diff --git a/contrib/dblink/dblink.c b/contrib/dblink/dblink.c index 3a3e916f9e..1ff65d1e52 100644 --- a/contrib/dblink/dblink.c +++ b/contrib/dblink/dblink.c @@ -2604,7 +2604,7 @@ dblink_security_check(PGconn *conn, remoteConn *rconn, const char *connstr) #ifdef ENABLE_GSS /* If GSSAPI creds used to connect, make sure it was one delegated */ - if (PQconnectionUsedGSSAPI(conn) && be_gssapi_get_deleg(MyProcPort)) + if (PQconnectionUsedGSSAPI(conn) && be_gssapi_get_delegation(MyProcPort)) return; #endif @@ -2671,7 +2671,7 @@ dblink_connstr_check(const char *connstr) return; #ifdef ENABLE_GSS - if (be_gssapi_get_deleg(MyProcPort)) + if (be_gssapi_get_delegation(MyProcPort)) return; #endif diff --git a/contrib/postgres_fdw/connection.c b/contrib/postgres_fdw/connection.c index d918ba89e1..f839308b40 100644 --- a/contrib/postgres_fdw/connection.c +++ b/contrib/postgres_fdw/connection.c @@ -402,7 +402,7 @@ pgfdw_security_check(const char **keywords, const char **values, UserMapping *us #ifdef ENABLE_GSS /* Connected via GSSAPI with delegated credentials- all good. */ - if (PQconnectionUsedGSSAPI(conn) && be_gssapi_get_deleg(MyProcPort)) + if (PQconnectionUsedGSSAPI(conn) && be_gssapi_get_delegation(MyProcPort)) return; #endif @@ -612,7 +612,7 @@ check_conn_params(const char **keywords, const char **values, UserMapping *user) #ifdef ENABLE_GSS /* ok if the user provided their own delegated credentials */ - if (be_gssapi_get_deleg(MyProcPort)) + if (be_gssapi_get_delegation(MyProcPort)) return; #endif diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 18ce06729b..b2b26b6b10 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1190,10 +1190,10 @@ include_dir 'conf.d' - - gss_accept_deleg (boolean) + + gss_accept_delegation (boolean) - gss_accept_deleg configuration parameter + gss_accept_delegation configuration parameter diff --git a/doc/src/sgml/release-16.sgml b/doc/src/sgml/release-16.sgml index 92fd143070..d5efe4645f 100644 --- a/doc/src/sgml/release-16.sgml +++ b/doc/src/sgml/release-16.sgml @@ -946,7 +946,7 @@ Add support for Kerberos credential delegation (Stephen Frost) -This is enabled with server variable gss_accept_deleg. +This is enabled with server variable gss_accept_delegation. diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index a1a826e37f..a98b934a8e 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -165,7 +165,7 @@ static int CheckCertAuth(Port *port); */ char *pg_krb_server_keyfile; bool pg_krb_caseins_users; -bool pg_gss_accept_deleg; +bool pg_gss_accept_delegation; /*---------------------------------------------------------------- @@ -1003,7 +1003,7 @@ pg_GSS_recvauth(Port *port) &port->gss->outbuf, &gflags, NULL, - pg_gss_accept_deleg ? &delegated_creds : NULL); + pg_gss_accept_delegation ? &delegated_creds : NULL); /* gbuf no longer used */ pfree(buf.data); diff --git a/src/backend/libpq/be-secure-gssapi.c b/src/backend/libpq/be-secure-gssapi.c index 43d45810cd..cda9376d5a 100644 --- a/src/backend/libpq/be-secure-gssapi.c +++ b/src/backend/libpq/be-secure-gssapi.c @@ -593,7 +593,7 @@ secure_open_gssapi(Port *port) GSS_C_NO_CREDENTIAL, &input, GSS_C_NO_CHANNEL_BINDINGS, &port->gss->name, NULL, &output, NULL, - NULL, pg_gss_accept_deleg ? &delegated_creds : NULL); + NULL, pg_gss_accept_delegation ? &delegated_creds : NULL); if (GSS_ERROR(major)) { @@ -749,7 +749,7 @@ be_gssapi_get_princ(Port *port) * connection. */ bool -be_gssapi_get_deleg(Port *port) +be_gssapi_get_delegation(Port *port) { if (!port || !port->gss) return false; diff --git a/src/backend/utils/activity/backend_status.c b/src/backend/utils/activity/backend_status.c index a8f927f540..38f91a495b 100644 --- a/src/backend/utils/activity/backend_status.c +++ b/src/backend/utils/activity/backend_status.c @@ -384,7 +384,7 @@ pgstat_bestart(void) lbeentry.st_gss = true; lgssstatus.gss_auth = be_gssapi_get_auth(MyProcPort); lgssstatus.gss_enc = be_gssapi_get_enc(MyProcPort); - lgssstatus.gss_deleg = be_gssapi_get_deleg(MyProcPort); + lgssstatus.gss_delegation = be_gssapi_get_delegation(MyProcPort); if (princ) strlcpy(lgssstatus.gss_princ, princ, NAMEDATALEN); } diff --git a/src/backend/utils/adt/pgstatfuncs.c b/src/backend/utils/adt/pgstatfuncs.c index 70da0a2de1..49adc319fc 100644 --- a/src/backend/utils/adt/pgstatfuncs.c +++ b/src/backend/utils/adt/pgstatfuncs.c @@ -600,7 +600,7 @@ pg_stat_get_activity(PG_FUNCTION_ARGS) values[25] = BoolGetDatum(beentry->st_gssstatus->gss_auth); /* gss_auth */ values[26] = CStringGetTextDatum(beentry->st_gssstatus->gss_princ); values[27] = BoolGetDatum(beentry->st_gssstatus->gss_enc); /* GSS Encryption in use */ - values[28] = BoolGetDatum(beentry->st_gssstatus->gss_deleg); /* GSS credentials + values[28] = BoolGetDatum(beentry->st_gssstatus->gss_delegation); /* GSS credentials * delegated */ } else diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index 88434c3e5d..3359b34f52 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -285,14 +285,14 @@ PerformAuthentication(Port *port) _(" GSS (authenticated=%s, encrypted=%s, deleg_credentials=%s, principal=%s)"), be_gssapi_get_auth(port) ? _("yes") : _("no"), be_gssapi_get_enc(port) ? _("yes") : _("no"), - be_gssapi_get_deleg(port) ? _("yes") : _("no"), + be_gssapi_get_delegation(port) ? _("yes") : _("no"), princ); else appendStringInfo(&logmsg, _(" GSS (authenticated=%s, encrypted=%s, deleg_credentials=%s)"), be_gssapi_get_auth(port) ? _("yes") : _("no"), be_gssapi_get_enc(port) ? _("yes") : _("no"), - be_gssapi_get_deleg(port) ? _("yes") : _("no")); + be_gssapi_get_delegation(port) ? _("yes") : _("no")); } #endif diff --git a/src/backend/utils/misc/guc_tables.c b/src/backend/utils/misc/guc_tables.c index c27eb36758..68aecad66f 100644 --- a/src/backend/utils/misc/guc_tables.c +++ b/src/backend/utils/misc/guc_tables.c @@ -1728,11 +1728,11 @@ struct config_bool ConfigureNamesBool[] = }, { - {"gss_accept_deleg", PGC_SIGHUP, CONN_AUTH_AUTH, + {"gss_accept_delegation", PGC_SIGHUP, CONN_AUTH_AUTH, gettext_noop("Sets whether GSSAPI delegation should be accepted from the client."), NULL }, - &pg_gss_accept_deleg, + &pg_gss_accept_delegation, false, NULL, NULL, NULL }, diff --git a/src/include/libpq/auth.h b/src/include/libpq/auth.h index e4d0e38c1e..3b3b2cc4aa 100644 --- a/src/include/libpq/auth.h +++ b/src/include/libpq/auth.h @@ -18,7 +18,7 @@ extern PGDLLIMPORT char *pg_krb_server_keyfile; extern PGDLLIMPORT bool pg_krb_caseins_users; -extern PGDLLIMPORT bool pg_gss_accept_deleg; +extern PGDLLIMPORT bool pg_gss_accept_delegation; extern PGDLLIMPORT char *pg_krb_realm; extern void ClientAuthentication(Port *port); diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h index e9df4295e2..3b2ce9908f 100644 --- a/src/include/libpq/libpq-be.h +++ b/src/include/libpq/libpq-be.h @@ -329,7 +329,7 @@ extern PGDLLIMPORT openssl_tls_init_hook_typ openssl_tls_init_hook; extern bool be_gssapi_get_auth(Port *port); extern bool be_gssapi_get_enc(Port *port); extern const char *be_gssapi_get_princ(Port *port); -extern bool be_gssapi_get_deleg(Port *port); +extern bool be_gssapi_get_delegation(Port *port); /* Read and write to a GSSAPI-encrypted connection. */ extern ssize_t be_gssapi_read(Port *port, void *ptr, size_t len); diff --git a/src/include/utils/backend_status.h b/src/include/utils/backend_status.h index cfb26d2bcc..16500d53b2 100644 --- a/src/include/utils/backend_status.h +++ b/src/include/utils/backend_status.h @@ -77,7 +77,7 @@ typedef struct PgBackendGSSStatus char gss_princ[NAMEDATALEN]; /* GSSAPI Principal used to auth */ bool gss_auth; /* If GSSAPI authentication was used */ bool gss_enc; /* If encryption is being used */ - bool gss_deleg; /* If credentials delegated */ + bool gss_delegation; /* If credentials delegated */ } PgBackendGSSStatus;