rename "gss_accept_deleg" to "gss_accept_delegation".
This is more consistent with existing GUC spelling. Discussion: https://postgr.es/m/ZGdnEsGtNj7+fZoa@momjian.us
This commit is contained in:
parent
cf109ffc20
commit
9c0a0e2ed9
|
@ -2604,7 +2604,7 @@ dblink_security_check(PGconn *conn, remoteConn *rconn, const char *connstr)
|
||||||
|
|
||||||
#ifdef ENABLE_GSS
|
#ifdef ENABLE_GSS
|
||||||
/* If GSSAPI creds used to connect, make sure it was one delegated */
|
/* If GSSAPI creds used to connect, make sure it was one delegated */
|
||||||
if (PQconnectionUsedGSSAPI(conn) && be_gssapi_get_deleg(MyProcPort))
|
if (PQconnectionUsedGSSAPI(conn) && be_gssapi_get_delegation(MyProcPort))
|
||||||
return;
|
return;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -2671,7 +2671,7 @@ dblink_connstr_check(const char *connstr)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
#ifdef ENABLE_GSS
|
#ifdef ENABLE_GSS
|
||||||
if (be_gssapi_get_deleg(MyProcPort))
|
if (be_gssapi_get_delegation(MyProcPort))
|
||||||
return;
|
return;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -402,7 +402,7 @@ pgfdw_security_check(const char **keywords, const char **values, UserMapping *us
|
||||||
|
|
||||||
#ifdef ENABLE_GSS
|
#ifdef ENABLE_GSS
|
||||||
/* Connected via GSSAPI with delegated credentials- all good. */
|
/* Connected via GSSAPI with delegated credentials- all good. */
|
||||||
if (PQconnectionUsedGSSAPI(conn) && be_gssapi_get_deleg(MyProcPort))
|
if (PQconnectionUsedGSSAPI(conn) && be_gssapi_get_delegation(MyProcPort))
|
||||||
return;
|
return;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -612,7 +612,7 @@ check_conn_params(const char **keywords, const char **values, UserMapping *user)
|
||||||
|
|
||||||
#ifdef ENABLE_GSS
|
#ifdef ENABLE_GSS
|
||||||
/* ok if the user provided their own delegated credentials */
|
/* ok if the user provided their own delegated credentials */
|
||||||
if (be_gssapi_get_deleg(MyProcPort))
|
if (be_gssapi_get_delegation(MyProcPort))
|
||||||
return;
|
return;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -1190,10 +1190,10 @@ include_dir 'conf.d'
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry id="guc-gss-accept-deleg" xreflabel="gss_accept_deleg">
|
<varlistentry id="guc-gss-accept-deleg" xreflabel="gss_accept_delegation">
|
||||||
<term><varname>gss_accept_deleg</varname> (<type>boolean</type>)
|
<term><varname>gss_accept_delegation</varname> (<type>boolean</type>)
|
||||||
<indexterm>
|
<indexterm>
|
||||||
<primary><varname>gss_accept_deleg</varname> configuration parameter</primary>
|
<primary><varname>gss_accept_delegation</varname> configuration parameter</primary>
|
||||||
</indexterm>
|
</indexterm>
|
||||||
</term>
|
</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
|
|
@ -946,7 +946,7 @@ Add support for Kerberos credential delegation (Stephen Frost)
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
This is enabled with server variable gss_accept_deleg.
