gssdeleg.diff
text/x-diff
Patch
Format: unified
| File | + | − |
|---|---|---|
| contrib/postgres_fdw/expected/postgres_fdw.out | 1 | 1 |
| contrib/postgres_fdw/option.c | 3 | 3 |
| contrib/postgres_fdw/sql/postgres_fdw.sql | 1 | 1 |
| doc/src/sgml/libpq.sgml | 5 | 5 |
| src/backend/foreign/foreign.c | 1 | 1 |
| src/interfaces/libpq/fe-auth.c | 1 | 1 |
| src/interfaces/libpq/fe-connect.c | 3 | 3 |
| src/interfaces/libpq/fe-secure-gssapi.c | 2 | 2 |
| src/interfaces/libpq/libpq-int.h | 1 | 1 |
| src/test/kerberos/t/001_auth.pl | 22 | 22 |
diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out
index 826baac9f1..c8c4614b54 100644
--- a/contrib/postgres_fdw/expected/postgres_fdw.out
+++ b/contrib/postgres_fdw/expected/postgres_fdw.out
@@ -172,7 +172,7 @@ ALTER SERVER testserver1 OPTIONS (
--requirepeer 'value',
krbsrvname 'value',
gsslib 'value',
- gssdeleg 'value'
+ gssdelegation 'value'
--replication 'value'
);
-- Error, invalid list syntax
diff --git a/contrib/postgres_fdw/option.c b/contrib/postgres_fdw/option.c
index fe40d50c6d..5c301e0ef3 100644
--- a/contrib/postgres_fdw/option.c
+++ b/contrib/postgres_fdw/option.c
@@ -289,10 +289,10 @@ InitPgFdwOptions(void)
{"sslkey", UserMappingRelationId, true},
/*
- * gssdeleg is also a libpq option but should be allowed in a user
- * mapping context too
+ * gssdelegation is also a libpq option but should be allowed in
+ * a user mapping context too
*/
- {"gssdeleg", UserMappingRelationId, true},
+ {"gssdelegation", UserMappingRelationId, true},
{NULL, InvalidOid, false}
};
diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql
index 15f3af6c29..b54903ad8f 100644
--- a/contrib/postgres_fdw/sql/postgres_fdw.sql
+++ b/contrib/postgres_fdw/sql/postgres_fdw.sql
@@ -186,7 +186,7 @@ ALTER SERVER testserver1 OPTIONS (
--requirepeer 'value',
krbsrvname 'value',
gsslib 'value',
- gssdeleg 'value'
+ gssdelegation 'value'
--replication 'value'
);
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index cce25d06e6..e38a7debc3 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -2054,8 +2054,8 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
</listitem>
</varlistentry>
- <varlistentry id="libpq-connect-gssdeleg" xreflabel="gssdeleg">
- <term><literal>gssdeleg</literal></term>
+ <varlistentry id="libpq-connect-gssdelegation" xreflabel="gssdelegation">
+ <term><literal>gssdelegation</literal></term>
<listitem>
<para>
Forward (delegate) GSS credentials to the server. The default is
@@ -8271,10 +8271,10 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough)
<listitem>
<para>
<indexterm>
- <primary><envar>PGGSSDELEG</envar></primary>
+ <primary><envar>PGGSSDELEGATION</envar></primary>
</indexterm>
- <envar>PGGSSDELEG</envar> behaves the same as the <xref
- linkend="libpq-connect-gssdeleg"/> connection parameter.
+ <envar>PGGSSDELEGATION</envar> behaves the same as the <xref
+ linkend="libpq-connect-gssdelegation"/> connection parameter.
