diff options
| -rwxr-xr-x | configure | 2 | ||||
| -rw-r--r-- | configure.in | 6 | ||||
| -rw-r--r-- | doc/src/sgml/client-auth.sgml | 43 | ||||
| -rw-r--r-- | doc/src/sgml/installation.sgml | 6 | ||||
| -rw-r--r-- | doc/src/sgml/libpq.sgml | 23 | ||||
| -rw-r--r-- | doc/src/sgml/runtime.sgml | 32 | ||||
| -rw-r--r-- | src/backend/libpq/auth.c | 20 | ||||
| -rw-r--r-- | src/backend/utils/misc/guc.c | 23 | ||||
| -rw-r--r-- | src/backend/utils/misc/postgresql.conf.sample | 5 | ||||
| -rw-r--r-- | src/include/libpq/auth.h | 4 | ||||
| -rw-r--r-- | src/include/pg_config.h.in | 8 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-auth.c | 26 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-connect.c | 16 | ||||
| -rw-r--r-- | src/interfaces/libpq/libpq-int.h | 5 |
14 files changed, 167 insertions, 52 deletions
diff --git a/configure b/configure index 232015a862f..3d33f8c796e 100755 --- a/configure +++ b/configure @@ -869,7 +869,7 @@ Optional Packages: --with-python build Python modules (PL/Python) --with-krb4 build with Kerberos 4 support --with-krb5 build with Kerberos 5 support - --with-krb-srvnam=NAME name of the service principal in Kerberos [postgres] + --with-krb-srvnam=NAME name of the default service principal in Kerberos [postgres] --with-pam build with PAM support --with-bonjour build with Bonjour support --with-openssl build with OpenSSL support diff --git a/configure.in b/configure.in index 7338bb8fabb..2494a706de0 100644 --- a/configure.in +++ b/configure.in @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -dnl $PostgreSQL: pgsql/configure.in,v 1.411 2005/05/15 00:26:18 momjian Exp $ +dnl $PostgreSQL: pgsql/configure.in,v 1.412 2005/06/04 20:42:41 momjian Exp $ dnl dnl Developers, please strive to achieve this order: dnl @@ -447,11 +447,11 @@ AC_SUBST(krb_srvtab) # Kerberos configuration parameters # PGAC_ARG_REQ(with, krb-srvnam, - [ --with-krb-srvnam=NAME name of the service principal in Kerberos [[postgres]]], + [ --with-krb-srvnam=NAME name of the default service principal in Kerberos [[postgres]]], [], [with_krb_srvnam="postgres"]) AC_DEFINE_UNQUOTED([PG_KRB_SRVNAM], ["$with_krb_srvnam"], - [Define to the name of the PostgreSQL service principal in Kerberos. (--with-krb-srvnam=NAME)]) + [Define to the name of the default PostgreSQL service principal in Kerberos. (--with-krb-srvnam=NAME)]) # diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index 875c170a048..8439174b028 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1,5 +1,5 @@ <!-- -$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.79 2005/04/27 20:11:07 momjian Exp $ +$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.80 2005/06/04 20:42:41 momjian Exp $ --> <chapter id="client-authentication"> @@ -617,7 +617,7 @@ local db1,db2,@demodbs all md5 quite complex (yet powerful). The <ulink url="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html"> Kerberos <acronym>FAQ</></ulink> or - <ulink url="ftp://athena-dist.mit.edu">MIT Project Athena</ulink> + <ulink url="http://web.mit.edu/kerberos/www/">MIT Kerberos page</ulink> can be a good starting point for exploration. Several sources for <productname>Kerberos</> distributions exist. </para> @@ -626,23 +626,29 @@ local db1,db2,@demodbs all md5 While <productname>PostgreSQL</> supports both Kerberos 4 and Kerberos 5, only Kerberos 5 is recommended. Kerberos 4 is considered insecure and no longer recommended for general - use. - </para> - - <para> - In order to use <productname>Kerberos</>, support for it must be - enabled at build time. See <xref linkend="installation"> for more - information. Both Kerberos 4 and 5 are supported, but only one - version can be supported in any one build. + use. Only one version of Kerberos can be supported in any one + build, and support must be enabled at build time. See + <xref linkend="installation"> for more information. </para> <para> <productname>PostgreSQL</> operates like a normal Kerberos service. The name of the service principal is - <literal><replaceable>servicename</>/<replaceable>hostname</>@<replaceable>realm</></literal>, where - <replaceable>servicename</> is <literal>postgres</literal> (unless a - different service name was selected at configure time with - <literal>./configure --with-krb-srvnam=whatever</>). + <literal><replaceable>servicename</>/<replaceable>hostname</>@<replaceable>realm</></literal>. + </para> + <para> + <replaceable>servicename</> can be set on the server side using the + <xref linkend="guc-krb-srvname"> configuration parameter, and on the + client side using the krbsrvname connection parameter. (See also <xref linkend="libpq-connect">.). The installation default can be changed from the default + <literal>postgres</literal> at build time using + <literal>./configure --with-krb-srvnam=whatever</>). In most environments, + this parameter never needs to be changed. However, to support multiple + <productname>PostgreSQL</> installations on the same host it is necessary. + Some Kerberos implementations may also require a different service name, + such as Microsoft Active Directory which requires the service name + to be in uppercase (<literal>POSTGRES</literal>). + </para> + <para> <replaceable>hostname</> is the fully qualified host name of the server machine. The service principal's realm is the preferred realm of the server machine. @@ -658,12 +664,12 @@ local db1,db2,@demodbs all md5 </para> <para> - Make sure that your server key file is readable (and preferably + Make sure that your server keytab file is readable (and preferably only readable) by the <productname>PostgreSQL</productname> server account. (See also <xref linkend="postgres-user">.) The location of the key file is specified by the <xref linkend="guc-krb-server-keyfile"> configuration - parameter. (See also <xref linkend="runtime-config">.) The default + parameter. The default is <filename>/etc/srvtab</> if you are using Kerberos 4 and <filename>/usr/local/pgsql/etc/krb5.keytab</> (or whichever directory was specified as <varname>sysconfdir</> at build time) @@ -671,12 +677,13 @@ local db1,db2,@demodbs all md5 </para> <para> - To generate the keytab file, use for example (with version 5) + The keytab file is generated in the Kerberos system, see the + Kerberos documentation for details. The following example is + for MIT-compatible Kerberos 5 implementations: <screen> <prompt>kadmin% </><userinput>ank -randkey postgres/server.my.domain.org</> <prompt>kadmin% </><userinput>ktadd -k krb5.keytab postgres/server.my.domain.org</> </screen> - Read the <productname>Kerberos</> documentation for details. </para> <para> diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml index cf27e37f3b2..b772a23e583 100644 --- a/doc/src/sgml/installation.sgml +++ b/doc/src/sgml/installation.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/installation.sgml,v 1.233 2005/05/15 00:26:18 momjian Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/installation.sgml,v 1.234 2005/06/04 20:42:41 momjian Exp $ --> <chapter id="installation"> <title><![%standalone-include[<productname>PostgreSQL</>]]> @@ -816,8 +816,8 @@ su - postgres <term><option>--with-krb-srvnam=<replaceable>NAME</></option></term> <listitem> <para> - The name of the Kerberos service principal. - <literal>postgres</literal> is the default. There's probably no + The default name of the Kerberos service principal. + <literal>postgres</literal> is the default. There's usually no reason to change this. </para> </listitem> diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index a81dc9defcb..8430a124298 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1,5 +1,5 @@ <!-- -$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.181 2005/05/30 19:32:44 momjian Exp $ +$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.182 2005/06/04 20:42:41 momjian Exp $ --> <chapter id="libpq"> @@ -280,6 +280,18 @@ PGconn *PQconnectdb(const char *conninfo); </varlistentry> <varlistentry> + <term><literal>krbsrvname</literal></term> + <listitem> + <para> + Kerberos service name to use when authenticating with Kerberos 4 or 5. + This must match the service name specified in the server + configuration for Kerberos authentication to succeed. (See also + <xref linkend="kerberos-auth">.) + </para> + </listitem> + </varlistentry> + + <varlistentry> <term><literal>service</literal></term> <listitem> <para> @@ -3771,6 +3783,15 @@ setting, and is only available if <listitem> <para> <indexterm> + <primary><envar>PGKRBSRVNAME</envar></primary> +</indexterm> +<envar>PGKRBSRVNAME</envar> sets the Kerberos service name to use when +authenticating with Kerberos 4 or 5. +</para> +</listitem> +<listitem> +<para> +<indexterm> <primary><envar>PGCONNECT_TIMEOUT</envar></primary> </indexterm> <envar>PGCONNECT_TIMEOUT</envar> sets the maximum number of seconds diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index d5c76830baa..e1ffd22c5a8 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -1,5 +1,5 @@ <!-- -$PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.321 2005/05/25 02:56:15 neilc Exp $ +$PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.322 2005/06/04 20:42:41 momjian Exp $ --> <chapter Id="runtime"> @@ -955,11 +955,39 @@ SET ENABLE_SEQSCAN TO OFF; <listitem> <para> Sets the location of the Kerberos server key file. See - <xref linkend="kerberos-auth"> for details. + <xref linkend="kerberos-auth"> for details. This parameter + can only be set at server start. </para> </listitem> </varlistentry> + <varlistentry id="guc-krb-srvname" xreflabel="krb_srvname"> + <term><varname>krb_srvname</varname> (<type>string</type>)</term> + <indexterm> + <primary><varname>krb_srvname</> configuration parameter</primary> + </indexterm> + <listitem> + <para> + Sets the Kerberos service name. See <xref linkend="kerberos-auth"> + for details. This parameter can only be set at server start. + </para> + </listitem> + </varlistentry> + + <varlistentry id="guc-krb-caseins-users" xreflabel="krb_caseins_users"> + <term><varname>krb_caseins_users</varname> (<type>boolean</type>)</term> + <indexterm> + <primary><varname>krb_caseins_users</varname> configuration parameter</primary> + </indexterm> + <listitem> + <para> + Sets if Kerberos usernames should be treated case-insensitive. + The default is off (case sensitive). This parameter can only be + set at server start. + </para> + </listitem> + </varlistentry> + <varlistentry id="guc-db-user-namespace" xreflabel="db_user_namespace"> <term><varname>db_user_namespace</varname> (<type>boolean</type>)</term> <indexterm> diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index b941ccd5030..7970f817561 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.123 2005/02/22 04:35:57 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.124 2005/06/04 20:42:42 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -41,6 +41,8 @@ static char *recv_password_packet(Port *port); static int recv_and_check_password_packet(Port *port); char *pg_krb_server_keyfile; +char *pg_krb_srvnam; +bool pg_krb_caseins_users; #ifdef USE_PAM #ifdef HAVE_PAM_PAM_APPL_H @@ -99,7 +101,7 @@ pg_krb4_recvauth(Port *port) status = krb_recvauth(krbopts, port->sock, &clttkt, - PG_KRB_SRVNAM, + pg_krb_srvnam, instance, &port->raddr.in, &port->laddr.in, @@ -219,16 +221,16 @@ pg_krb5_init(void) return STATUS_ERROR; } - retval = krb5_sname_to_principal(pg_krb5_context, NULL, PG_KRB_SRVNAM, + retval = krb5_sname_to_principal(pg_krb5_context, NULL, pg_krb_srvnam, KRB5_NT_SRV_HST, &pg_krb5_server); if (retval) { ereport(LOG, (errmsg("Kerberos sname_to_principal(\"%s\") returned error %d", - PG_KRB_SRVNAM, retval))); + pg_krb_srvnam, retval))); com_err("postgres", retval, "while getting server principal for service \"%s\"", - PG_KRB_SRVNAM); + pg_krb_srvnam); krb5_kt_close(pg_krb5_context, pg_krb5_keytab); krb5_free_context(pg_krb5_context); return STATUS_ERROR; @@ -264,7 +266,7 @@ pg_krb5_recvauth(Port *port) return ret; retval = krb5_recvauth(pg_krb5_context, &auth_context, - (krb5_pointer) & port->sock, PG_KRB_SRVNAM, + (krb5_pointer) & port->sock, "postgres", pg_krb5_server, 0, pg_krb5_keytab, &ticket); if (retval) { @@ -303,7 +305,11 @@ pg_krb5_recvauth(Port *port) } kusername = pg_an_to_ln(kusername); - if (strncmp(port->user_name, kusername, SM_DATABASE_USER)) + if (pg_krb_caseins_users) + ret = strncasecmp(port->user_name, kusername, SM_DATABASE_USER); + else + ret = strncmp(port->user_name, kusername, SM_DATABASE_USER); + if (ret) { ereport(LOG, (errmsg("unexpected Kerberos user name received from client (received \"%s\", expected \"%s\")", diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 7f89276b612..3d57509548f 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -10,7 +10,7 @@ * Written by Peter