From 4ea1a273fbc20b29ba4aacd3c21030bd62296d7d Mon Sep 17 00:00:00 2001 From: Magnus Hagander Date: Sat, 29 Jan 2011 17:06:55 +0100 Subject: [PATCH] Use GSSAPI library for SSPI auth, when native SSPI is not available This allows non-Windows clients to connect to a Windows server with SSPI authentication. Christian Ullrich, largely modified by me --- src/interfaces/libpq/fe-auth.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index 0d3cad0b00..7d2ef51f17 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -831,6 +831,10 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn) #if defined(ENABLE_GSS) || defined(ENABLE_SSPI) case AUTH_REQ_GSS: +#if !defined(ENABLE_SSPI) + /* no native SSPI, so use GSSAPI library for it */ + case AUTH_REQ_SSPI: +#endif { int r; @@ -888,13 +892,14 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn) pgunlock_thread(); } break; -#else +#else /* defined(ENABLE_GSS) || defined(ENABLE_SSPI) */ + /* No GSSAPI *or* SSPI support */ case AUTH_REQ_GSS: case AUTH_REQ_GSS_CONT: printfPQExpBuffer(&conn->errorMessage, libpq_gettext("GSSAPI authentication not supported\n")); return STATUS_ERROR; -#endif +#endif /* defined(ENABLE_GSS) || defined(ENABLE_SSPI) */ #ifdef ENABLE_SSPI case AUTH_REQ_SSPI: @@ -914,11 +919,19 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn) pgunlock_thread(); break; #else + /* + * No SSPI support. However, if we have GSSAPI but not SSPI + * support, AUTH_REQ_SSPI will have been handled in the codepath + * for AUTH_REQ_GSSAPI above, so don't duplicate the case label + * in that case. + */ +#if !defined(ENABLE_GSS) case AUTH_REQ_SSPI: printfPQExpBuffer(&conn->errorMessage, libpq_gettext("SSPI authentication not supported\n")); return STATUS_ERROR; -#endif +#endif /* !define(ENABLE_GSSAPI) */ +#endif /* ENABLE_SSPI */ case AUTH_REQ_CRYPT: