Allow kerberos name and username case sensitivity to be specified from

postgresql.conf. --------------------------------------------------------------------------- Here's an updated version of the patch, with the following changes: 1) No longer uses "service name" as "application version". It's instead hardcoded as "postgres". It could be argued that this part should be backpatched to 8.0, but it doesn't make a big difference until you can start changing it with GUC / connection parameters. This change only affects kerberos 5, not 4. 2) Now downcases kerberos usernames when the client is running on win32. 3) Adds guc option for "krb_caseins_users" to make the server ignore case mismatch which is required by some KDCs such as Active Directory. Off by default, per discussion with Tom. This change only affects kerberos 5, not 4. 4) Updated so it doesn't conflict with the rendevouz/bonjour patch already in ;-) Magnus Hagander
2025-06-27 23:21:58 +03:00 · 2005-06-04 20:42:43 +00:00
parent d995014fac
commit 72c53ac3a7
14 changed files with 167 additions and 52 deletions
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.306 2005/05/05 16:40:42 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.307 2005/06/04 20:42:43 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -170,6 +170,12 @@ static const PQconninfoOption PQconninfoOptions[] = {
 	{"sslmode", "PGSSLMODE", DefaultSSLMode, NULL,
 	"SSL-Mode", "", 8},			/* sizeof("disable") == 8 */

+#if defined(KRB4) || defined(KRB5)
+	/* Kerberos authentication supports specifying the service name */
+	{"krbsrvname", "PGKRBSRVNAME", PG_KRB_SRVNAM, NULL,
+	 "Kerberos-service-name", "", 20},
+#endif
+
 	/* Terminating entry --- MUST BE LAST */
 	{NULL, NULL, NULL, NULL,
 	NULL, NULL, 0}
@ -393,6 +399,10 @@ connectOptions1(PGconn *conn, const char *conninfo)
 		conn->sslmode = strdup("require");
 	}
 #endif
+#if defined(KRB4) || defined(KRB5)
+	tmp = conninfo_getval(connOptions, "krbsrvname");
+	conn->krbsrvname = tmp ? strdup(tmp) : NULL;
+#endif

 	/*
 	 * Free the option info - all is in conn now
@ -2074,6 +2084,10 @@ freePGconn(PGconn *conn)
 		free(conn->pgpass);
 	if (conn->sslmode)
 		free(conn->sslmode);
+#if defined(KRB4) || defined(KRB5)
+	if (conn->krbsrvname)
+		free(conn->krbsrvname);
+#endif
 	/* Note that conn->Pfdebug is not ours to close or free */
 	notify = conn->notifyHead;
 	while (notify != NULL)