diff options
| author | Peter Eisentraut | 2000-08-25 10:00:35 +0000 |
|---|---|---|
| committer | Peter Eisentraut | 2000-08-25 10:00:35 +0000 |
| commit | 996832caeec19ed43fdc36db33ae7ee48e348662 (patch) | |
| tree | 737895a8d87f1c4d289dba6db7c12a5d43b02489 /src | |
| parent | 69cf335687eb47e80e56aee7804bf0c2c3facec8 (diff) | |
Make the location of the Kerberos server key file run time configurable
(rather than compile time). For libpq, even when Kerberos support is
compiled in, the default user name should still fall back to geteuid()
if it can't be determined via the Kerberos system.
A couple of fixes for string type configuration parameters, now that there
is one.
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/libpq/Makefile | 11 | ||||
| -rw-r--r-- | src/backend/libpq/auth.c | 13 | ||||
| -rw-r--r-- | src/backend/utils/misc/Makefile | 24 | ||||
| -rw-r--r-- | src/backend/utils/misc/guc.c | 29 | ||||
| -rw-r--r-- | src/include/libpq/auth.h | 4 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-auth.c | 46 |
6 files changed, 64 insertions, 63 deletions
diff --git a/src/backend/libpq/Makefile b/src/backend/libpq/Makefile index f97cdd70372..619a0c86900 100644 --- a/src/backend/libpq/Makefile +++ b/src/backend/libpq/Makefile @@ -4,13 +4,13 @@ # Makefile for libpq subsystem (backend half of libpq interface) # # IDENTIFICATION -# $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.23 2000/07/09 13:48:45 petere Exp $ +# $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.24 2000/08/25 10:00:30 petere Exp $ # #------------------------------------------------------------------------- subdir = src/backend/libpq top_builddir = ../../.. -include ../../Makefile.global +include $(top_builddir)/src/Makefile.global # be-fsstubs is here for historical reasons, probably belongs elsewhere @@ -18,12 +18,6 @@ OBJS = be-fsstubs.o \ auth.o crypt.o hba.o password.o \ pqcomm.o pqformat.o pqpacket.o pqsignal.o util.o -# This location might depend on the installation directories. Therefore -# we can't subsitute it into config.h. -ifdef krb_srvtab -CPPFLAGS += -DPG_KRB_SRVTAB='"$(krb_srvtab)"' -endif - all: SUBSYS.o @@ -39,4 +33,3 @@ clean: ifeq (depend,$(wildcard depend)) include depend endif - diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 4f0dc6a31a0..257ff7d1091 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.48 2000/07/04 16:31:53 petere Exp $ + * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.49 2000/08/25 10:00:30 petere Exp $ * *------------------------------------------------------------------------- */ @@ -51,6 +51,9 @@ static int map_old_to_new(Port *port, UserAuth old, int status); static void auth_failed(Port *port); +char * pg_krb_server_keyfile; + + #ifdef KRB4 /*---------------------------------------------------------------- * MIT Kerberos authentication system - protocol version 4 @@ -89,7 +92,7 @@ pg_krb4_recvauth(Port *port) &port->raddr.in, &port->laddr.in, &auth_data, - PG_KRB_SRVTAB, + pg_krb_server_keyfile, key_sched, version); if (status != KSUCCESS) @@ -197,13 +200,13 @@ pg_krb5_init(void) return STATUS_ERROR; } - retval = krb5_kt_resolve(pg_krb5_context, PG_KRB_SRVTAB, &pg_krb5_keytab); + retval = krb5_kt_resolve(pg_krb5_context, pg_krb_server_keyfile, &pg_krb5_keytab); if (retval) { snprintf(PQerrormsg, PQERRORMSG_LENGTH, "pg_krb5_init: krb5_kt_resolve returned" " Kerberos error %d\n", retval); com_err("postgres", retval, "while