</para>
</listitem>
diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c
index 6e1977fa62..ca3ad55b62 100644
--- a/src/backend/foreign/foreign.c
+++ b/src/backend/foreign/foreign.c
@@ -574,7 +574,7 @@ static const struct ConnectionOption libpq_conninfo_options[] = {
{"requiressl", ForeignServerRelationId},
{"sslmode", ForeignServerRelationId},
{"gsslib", ForeignServerRelationId},
- {"gssdeleg", ForeignServerRelationId},
+ {"gssdelegation", ForeignServerRelationId},
{NULL, InvalidOid}
};
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index 0dc31988b4..de0e13e50d 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -97,7 +97,7 @@ pg_GSS_continue(PGconn *conn, int payloadlen)
if (!pg_GSS_have_cred_cache(&conn->gcred))
conn->gcred = GSS_C_NO_CREDENTIAL;
- if (conn->gssdeleg && pg_strcasecmp(conn->gssdeleg, "enable") == 0)
+ if (conn->gssdelegation && pg_strcasecmp(conn->gssdelegation, "enable") == 0)
gss_flags |= GSS_C_DELEG_FLAG;
maj_stat = gss_init_sec_context(&min_stat,
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 30486c59ba..786d22a770 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -343,9 +343,9 @@ static const internalPQconninfoOption PQconninfoOptions[] = {
"GSS-library", "", 7, /* sizeof("gssapi") == 7 */
offsetof(struct pg_conn, gsslib)},
- {"gssdeleg", "PGGSSDELEG", NULL, NULL,
+ {"gssdelegation", "PGGSSDELEGATION", NULL, NULL,
"GSS-delegation", "", 8, /* sizeof("disable") == 8 */
- offsetof(struct pg_conn, gssdeleg)},
+ offsetof(struct pg_conn, gssdelegation)},
{"replication", NULL, NULL, NULL,
"Replication", "D", 5,
@@ -4453,7 +4453,7 @@ freePGconn(PGconn *conn)
free(conn->gssencmode);
free(conn->krbsrvname);
free(conn->gsslib);
- free(conn->gssdeleg);
+ free(conn->gssdelegation);
free(conn->connip);
/* Note that conn->Pfdebug is not ours to close or free */
free(conn->write_err_msg);
diff --git a/src/interfaces/libpq/fe-secure-gssapi.c b/src/interfaces/libpq/fe-secure-gssapi.c
index 3b2d0fd140..268970eaa0 100644
--- a/src/interfaces/libpq/fe-secure-gssapi.c
+++ b/src/interfaces/libpq/fe-secure-gssapi.c
@@ -622,14 +622,14 @@ pqsecure_open_gss(PGconn *conn)
if (ret != STATUS_OK)
return PGRES_POLLING_FAILED;
- if (conn->gssdeleg && pg_strcasecmp(conn->gssdeleg, "enable") == 0)
+ if (conn->gssdelegation && pg_strcasecmp(conn->gssdelegation, "enable") == 0)
{
/* Acquire credentials if possible */
if (conn->gcred == GSS_C_NO_CREDENTIAL)
(void) pg_GSS_have_cred_cache(&conn->gcred);
/*
- * We have credentials and gssdeleg is enabled, so request credential
+ * We have credentials and gssdelegation is enabled, so request credential
* delegation. This may or may not actually result in credentials
* being delegated- it depends on if the forwardable flag has been set
* in the credential and if the server is configured to accept
diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h
index e985b57cb5..f1854f9919 100644
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@@ -404,7 +404,7 @@ struct pg_conn
char *krbsrvname; /* Kerberos service name */
char *gsslib; /* What GSS library to use ("gssapi" or
* "sspi") */
- char *gssdeleg; /* Try to delegate GSS credentials? */
+ char *gssdelegation; /* Try to delegate GSS credentials? */
char *ssl_min_protocol_version; /* minimum TLS protocol version */
char *ssl_max_protocol_version; /* maximum TLS protocol version */
char *target_session_attrs; /* desired session properties */
diff --git a/src/test/kerberos/t/001_auth.pl b/src/test/kerberos/t/001_auth.pl
index 5aff49a513..ba307b36a2 100644
--- a/src/test/kerberos/t/001_auth.pl
+++ b/src/test/kerberos/t/001_auth.pl
@@ -381,7 +381,7 @@ test_access(
'test1',
'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();',
0,
- 'gssencmode=prefer gssdeleg=enable',
+ 'gssencmode=prefer gssdelegation=enable',
'succeeds with GSS-encrypted access preferred with host hba and credentials not delegated even though asked for (ticket not forwardable)',
"connection authenticated: identity=\"test1\@$realm\" method=gss",
"connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
@@ -391,7 +391,7 @@ test_access(
'test1',
'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();',
0,