Eisentraut <peter_e@gmx.net>. * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.263 2005/05/27 18:33:30 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.264 2005/06/04 20:42:42 momjian Exp $ * *-------------------------------------------------------------------- */ @@ -63,6 +63,9 @@ #ifndef PG_KRB_SRVTAB #define PG_KRB_SRVTAB "" #endif +#ifndef PG_KRB_SRVNAM +#define PG_KRB_SRVNAM "" +#endif #define CONFIG_FILENAME "postgresql.conf" #define HBA_FILENAME "pg_hba.conf" @@ -860,6 +863,15 @@ static struct config_bool ConfigureNamesBool[] = #endif }, + { + {"krb_caseins_users", PGC_POSTMASTER, CONN_AUTH_SECURITY, + gettext_noop("Sets if Kerberos user names should be treated case insensitive."), + NULL + }, + &pg_krb_caseins_users, + false, NULL, NULL + }, + /* End-of-list marker */ { {NULL, 0, 0, NULL, NULL}, NULL, false, NULL, NULL @@ -1573,6 +1585,15 @@ static struct config_string ConfigureNamesString[] = }, { + {"krb_srvname", PGC_POSTMASTER, CONN_AUTH_SECURITY, + gettext_noop("Sets the name of the Kerberos service."), + NULL + }, + &pg_krb_srvnam, + PG_KRB_SRVNAM, NULL, NULL + }, + + { {"bonjour_name", PGC_POSTMASTER, CONN_AUTH_SETTINGS, gettext_noop("Sets the Bonjour broadcast service name."), NULL diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample index 0e88d4c5ed0..d54ae5fcfda 100644 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -64,8 +64,11 @@ #authentication_timeout = 60 # 1-600, in seconds #ssl = false #password_encryption = true -#krb_server_keyfile = '' #db_user_namespace = false +# Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = false +#krb_srvname = 'postgres' #--------------------------------------------------------------------------- diff --git a/src/include/libpq/auth.h b/src/include/libpq/auth.h index 3aef036078f..b8fd25eb64f 100644 --- a/src/include/libpq/auth.h +++ b/src/include/libpq/auth.h @@ -7,7 +7,7 @@ * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/include/libpq/auth.h,v 1.26 2004/12/31 22:03:32 pgsql Exp $ + * $PostgreSQL: pgsql/src/include/libpq/auth.h,v 1.27 2005/06/04 20:42:42 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -27,5 +27,7 @@ extern void ClientAuthentication(Port *port); #define PG_KRB5_VERSION "PGVER5.1" extern char *pg_krb_server_keyfile; +extern char *pg_krb_srvnam; +extern bool pg_krb_caseins_users; #endif /* AUTH_H */ diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in index 51a13907bb0..da29557e927 100644 --- a/src/include/pg_config.h.in +++ b/src/include/pg_config.h.in @@ -602,7 +602,7 @@ /* Define to the version of this package. */ #undef PACKAGE_VERSION -/* Define to the name of the PostgreSQL service principal in Kerberos. +/* Define to the name of the default PostgreSQL service principal in Kerberos. (--with-krb-srvnam=NAME) */ #undef PG_KRB_SRVNAM @@ -635,6 +635,9 @@ /* Define to 1 to build with assertion checks. (--enable-cassert) */ #undef USE_ASSERT_CHECKING +/* Define to 1 to build with Bonjour support. (--with-bonjour) */ +#undef USE_BONJOUR + /* Define to 1 if you want 64-bit integer timestamp and interval support. (--enable-integer-datetimes) */ #undef USE_INTEGER_DATETIMES @@ -645,9 +648,6 @@ /* Define to 1 to build with PAM support. (--with-pam) */ #undef USE_PAM -/* Define to 1 to build with Bonjour support. (--with-bonjour) */ -#undef USE_BONJOUR - /* Use replacement snprintf() functions. */ #undef USE_SNPRINTF diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index 0dda34401bb..6624df1ad0a 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -10,7 +10,7 @@ * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes). * * IDENTIFICATION - * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.100 2005/03/25 00:34:28 tgl Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.101 2005/06/04 20:42:43 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -196,7 +196,8 @@ static int pg_krb4_sendauth(char *PQerrormsg, int sock, struct sockaddr_in * laddr, struct sockaddr_in * raddr, - const char *hostname) + const char *hostname, + const char *servicename) { long krbopts = 0; /* one-way authentication */ KTEXT_ST clttkt; @@ -216,7 +217,7 @@ pg_krb4_sendauth(char *PQerrormsg, int sock, status = krb_sendauth(krbopts, sock, &clttkt, - PG_KRB_SRVNAM, + servicename, hostname, realm, (u_long) 