info;
|
|
||||||
|
|
||||||
info.pg_krb5_initialised = 0;
|
|
||||||
|
|
||||||
if (pg_krb5_init(errorMessage, &info) != STATUS_OK)
|
|
||||||
return NULL;
|
|
||||||
tmp_name = strdup(info.pg_krb5_name);
|
|
||||||
pg_krb5_destroy(&info);
|
|
||||||
|
|
||||||
return tmp_name;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* pg_krb5_sendauth -- client routine to send authentication information to
|
* pg_krb5_sendauth -- client routine to send authentication information to
|
||||||
* the server
|
* the server
|
||||||
@ -972,9 +950,6 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)
|
|||||||
char *
|
char *
|
||||||
pg_fe_getauthname(PQExpBuffer errorMessage)
|
pg_fe_getauthname(PQExpBuffer errorMessage)
|
||||||
{
|
{
|
||||||
#ifdef KRB5
|
|
||||||
char *krb5_name = NULL;
|
|
||||||
#endif
|
|
||||||
const char *name = NULL;
|
const char *name = NULL;
|
||||||
char *authn;
|
char *authn;
|
||||||
|
|
||||||
@ -988,8 +963,7 @@ pg_fe_getauthname(PQExpBuffer errorMessage)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* pglock_thread() really only needs to be called around
|
* Some users are using configure
|
||||||
* pg_krb5_authname(), but some users are using configure
|
|
||||||
* --enable-thread-safety-force, so we might as well do the locking within
|
* --enable-thread-safety-force, so we might as well do the locking within
|
||||||
* our library to protect pqGetpwuid(). In fact, application developers
|
* our library to protect pqGetpwuid(). In fact, application developers
|
||||||
* can use getpwuid() in their application if they use the locking call we
|
* can use getpwuid() in their application if they use the locking call we
|
||||||
@ -998,17 +972,6 @@ pg_fe_getauthname(PQExpBuffer errorMessage)
|
|||||||
*/
|
*/
|
||||||
pglock_thread();
|
pglock_thread();
|
||||||
|
|
||||||
#ifdef KRB5
|
|
||||||
|
|
||||||
/*
|
|
||||||
* pg_krb5_authname gives us a strdup'd value that we need to free later,
|
|
||||||
* however, we don't want to free 'name' directly in case it's *not* a
|
|
||||||
* Kerberos login and we fall through to name = pw->pw_name;
|
|
||||||
*/
|
|
||||||
krb5_name = pg_krb5_authname(errorMessage);
|
|
||||||
name = krb5_name;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (!name)
|
if (!name)
|
||||||
{
|
{
|
||||||
#ifdef WIN32
|
#ifdef WIN32
|
||||||
@ -1022,12 +985,6 @@ pg_fe_getauthname(PQExpBuffer errorMessage)
|
|||||||
|
|
||||||
authn = name ? strdup(name) : NULL;
|
authn = name ? strdup(name) : NULL;
|
||||||
|
|
||||||
#ifdef KRB5
|
|
||||||
/* Free the strdup'd string from pg_krb5_authname, if we got one */
|
|
||||||
if (krb5_name)
|
|
||||||
free(krb5_name);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
pgunlock_thread();
|
pgunlock_thread();
|
||||||
|
|
||||||
return authn;
|
return authn;
|
||||||
|
Loading…
Reference in New Issue
Block a user