- 'gssencmode=require gssdeleg=enable',
+ 'gssencmode=require gssdelegation=enable',
'succeeds with GSS-encrypted access required with host hba and credentials not delegated even though asked for (ticket not forwardable)',
"connection authenticated: identity=\"test1\@$realm\" method=gss",
"connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
@@ -480,7 +480,7 @@ test_access(
'test1',
'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();',
0,
- 'gssencmode=prefer gssdeleg=enable',
+ 'gssencmode=prefer gssdelegation=enable',
'succeeds with GSS-encrypted access preferred and hostgssenc hba and credentials not forwarded (server does not accept them, default)',
"connection authenticated: identity=\"test1\@$realm\" method=gss",
"connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
@@ -490,7 +490,7 @@ test_access(
'test1',
'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();',
0,
- 'gssencmode=require gssdeleg=enable',
+ 'gssencmode=require gssdelegation=enable',
'succeeds with GSS-encrypted access required and hostgssenc hba and credentials not forwarded (server does not accept them, default)',
"connection authenticated: identity=\"test1\@$realm\" method=gss",
"connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
@@ -504,7 +504,7 @@ test_access(
'test1',
'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();',
0,
- 'gssencmode=prefer gssdeleg=enable',
+ 'gssencmode=prefer gssdelegation=enable',
'succeeds with GSS-encrypted access preferred and hostgssenc hba and credentials not forwarded (server does not accept them, explicitly disabled)',
"connection authenticated: identity=\"test1\@$realm\" method=gss",
"connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
@@ -514,7 +514,7 @@ test_access(
'test1',
'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();',
0,
- 'gssencmode=require gssdeleg=enable',
+ 'gssencmode=require gssdelegation=enable',
'succeeds with GSS-encrypted access required and hostgssenc hba and credentials not forwarded (server does not accept them, explicitly disabled)',
"connection authenticated: identity=\"test1\@$realm\" method=gss",
"connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
@@ -528,7 +528,7 @@ test_access(
'test1',
'SELECT gss_authenticated AND encrypted AND credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();',
0,
- 'gssencmode=prefer gssdeleg=enable',
+ 'gssencmode=prefer gssdelegation=enable',
'succeeds with GSS-encrypted access preferred and hostgssenc hba and credentials forwarded',
"connection authenticated: identity=\"test1\@$realm\" method=gss",
"connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=yes, principal=test1\@$realm)"
@@ -538,7 +538,7 @@ test_access(
'test1',
'SELECT gss_authenticated AND encrypted AND credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();',
0,
- 'gssencmode=require gssdeleg=enable',
+ 'gssencmode=require gssdelegation=enable',
'succeeds with GSS-encrypted access required and hostgssenc hba and credentials forwarded',
"connection authenticated: identity=\"test1\@$realm\" method=gss",
"connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=yes, principal=test1\@$realm)"
@@ -558,7 +558,7 @@ test_access(
'test1',
'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();',
0,
- 'gssencmode=require gssdeleg=disable',
+ 'gssencmode=require gssdelegation=disable',
'succeeds with GSS-encrypted access required and hostgssenc hba and credentials explicitly not forwarded',
"connection authenticated: identity=\"test1\@$realm\" method=gss",
"connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
@@ -572,7 +572,7 @@ $psql_rc = $node->psql(
'postgres',
"SELECT * FROM dblink('user=test1 dbname=$dbname host=$host hostaddr=$hostaddr port=$port','select 1') as t1(c1 int);",
connstr =>
- "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdeleg=disable",
+ "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdelegation=disable",
stdout => \$psql_out,
stderr => \$psql_stderr);
is($psql_rc, '3', 'dblink attempt fails without delegated credentials');
@@ -589,7 +589,7 @@ $psql_rc = $node->psql(
'postgres',
"SELECT * FROM dblink('user=test2 dbname=$dbname port=$port passfile=$pgpass','select 1') as t1(c1 int);",
