aboutsummaryrefslogtreecommitdiff
path: root/src/backend/libpq/auth.c
diff options
context:
space:
mode:
authorStephen Frost <sfrost@snowman.net>2023-04-08 07:21:35 -0400
committerStephen Frost <sfrost@snowman.net>2023-04-08 07:21:35 -0400
commit3d03b24c350ab060bb223623bdff38835bd7afd0 (patch)
tree26137687e4b234c47de0140295baaed9928cc968 /src/backend/libpq/auth.c
parentdb4f21e4a34b1d5a3f7123e28e77f575d1a971ea (diff)
downloadpostgresql-3d03b24c350ab060bb223623bdff38835bd7afd0.tar.gz
postgresql-3d03b24c350ab060bb223623bdff38835bd7afd0.zip
Revert "Add support for Kerberos credential delegation"
This reverts commit 3d4fa227bce4294ce1cc214b4a9d3b7caa3f0454. Per discussion and buildfarm, this depends on APIs that seem to not be available on at least one platform (NetBSD). Should be certainly possible to rework to be optional on that platform if necessary but bit late for that at this point. Discussion: https://postgr.es/m/3286097.1680922218@sss.pgh.pa.us
Diffstat (limited to 'src/backend/libpq/auth.c')
-rw-r--r--src/backend/libpq/auth.c13
1 files changed, 1 insertions, 12 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 00ec9da284b..bc0cf26b122 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -165,7 +165,6 @@ static int CheckCertAuth(Port *port);
*/
char *pg_krb_server_keyfile;
bool pg_krb_caseins_users;
-bool pg_gss_accept_deleg;
/*----------------------------------------------------------------
@@ -919,7 +918,6 @@ pg_GSS_recvauth(Port *port)
int mtype;
StringInfoData buf;
gss_buffer_desc gbuf;
- gss_cred_id_t delegated_creds;
/*
* Use the configured keytab, if there is one. Unfortunately, Heimdal
@@ -949,9 +947,6 @@ pg_GSS_recvauth(Port *port)
*/
port->gss->ctx = GSS_C_NO_CONTEXT;
- delegated_creds = GSS_C_NO_CREDENTIAL;
- port->gss->delegated_creds = false;
-
/*
* Loop through GSSAPI message exchange. This exchange can consist of
* multiple messages sent in both directions. First message is always from
@@ -1002,7 +997,7 @@ pg_GSS_recvauth(Port *port)
&port->gss->outbuf,
&gflags,
NULL,
- pg_gss_accept_deleg ? &delegated_creds : NULL);
+ NULL);
/* gbuf no longer used */
pfree(buf.data);
@@ -1014,12 +1009,6 @@ pg_GSS_recvauth(Port *port)
CHECK_FOR_INTERRUPTS();
- if (delegated_creds != GSS_C_NO_CREDENTIAL && gflags & GSS_C_DELEG_FLAG)
- {
- pg_store_delegated_credential(delegated_creds);
- port->gss->delegated_creds = true;
- }
-
if (port->gss->outbuf.length != 0)
{
/*
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-19 20:04:20 +0000