diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2019-12-20 15:34:08 -0500 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2019-12-20 15:34:08 -0500 |
| commit | c11bd6c10fe56b627a5ecb3263bbbcde60a06091 (patch) | |
| tree | 20ce928a53ab5562a0eca1c67a2e1000f63a2bbf /src | |
| parent | 275a8ac4f75ccfa73e0baa7c71ad59f4fe89367c (diff) | |
libpq should expose GSS-related parameters even when not implemented.
We realized years ago that it's better for libpq to accept all
connection parameters syntactically, even if some are ignored or
restricted due to lack of the feature in a particular build.
However, that lesson from the SSL support was for some reason never
applied to the GSSAPI support. This is causing various buildfarm
members to have problems with a test case added by commit 6136e94dc,
and it's just a bad idea from a user-experience standpoint anyway,
so fix it.
While at it, fix some places where parameter-related infrastructure
was added with the aid of a dartboard, or perhaps with the aid of
the anti-pattern "add new stuff at the end". It should be safe
to rearrange the contents of struct pg_conn even in released
branches, since that's private to libpq (and we'd have to move
some fields in some builds to fix this, anyway).
Back-patch to all supported branches.
Discussion: https://postgr.es/m/11297.1576868677@sss.pgh.pa.us
Diffstat (limited to 'src')
| -rw-r--r-- | src/interfaces/libpq/fe-connect.c | 18 | ||||
| -rw-r--r-- | src/interfaces/libpq/libpq-int.h | 8 |
2 files changed, 7 insertions, 19 deletions
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index eb7a2184d64..9ad03f33be1 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -297,23 +297,19 @@ static const internalPQconninfoOption PQconninfoOptions[] = { "Require-Peer", "", 10, offsetof(struct pg_conn, requirepeer)}, -#if defined(ENABLE_GSS) || defined(ENABLE_SSPI) + /* + * As with SSL, all GSS options are exposed even in builds that don't have + * support. + */ + /* Kerberos and GSSAPI authentication support specifying the service name */ {"krbsrvname", "PGKRBSRVNAME", PG_KRB_SRVNAM, NULL, "Kerberos-service-name", "", 20, offsetof(struct pg_conn, krbsrvname)}, -#endif - -#if defined(ENABLE_GSS) && defined(ENABLE_SSPI) - /* - * GSSAPI and SSPI both enabled, give a way to override which is used by - * default - */ {"gsslib", "PGGSSLIB", NULL, NULL, "GSS-library", "", 7, /* sizeof("gssapi") = 7 */ offsetof(struct pg_conn, gsslib)}, -#endif {"replication", NULL, NULL, NULL, "Replication", "D", 5, @@ -3064,14 +3060,10 @@ freePGconn(PGconn *conn) free(conn->sslcompression); if (conn->requirepeer) free(conn->requirepeer); -#if defined(ENABLE_GSS) || defined(ENABLE_SSPI) if (conn->krbsrvname) free(conn->krbsrvname); -#endif -#if defined(ENABLE_GSS) && defined(ENABLE_SSPI) if (conn->gsslib) free(conn->gsslib); -#endif /* Note that conn->Pfdebug is not ours to close or free */ if (conn->last_query) free(conn->last_query); diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h index e7878a87816..aa04bf0a4dd 100644 --- a/src/interfaces/libpq/libpq-int.h +++ b/src/interfaces/libpq/libpq-int.h @@ -330,10 +330,9 @@ struct pg_conn char *sslrootcert; /* root certificate filename */ char *sslcrl; /* certificate revocation list filename */ char *requirepeer; /* required peer credentials for local sockets */ - -#if defined(ENABLE_GSS) || defined(ENABLE_SSPI) char *krbsrvname; /* Kerberos service name */ -#endif + char *gsslib; /* What GSS library to use ("gssapi" or + * "sspi") */ /* Optional file to write trace info to */ FILE *Pfdebug; @@ -453,9 +452,6 @@ struct pg_conn #ifdef ENABLE_SSPI #ifndef ENABLE_GSS gss_buffer_desc ginbuf; /* GSS input token */ -#else - char *gsslib; /* What GSS librart to use ("gssapi" or - * "sspi") */ #endif CredHandle *sspicred; /* SSPI credentials handle */ CtxtHandle *sspictx; /* SSPI context */ |