From: Tom Lane Date: Fri, 20 Dec 2019 20:34:08 +0000 (-0500) Subject: libpq should expose GSS-related parameters even when not implemented. X-Git-Tag: REL9_4_26~35 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=875c7d70def61a725ed94d25859a7d806dd6e747;p=thirdparty%2Fpostgresql.git libpq should expose GSS-related parameters even when not implemented. We realized years ago that it's better for libpq to accept all connection parameters syntactically, even if some are ignored or restricted due to lack of the feature in a particular build. However, that lesson from the SSL support was for some reason never applied to the GSSAPI support. This is causing various buildfarm members to have problems with a test case added by commit 6136e94dc, and it's just a bad idea from a user-experience standpoint anyway, so fix it. While at it, fix some places where parameter-related infrastructure was added with the aid of a dartboard, or perhaps with the aid of the anti-pattern "add new stuff at the end". It should be safe to rearrange the contents of struct pg_conn even in released branches, since that's private to libpq (and we'd have to move some fields in some builds to fix this, anyway). Back-patch to all supported branches. Discussion: https://postgr.es/m/11297.1576868677@sss.pgh.pa.us --- diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index c87a33d5da7..7f5b26347fb 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -75,8 +75,8 @@ ALTER FOREIGN TABLE ft2 DROP COLUMN cx; -- =================================================================== -- tests for validator -- =================================================================== --- requiressl, krbsrvname and gsslib are omitted because they depend on --- configure options +-- requiressl and some other parameters are omitted because +-- valid values for them depend on configure options ALTER SERVER testserver1 OPTIONS ( use_remote_estimate 'false', updatable 'true', @@ -100,10 +100,10 @@ ALTER SERVER testserver1 OPTIONS ( sslcert 'value', sslkey 'value', sslrootcert 'value', - sslcrl 'value' + sslcrl 'value', --requirepeer 'value', - -- krbsrvname 'value', - -- gsslib 'value', + krbsrvname 'value', + gsslib 'value' --replication 'value' ); ALTER USER MAPPING FOR public SERVER testserver1 diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index b93b9d27e40..6c7d9fb507d 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -84,8 +84,8 @@ ALTER FOREIGN TABLE ft2 DROP COLUMN cx; -- =================================================================== -- tests for validator -- =================================================================== --- requiressl, krbsrvname and gsslib are omitted because they depend on --- configure options +-- requiressl and some other parameters are omitted because +-- valid values for them depend on configure options ALTER SERVER testserver1 OPTIONS ( use_remote_estimate 'false', updatable 'true', @@ -109,10 +109,10 @@ ALTER SERVER testserver1 OPTIONS ( sslcert 'value', sslkey 'value', sslrootcert 'value', - sslcrl 'value' + sslcrl 'value', --requirepeer 'value', - -- krbsrvname 'value', - -- gsslib 'value', + krbsrvname 'value', + gsslib 'value' --replication 'value' ); ALTER USER MAPPING FOR public SERVER testserver1 diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index fbf916f3386..de444d9e47c 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1363,8 +1363,10 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname gsslib - GSS library to use for GSSAPI authentication. Only used on Windows. - Set to gssapi to force libpq to use the GSSAPI + GSS library to use for GSSAPI authentication. + Currently this is disregarded except on Windows builds that include + both GSSAPI and SSPI support. In that case, set + this to gssapi to cause libpq to use the GSSAPI library for authentication instead of the default SSPI. diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 79f01836264..27cadd0bc23 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -297,23 +297,19 @@ static const internalPQconninfoOption PQconninfoOptions[] = { "Require-Peer", "", 10, offsetof(struct pg_conn, requirepeer)}, -#if defined(ENABLE_GSS) || defined(ENABLE_SSPI) + /* + * As with SSL, all GSS options are exposed even in builds that don't have + * support. + */ + /* Kerberos and GSSAPI authentication support specifying the service name */ {"krbsrvname", "PGKRBSRVNAME", PG_KRB_SRVNAM, NULL, "Kerberos-service-name", "", 20, offsetof(struct pg_conn, krbsrvname)}, -#endif - -#if defined(ENABLE_GSS) && defined(ENABLE_SSPI) - /* - * GSSAPI and SSPI both enabled, give a way to override which is used by - * default - */ {"gsslib", "PGGSSLIB", NULL, NULL, "GSS-library", "", 7, /* sizeof("gssapi") = 7 */ offsetof(struct pg_conn, gsslib)}, -#endif {"replication", NULL, NULL, NULL, "Replication", "D", 5, @@ -3063,14 +3059,10 @@ freePGconn(PGconn *conn) free(conn->sslcompression); if (conn->requirepeer) free(conn->requirepeer); -#if defined(ENABLE_GSS) || defined(ENABLE_SSPI) if (conn->krbsrvname) free(conn->krbsrvname); -#endif -#if defined(ENABLE_GSS) && defined(ENABLE_SSPI) if (conn->gsslib) free(conn->gsslib); -#endif /* Note that conn->Pfdebug is not ours to close or free */ if (conn->last_query) free(conn->last_query); diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h index 35e4e6c348d..8516c4183aa 100644 --- a/src/interfaces/libpq/libpq-int.h +++ b/src/interfaces/libpq/libpq-int.h @@ -330,10 +330,9 @@ struct pg_conn char *sslrootcert; /* root certificate filename */ char *sslcrl; /* certificate revocation list filename */ char *requirepeer; /* required peer credentials for local sockets */ - -#if defined(ENABLE_GSS) || defined(ENABLE_SSPI) char *krbsrvname; /* Kerberos service name */ -#endif + char *gsslib; /* What GSS library to use ("gssapi" or + * "sspi") */ /* Optional file to write trace info to */ FILE *Pfdebug; @@ -449,9 +448,6 @@ struct pg_conn #ifdef ENABLE_SSPI #ifndef ENABLE_GSS gss_buffer_desc ginbuf; /* GSS input token */ -#else - char *gsslib; /* What GSS librart to use ("gssapi" or - * "sspi") */ #endif CredHandle *sspicred; /* SSPI credentials handle */ CtxtHandle *sspictx; /* SSPI context */