resolving keytab file %s", - PG_KRB_SRVTAB); + pg_krb_server_keyfile); krb5_free_context(pg_krb5_context); return STATUS_ERROR; } @@ -216,7 +219,7 @@ pg_krb5_init(void) " Kerberos error %d\n", retval); com_err("postgres", retval, "while getting server principal for service %s", - PG_KRB_SRVTAB); + pg_krb_server_keyfile); krb5_kt_close(pg_krb5_context, pg_krb5_keytab); krb5_free_context(pg_krb5_context); return STATUS_ERROR; diff --git a/src/backend/utils/misc/Makefile b/src/backend/utils/misc/Makefile index 9c97e4a08a5..d5f5843a738 100644 --- a/src/backend/utils/misc/Makefile +++ b/src/backend/utils/misc/Makefile @@ -1,18 +1,18 @@ -#------------------------------------------------------------------------- -# -# Makefile-- -# Makefile for utils/misc -# -# IDENTIFICATION -# $Header: /cvsroot/pgsql/src/backend/utils/misc/Makefile,v 1.16 2000/06/04 01:44:34 petere Exp $ -# -#------------------------------------------------------------------------- - -SRCDIR = ../../.. -include $(SRCDIR)/Makefile.global +# $Header: /cvsroot/pgsql/src/backend/utils/misc/Makefile,v 1.17 2000/08/25 10:00:31 petere Exp $ + +subdir = src/backend/utils/misc +top_builddir = ../../../.. +include $(top_builddir)/src/Makefile.global OBJS = database.o superuser.o guc.o guc-file.o ps_status.o +# This location might depend on the installation directories. Therefore +# we can't subsitute it into config.h. +ifdef krb_srvtab +CPPFLAGS += -DPG_KRB_SRVTAB='"$(krb_srvtab)"' +endif + + all: SUBSYS.o SUBSYS.o: $(OBJS) diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 69360cc80af..485a15ff356 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -4,7 +4,7 @@ * Support for grand unified configuration scheme, including SET * command, configuration file, and command line options. * - * $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.8 2000/08/11 18:31:10 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.9 2000/08/25 10:00:31 petere Exp $ * * Copyright 2000 by PostgreSQL Global Development Group * Written by Peter Eisentraut <peter_e@gmx.net>. @@ -21,6 +21,7 @@ #include "utils/guc.h" #include "commands/async.h" +#include "libpq/auth.h" #include "miscadmin.h" #include "optimizer/cost.h" #include "optimizer/geqo.h" @@ -54,6 +55,11 @@ bool Show_btree_build_stats = false; bool SQL_inheritance = true; +#ifndef PG_KRB_SRVTAB +# define PG_KRB_SRVTAB "" +#endif + + enum config_type { @@ -113,7 +119,7 @@ struct config_string { const char *name; GucContext context; - char *variable; + char **variable; const char *default_val; bool (*parse_hook)(const char *); }; @@ -273,7 +279,8 @@ ConfigureNamesReal[] = static struct config_string ConfigureNamesString[] = { - /* none so far */ + {"krb_server_keyfile", PGC_USERSET, &pg_krb_server_keyfile, + PG_KRB_SRVTAB, NULL}, {NULL, 0, NULL, NULL, NULL} }; @@ -323,7 +330,7 @@ find_option(const char * name, struct config_generic ** record) { if (record) *record = (struct config_generic *)&ConfigureNamesString[i]; - return PGC_REAL; + return PGC_STRING; } return PGC_NONE; @@ -349,7 +356,7 @@ ResetAllOptions(void) for (i = 0; ConfigureNamesReal[i].name; i++) *(ConfigureNamesReal[i].variable) = ConfigureNamesReal[i].default_val; - for (i = 0; ConfigureNamesString[i].name; i++) + for (i = 0; ConfigureNamesString[i].name; i++) { char * str = NULL; @@ -359,7 +366,7 @@ ResetAllOptions(void) if (str == NULL) elog(ERROR, "out of memory"); } - ConfigureNamesString[i].variable = str; + *(ConfigureNamesString[i].variable) = str; } if (getenv("PGPORT")) @@ -650,8 +657,8 @@ set_config_option(const char * name, const char * value, GucContext elog(elevel, "out of memory"); return false; } - free(conf->variable); - conf->variable = str; + free(*conf->variable); + *conf->variable = str; } } else if (DoIt) @@ -664,8 +671,8 @@ set_config_option(const char * name, const char * value, GucContext elog(elevel, "out of memory"); return false; } - free(conf->variable); - conf->variable = str; + free(*conf->variable); + *conf->variable = str; } break; } @@ -725,7 +732,7 @@ GetConfigOption(const char * name) return buffer; case PGC_STRING: - return ((struct config_string *)record)->variable; + return *((struct config_string *)record)->variable; default: ; diff --git a/src/include/libpq/auth.h b/src/include/libpq/auth.h index e2de6973bfb..8a8f39fa78f 100644 --- a/src/include/libpq/auth.h +++ b/src/include/libpq/auth.h @@ -7,7 +7,7 @@ * Portions Copyright (c) 1996-2000, PostgreSQL, Inc * Portions Copyright (c) 1994, Regents of the University of California * - * $Id: auth.h,v 1.13 2000/01/26 05:58:11 momjian Exp $ + * $Id: auth.h,v 1.14 2000/08/25 10:00:33 petere Exp $ * *------------------------------------------------------------------------- */ @@ -26,4 +26,6 @@ void be_recvauth(Port *port); #define PG_KRB4_VERSION "PGVER4.1" /* at most KRB_SENDAUTH_VLEN chars */ #define PG_KRB5_VERSION "PGVER5.1" +extern char * pg_krb_server_keyfile; + #endif /* AUTH_H */ diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index e0f1bd75332..8af4c193ae1 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -10,7 +10,7 @@ * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes). * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.43 2000/06/17 00:10:09 petere Exp $ + * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.44 2000/08/25 10:00:35 petere Exp $ * *------------------------------------------------------------------------- */ @@ -565,41 +565,37 @@ fe_getauthname(char *PQerrormsg) MsgType authsvc; authsvc = fe_getauthsvc(PQerrormsg); - switch ((int) authsvc) - { + #ifdef KRB4 - case STARTUP_KRB4_MSG: - name = pg_krb4_authname(PQerrormsg); - break; + if (authsvc == STARTUP_KRB4_MSG) + name = pg_krb4_authname(PQerrormsg); #endif #ifdef KRB5 - case STARTUP_KRB5_MSG: - name = pg_krb5_authname(PQerrormsg); - break; + if (authsvc == STARTUP_KRB5_MSG) + name = pg_krb5_authname(PQerrormsg); #endif - case STARTUP_MSG: - { + + if (authsvc == STARTUP_MSG + || (authsvc == STARTUP_KRB4_MSG && !name) + || (authsvc == STARTUP_KRB5_MSG && !name)) + { #ifdef WIN32 - char username[128]; - DWORD namesize = sizeof(username) - 1; + char username[128]; + DWORD namesize = sizeof(username) - 1; - if (GetUserName(username, &namesize)) - name = username; + if (GetUserName(username, &namesize)) + name = username; #else - struct passwd *pw = getpwuid(geteuid()); + struct passwd *pw = getpwuid(geteuid()); - if (pw) - name = pw->pw_name; + if (pw) + name = pw->pw_name; #endif - } - break; - default: - (void) sprintf(PQerrormsg, - "fe_getauthname: invalid authentication system: %d\n", - authsvc); - break; } + if (authsvc != STARTUP_MSG && authsvc != STARTUP_KRB4_MSG && authsvc != STARTUP_KRB5_MSG) + sprintf(PQerrormsg,"fe_getauthname: invalid authentication system: %d\n", authsvc); + if (name && (authn = (char *) malloc(strlen(name) + 1))) strcpy(authn, name); return authn; |