connstr =>
- "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdeleg=disable",
+ "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdelegation=disable",
stdout => \$psql_out,
stderr => \$psql_stderr);
is($psql_rc, '3',
@@ -608,7 +608,7 @@ $psql_rc = $node->psql(
'postgres',
"TABLE tf1;",
connstr =>
- "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdeleg=disable",
+ "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdelegation=disable",
stdout => \$psql_out,
stderr => \$psql_stderr);
is($psql_rc, '3', 'postgres_fdw does not work without delegated credentials');
@@ -626,7 +626,7 @@ $psql_rc = $node->psql(
'postgres',
"TABLE tf2;",
connstr =>
- "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdeleg=disable",
+ "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdelegation=disable",
stdout => \$psql_out,
stderr => \$psql_stderr);
is($psql_rc, '3',
@@ -668,7 +668,7 @@ test_access(
'test1',
'SELECT gss_authenticated AND NOT encrypted AND credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();',
0,
- 'gssencmode=prefer gssdeleg=enable',
+ 'gssencmode=prefer gssdelegation=enable',
'succeeds with GSS-encrypted access preferred and hostnogssenc hba, but no encryption',
"connection authenticated: identity=\"test1\@$realm\" method=gss",
"connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=no, deleg_credentials=yes, principal=test1\@$realm)"
@@ -680,7 +680,7 @@ test_access(
'test1',
'SELECT gss_authenticated AND NOT encrypted AND credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();',
0,
- 'gssencmode=disable gssdeleg=enable',
+ 'gssencmode=disable gssdelegation=enable',
'succeeds with GSS encryption disabled and hostnogssenc hba',
"connection authenticated: identity=\"test1\@$realm\" method=gss",
"connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=no, deleg_credentials=yes, principal=test1\@$realm)"
@@ -691,7 +691,7 @@ test_query(
'test1',
"SELECT * FROM dblink('user=test1 dbname=$dbname host=$host hostaddr=$hostaddr port=$port','select 1') as t1(c1 int);",
qr/^1$/s,
- 'gssencmode=prefer gssdeleg=enable',
+ 'gssencmode=prefer gssdelegation=enable',
'dblink works not-encrypted (server not configured to accept encrypted GSSAPI connections)'
);
@@ -700,7 +700,7 @@ test_query(
'test1',
"TABLE tf1;",
qr/^1$/s,
- 'gssencmode=prefer gssdeleg=enable',
+ 'gssencmode=prefer gssdelegation=enable',
'postgres_fdw works not-encrypted (server not configured to accept encrypted GSSAPI connections)'
);
@@ -711,7 +711,7 @@ $psql_rc = $node->psql(
'postgres',
"SELECT * FROM dblink('user=test2 dbname=$dbname port=$port passfile=$pgpass','select 1') as t1(c1 int);",
connstr =>
- "user=test1 host=$host hostaddr=$hostaddr gssencmode=prefer gssdeleg=enable",
+ "user=test1 host=$host hostaddr=$hostaddr gssencmode=prefer gssdelegation=enable",
stdout => \$psql_out,
stderr => \$psql_stderr);
is($psql_rc, '3',
@@ -730,7 +730,7 @@ $psql_rc = $node->psql(
'postgres',
"TABLE tf2;",
connstr =>
- "user=test1 host=$host hostaddr=$hostaddr gssencmode=prefer gssdeleg=enable",
+ "user=test1 host=$host hostaddr=$hostaddr gssencmode=prefer gssdelegation=enable",
stdout => \$psql_out,
stderr => \$psql_stderr);
is($psql_rc, '3',
@@ -760,7 +760,7 @@ test_access(
'test1',
'SELECT gss_authenticated AND encrypted AND credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();',
0,
- 'gssdeleg=enable',
+ 'gssdelegation=enable',
'succeeds with include_realm=0 and defaults',
"connection authenticated: identity=\"test1\@$realm\" method=gss",
"connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=yes, principal=test1\@$realm)"
@@ -771,12 +771,12 @@ test_query(
'test1',
"SELECT * FROM dblink('user=test1 dbname=$dbname host=$host hostaddr=$hostaddr port=$port password=1234','select 1') as t1(c1 int);",
qr/^1$/s,
- 'gssencmode=require gssdeleg=enable',
+ 'gssencmode=require gssdelegation=enable',
'dblink works encrypted');
test_query(
$node, 'test1', "TABLE tf1;", qr/^1$/s,
- 'gssencmode=require gssdeleg=enable',
+ 'gssencmode=require gssdelegation=enable',
'postgres_fdw works encrypted');
# Reset pg_hba.conf, and cause a usermap failure with an authentication