|
This is enabled with server variable gss_accept_delegation.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
|
|
@ -165,7 +165,7 @@ static int CheckCertAuth(Port *port);
|
||||||
*/
|
*/
|
||||||
char *pg_krb_server_keyfile;
|
char *pg_krb_server_keyfile;
|
||||||
bool pg_krb_caseins_users;
|
bool pg_krb_caseins_users;
|
||||||
bool pg_gss_accept_deleg;
|
bool pg_gss_accept_delegation;
|
||||||
|
|
||||||
|
|
||||||
/*----------------------------------------------------------------
|
/*----------------------------------------------------------------
|
||||||
|
@ -1003,7 +1003,7 @@ pg_GSS_recvauth(Port *port)
|
||||||
&port->gss->outbuf,
|
&port->gss->outbuf,
|
||||||
&gflags,
|
&gflags,
|
||||||
NULL,
|
NULL,
|
||||||
pg_gss_accept_deleg ? &delegated_creds : NULL);
|
pg_gss_accept_delegation ? &delegated_creds : NULL);
|
||||||
|
|
||||||
/* gbuf no longer used */
|
/* gbuf no longer used */
|
||||||
pfree(buf.data);
|
pfree(buf.data);
|
||||||
|
|
|
@ -593,7 +593,7 @@ secure_open_gssapi(Port *port)
|
||||||
GSS_C_NO_CREDENTIAL, &input,
|
GSS_C_NO_CREDENTIAL, &input,
|
||||||
GSS_C_NO_CHANNEL_BINDINGS,
|
GSS_C_NO_CHANNEL_BINDINGS,
|
||||||
&port->gss->name, NULL, &output, NULL,
|
&port->gss->name, NULL, &output, NULL,
|
||||||
NULL, pg_gss_accept_deleg ? &delegated_creds : NULL);
|
NULL, pg_gss_accept_delegation ? &delegated_creds : NULL);
|
||||||
|
|
||||||
if (GSS_ERROR(major))
|
if (GSS_ERROR(major))
|
||||||
{
|
{
|
||||||
|
@ -749,7 +749,7 @@ be_gssapi_get_princ(Port *port)
|
||||||
* connection.
|
* connection.
|
||||||
*/
|
*/
|
||||||
bool
|
bool
|
||||||
be_gssapi_get_deleg(Port *port)
|
be_gssapi_get_delegation(Port *port)
|
||||||
{
|
{
|
||||||
if (!port || !port->gss)
|
if (!port || !port->gss)
|
||||||
return false;
|
return false;
|
||||||
|
|
|
@ -384,7 +384,7 @@ pgstat_bestart(void)
|
||||||
lbeentry.st_gss = true;
|
lbeentry.st_gss = true;
|
||||||
lgssstatus.gss_auth = be_gssapi_get_auth(MyProcPort);
|
lgssstatus.gss_auth = be_gssapi_get_auth(MyProcPort);
|
||||||
lgssstatus.gss_enc = be_gssapi_get_enc(MyProcPort);
|
lgssstatus.gss_enc = be_gssapi_get_enc(MyProcPort);
|
||||||
lgssstatus.gss_deleg = be_gssapi_get_deleg(MyProcPort);
|
lgssstatus.gss_delegation = be_gssapi_get_delegation(MyProcPort);
|
||||||
if (princ)
|
if (princ)
|
||||||
strlcpy(lgssstatus.gss_princ, princ, NAMEDATALEN);
|
strlcpy(lgssstatus.gss_princ, princ, NAMEDATALEN);
|
||||||
}
|
}
|
||||||
|
|
|
@ -600,7 +600,7 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
|
||||||
values[25] = BoolGetDatum(beentry->st_gssstatus->gss_auth); /* gss_auth */
|
values[25] = BoolGetDatum(beentry->st_gssstatus->gss_auth); /* gss_auth */
|
||||||
values[26] = CStringGetTextDatum(beentry->st_gssstatus->gss_princ);
|
values[26] = CStringGetTextDatum(beentry->st_gssstatus->gss_princ);
|
||||||
values[27] = BoolGetDatum(beentry->st_gssstatus->gss_enc); /* GSS Encryption in use */
|
values[27] = BoolGetDatum(beentry->st_gssstatus->gss_enc); /* GSS Encryption in use */
|
||||||
values[28] = BoolGetDatum(beentry->st_gssstatus->gss_deleg); /* GSS credentials
|
values[28] = BoolGetDatum(beentry->st_gssstatus->gss_delegation); /* GSS credentials
|
||||||
* delegated */
|
* delegated */
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
|
@ -285,14 +285,14 @@ PerformAuthentication(Port *port)
|
||||||
_(" GSS (authenticated=%s, encrypted=%s, deleg_credentials=%s, principal=%s)"),
|
_(" GSS (authenticated=%s, encrypted=%s, deleg_credentials=%s, principal=%s)"),
|
||||||
be_gssapi_get_auth(port) ? _("yes") : _("no"),
