diff options
| author | Stephen Frost <sfrost@snowman.net> | 2023-04-08 07:21:35 -0400 |
|---|---|---|
| committer | Stephen Frost <sfrost@snowman.net> | 2023-04-08 07:21:35 -0400 |
| commit | 3d03b24c350ab060bb223623bdff38835bd7afd0 (patch) | |
| tree | 26137687e4b234c47de0140295baaed9928cc968 /src/backend/libpq/be-secure-gssapi.c | |
| parent | db4f21e4a34b1d5a3f7123e28e77f575d1a971ea (diff) | |
| download | postgresql-3d03b24c350ab060bb223623bdff38835bd7afd0.tar.gz postgresql-3d03b24c350ab060bb223623bdff38835bd7afd0.zip | |
Revert "Add support for Kerberos credential delegation"
This reverts commit 3d4fa227bce4294ce1cc214b4a9d3b7caa3f0454.
Per discussion and buildfarm, this depends on APIs that seem to not
be available on at least one platform (NetBSD). Should be certainly
possible to rework to be optional on that platform if necessary but bit
late for that at this point.
Discussion: https://postgr.es/m/3286097.1680922218@sss.pgh.pa.us
Diffstat (limited to 'src/backend/libpq/be-secure-gssapi.c')
| -rw-r--r-- | src/backend/libpq/be-secure-gssapi.c | 26 |
1 files changed, 1 insertions, 25 deletions
diff --git a/src/backend/libpq/be-secure-gssapi.c b/src/backend/libpq/be-secure-gssapi.c index 73f8ce85549..3b55f431999 100644 --- a/src/backend/libpq/be-secure-gssapi.c +++ b/src/backend/libpq/be-secure-gssapi.c @@ -497,7 +497,6 @@ secure_open_gssapi(Port *port) bool complete_next = false; OM_uint32 major, minor; - gss_cred_id_t delegated_creds; /* * Allocate subsidiary Port data for GSSAPI operations. @@ -505,9 +504,6 @@ secure_open_gssapi(Port *port) port->gss = (pg_gssinfo *) MemoryContextAllocZero(TopMemoryContext, sizeof(pg_gssinfo)); - delegated_creds = GSS_C_NO_CREDENTIAL; - port->gss->delegated_creds = false; - /* * Allocate buffers and initialize state variables. By malloc'ing the * buffers at this point, we avoid wasting static data space in processes @@ -592,8 +588,7 @@ secure_open_gssapi(Port *port) GSS_C_NO_CREDENTIAL, &input, GSS_C_NO_CHANNEL_BINDINGS, &port->gss->name, NULL, &output, NULL, - NULL, pg_gss_accept_deleg ? &delegated_creds : NULL); - + NULL, NULL); if (GSS_ERROR(major)) { pg_GSS_error(_("could not accept GSSAPI security context"), @@ -610,12 +605,6 @@ secure_open_gssapi(Port *port) complete_next = true; } - if (delegated_creds != GSS_C_NO_CREDENTIAL) - { - pg_store_delegated_credential(delegated_creds); - port->gss->delegated_creds = true; - } - /* Done handling the incoming packet, reset our buffer */ PqGSSRecvLength = 0; @@ -742,16 +731,3 @@ be_gssapi_get_princ(Port *port) return port->gss->princ; } - -/* - * Return if GSSAPI delegated credentials were included on this - * connection. - */ -bool -be_gssapi_get_deleg(Port *port) -{ - if (!port || !port->gss) - return NULL; - - return port->gss->delegated_creds; -} |