0, @@ -260,6 +261,10 @@ pg_krb4_sendauth(char *PQerrormsg, int sock, * provide an aname mapping database...it may be a better idea to use * krb5_an_to_ln, except that it punts if multiple components are found, * and we can't afford to punt. + * + * For WIN32, convert username to lowercase because the Win32 kerberos library + * generates tickets with the username as the user entered it instead of as + * it is entered in the directory. */ static char * pg_an_to_ln(char *aname) @@ -268,6 +273,11 @@ pg_an_to_ln(char *aname) if ((p = strchr(aname, '/')) || (p = strchr(aname, '@'))) *p = '\0'; +#ifdef WIN32 + for (p = aname; *p ; p++) + *p = pg_tolower(*p); +#endif + return aname; } @@ -360,7 +370,7 @@ pg_krb5_authname(char *PQerrormsg) * the server */ static int -pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname) +pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *servicename) { krb5_error_code retval; int ret; @@ -379,7 +389,7 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname) if (ret != STATUS_OK) return ret; - retval = krb5_sname_to_principal(pg_krb5_context, hostname, PG_KRB_SRVNAM, + retval = krb5_sname_to_principal(pg_krb5_context, hostname, servicename, KRB5_NT_SRV_HST, &server); if (retval) { @@ -405,7 +415,7 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname) } retval = krb5_sendauth(pg_krb5_context, &auth_context, - (krb5_pointer) & sock, PG_KRB_SRVNAM, + (krb5_pointer) & sock, "postgres", pg_krb5_client, server, AP_OPTS_MUTUAL_REQUIRED, NULL, 0, /* no creds, use ccache instead */ @@ -602,7 +612,7 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname, if (pg_krb4_sendauth(PQerrormsg, conn->sock, (struct sockaddr_in *) & conn->laddr.addr, (struct sockaddr_in *) & conn->raddr.addr, - hostname) != STATUS_OK) + hostname, conn->krbsrvname) != STATUS_OK) { /* PQerrormsg already filled in */ pgunlock_thread(); @@ -620,7 +630,7 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname, #ifdef KRB5 pglock_thread(); if (pg_krb5_sendauth(PQerrormsg, conn->sock, - hostname) != STATUS_OK) + hostname, conn->krbsrvname) != STATUS_OK) { /* PQerrormsg already filled in */ pgunlock_thread(); diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 15bcf5f911b..05899450237 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.306 2005/05/05 16:40:42 momjian Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.307 2005/06/04 20:42:43 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -170,6 +170,12 @@ static const PQconninfoOption PQconninfoOptions[] = { {"sslmode", "PGSSLMODE", DefaultSSLMode, NULL, "SSL-Mode", "", 8}, /* sizeof("disable") == 8 */ +#if defined(KRB4) || defined(KRB5) + /* Kerberos authentication supports specifying the service name */ + {"krbsrvname", "PGKRBSRVNAME", PG_KRB_SRVNAM, NULL, + "Kerberos-service-name", "", 20}, +#endif + /* Terminating entry --- MUST BE LAST */ {NULL, NULL, NULL, NULL, NULL, NULL, 0} @@ -393,6 +399,10 @@ connectOptions1(PGconn *conn, const char *conninfo) conn->sslmode = strdup("require"); } #endif +#if defined(KRB4) || defined(KRB5) + tmp = conninfo_getval(connOptions, "krbsrvname"); + conn->krbsrvname = tmp ? strdup(tmp) : NULL; +#endif /* * Free the option info - all is in conn now @@ -2074,6 +2084,10 @@ freePGconn(PGconn *conn) free(conn->pgpass); if (conn->sslmode) free(conn->sslmode); +#if defined(KRB4) || defined(KRB5) + if (conn->krbsrvname) + free(conn->krbsrvname); +#endif /* Note that conn->Pfdebug is not ours to close or free */ notify = conn->notifyHead; while (notify != NULL) diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h index 9862e01bc91..e4692d5d5f6 100644 --- a/src/interfaces/libpq/libpq-int.h +++ b/src/interfaces/libpq/libpq-int.h @@ -12,7 +12,7 @@ * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.100 2005/01/06 00:59:47 tgl Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.101 2005/06/04 20:42:43 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -261,6 +261,9 @@ struct pg_conn char *pguser; /* Postgres username and password, if any */ char *pgpass; char *sslmode; /* SSL mode (require,prefer,allow,disable) */ +#if defined(KRB5) || defined(KRB4) + char *krbsrvname; /* Kerberos service name */ +#endif /* Optional file to write trace info to */ FILE *Pfdebug; |