projects / users / hanada / postgres.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7f242d8)
Use GSSAPI library for SSPI auth, when native SSPI is not available
authorMagnus Hagander <[email protected]>
Sat, 29 Jan 2011 16:06:55 +0000 (17:06 +0100)
committerMagnus Hagander <[email protected]>
Sat, 29 Jan 2011 16:06:55 +0000 (17:06 +0100)
This allows non-Windows clients to connect to a Windows
server with SSPI authentication.

Christian Ullrich, largely modified by me

src/interfaces/libpq/fe-auth.c patch | blob | blame | history

diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index 0d3cad0b004a99f3ca5e0536181c2a4933785fad..7d2ef51f17ae6c265ebe9fef5eee46a05adad3c5 100644 (file)
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -831,6 +831,10 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)
 
 #if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
        case AUTH_REQ_GSS:
+#if !defined(ENABLE_SSPI)
+           /* no native SSPI, so use GSSAPI library for it */
+       case AUTH_REQ_SSPI:
+#endif
            {
                int         r;
 
@@ -888,13 +892,14 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)
                pgunlock_thread();
            }
            break;
-#else
+#else /* defined(ENABLE_GSS) || defined(ENABLE_SSPI) */
+           /* No GSSAPI *or* SSPI support */
        case AUTH_REQ_GSS:
        case AUTH_REQ_GSS_CONT:
            printfPQExpBuffer(&conn->errorMessage,
                     libpq_gettext("GSSAPI authentication not supported\n"));
            return STATUS_ERROR;
-#endif
+#endif /* defined(ENABLE_GSS) || defined(ENABLE_SSPI) */
 
 #ifdef ENABLE_SSPI
        case AUTH_REQ_SSPI:
@@ -914,11 +919,19 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)
            pgunlock_thread();
            break;
 #else
+           /*
+            * No SSPI support. However, if we have GSSAPI but not SSPI
+            * support, AUTH_REQ_SSPI will have been handled in the codepath
+            * for AUTH_REQ_GSSAPI above, so don't duplicate the case label
+            * in that case.
+            */
+#if !defined(ENABLE_GSS)
        case AUTH_REQ_SSPI:
            printfPQExpBuffer(&conn->errorMessage,
                       libpq_gettext("SSPI authentication not supported\n"));
            return STATUS_ERROR;
-#endif
+#endif /* !define(ENABLE_GSSAPI) */
+#endif /* ENABLE_SSPI */
 
 
        case AUTH_REQ_CRYPT:
Hanada's development tree.