|
be_gssapi_get_auth(port) ? _("yes") : _("no"),
|
||||||
be_gssapi_get_enc(port) ? _("yes") : _("no"),
|
be_gssapi_get_enc(port) ? _("yes") : _("no"),
|
||||||
be_gssapi_get_deleg(port) ? _("yes") : _("no"),
|
be_gssapi_get_delegation(port) ? _("yes") : _("no"),
|
||||||
princ);
|
princ);
|
||||||
else
|
else
|
||||||
appendStringInfo(&logmsg,
|
appendStringInfo(&logmsg,
|
||||||
_(" GSS (authenticated=%s, encrypted=%s, deleg_credentials=%s)"),
|
_(" GSS (authenticated=%s, encrypted=%s, deleg_credentials=%s)"),
|
||||||
be_gssapi_get_auth(port) ? _("yes") : _("no"),
|
be_gssapi_get_auth(port) ? _("yes") : _("no"),
|
||||||
be_gssapi_get_enc(port) ? _("yes") : _("no"),
|
be_gssapi_get_enc(port) ? _("yes") : _("no"),
|
||||||
be_gssapi_get_deleg(port) ? _("yes") : _("no"));
|
be_gssapi_get_delegation(port) ? _("yes") : _("no"));
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -1728,11 +1728,11 @@ struct config_bool ConfigureNamesBool[] =
|
||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
{"gss_accept_deleg", PGC_SIGHUP, CONN_AUTH_AUTH,
|
{"gss_accept_delegation", PGC_SIGHUP, CONN_AUTH_AUTH,
|
||||||
gettext_noop("Sets whether GSSAPI delegation should be accepted from the client."),
|
gettext_noop("Sets whether GSSAPI delegation should be accepted from the client."),
|
||||||
NULL
|
NULL
|
||||||
},
|
},
|
||||||
&pg_gss_accept_deleg,
|
&pg_gss_accept_delegation,
|
||||||
false,
|
false,
|
||||||
NULL, NULL, NULL
|
NULL, NULL, NULL
|
||||||
},
|
},
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
|
|
||||||
extern PGDLLIMPORT char *pg_krb_server_keyfile;
|
extern PGDLLIMPORT char *pg_krb_server_keyfile;
|
||||||
extern PGDLLIMPORT bool pg_krb_caseins_users;
|
extern PGDLLIMPORT bool pg_krb_caseins_users;
|
||||||
extern PGDLLIMPORT bool pg_gss_accept_deleg;
|
extern PGDLLIMPORT bool pg_gss_accept_delegation;
|
||||||
extern PGDLLIMPORT char *pg_krb_realm;
|
extern PGDLLIMPORT char *pg_krb_realm;
|
||||||
|
|
||||||
extern void ClientAuthentication(Port *port);
|
extern void ClientAuthentication(Port *port);
|
||||||
|
|
|
@ -329,7 +329,7 @@ extern PGDLLIMPORT openssl_tls_init_hook_typ openssl_tls_init_hook;
|
||||||
extern bool be_gssapi_get_auth(Port *port);
|
extern bool be_gssapi_get_auth(Port *port);
|
||||||
extern bool be_gssapi_get_enc(Port *port);
|
extern bool be_gssapi_get_enc(Port *port);
|
||||||
extern const char *be_gssapi_get_princ(Port *port);
|
extern const char *be_gssapi_get_princ(Port *port);
|
||||||
extern bool be_gssapi_get_deleg(Port *port);
|
extern bool be_gssapi_get_delegation(Port *port);
|
||||||
|
|
||||||
/* Read and write to a GSSAPI-encrypted connection. */
|
/* Read and write to a GSSAPI-encrypted connection. */
|
||||||
extern ssize_t be_gssapi_read(Port *port, void *ptr, size_t len);
|
extern ssize_t be_gssapi_read(Port *port, void *ptr, size_t len);
|
||||||
|
|
|
@ -77,7 +77,7 @@ typedef struct PgBackendGSSStatus
|
||||||
char gss_princ[NAMEDATALEN]; /* GSSAPI Principal used to auth */
|
char gss_princ[NAMEDATALEN]; /* GSSAPI Principal used to auth */
|
||||||
bool gss_auth; /* If GSSAPI authentication was used */
|
bool gss_auth; /* If GSSAPI authentication was used */
|
||||||
bool gss_enc; /* If encryption is being used */
|
bool gss_enc; /* If encryption is being used */
|
||||||
bool gss_deleg; /* If credentials delegated */
|
bool gss_delegation; /* If credentials delegated */
|
||||||
|
|
||||||
} PgBackendGSSStatus;
|
} PgBackendGSSStatus;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue