Make the location of the Kerberos server key file run time configurable

(rather than compile time). For libpq, even when Kerberos support is compiled in, the default user name should still fall back to geteuid() if it can't be determined via the Kerberos system. A couple of fixes for string type configuration parameters, now that there is one.
2025-11-10 17:42:29 +03:00 · 2000-08-25 10:00:35 +00:00
parent 69cf335687
commit 996832caee
11 changed files with 490 additions and 514 deletions
--- a/src/backend/libpq/Makefile
+++ b/src/backend/libpq/Makefile
@@ -4,13 +4,13 @@
 #    Makefile for libpq subsystem (backend half of libpq interface)
 #
 # IDENTIFICATION
-#    $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.23 2000/07/09 13:48:45 petere Exp $
+#    $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.24 2000/08/25 10:00:30 petere Exp $
 #
 #-------------------------------------------------------------------------

 subdir = src/backend/libpq
 top_builddir = ../../..
-include ../../Makefile.global
+include $(top_builddir)/src/Makefile.global

 # be-fsstubs is here for historical reasons, probably belongs elsewhere

@@ -18,12 +18,6 @@ OBJS = be-fsstubs.o \
 	auth.o crypt.o hba.o password.o \
 	pqcomm.o pqformat.o pqpacket.o pqsignal.o util.o

-# This location might depend on the installation directories. Therefore
-# we can't subsitute it into config.h.
-ifdef krb_srvtab
-CPPFLAGS += -DPG_KRB_SRVTAB='"$(krb_srvtab)"'
-endif
-

 all: SUBSYS.o

@@ -39,4 +33,3 @@ clean:
 ifeq (depend,$(wildcard depend))
 include depend
 endif
-
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.48 2000/07/04 16:31:53 petere Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.49 2000/08/25 10:00:30 petere Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -51,6 +51,9 @@ static int	map_old_to_new(Port *port, UserAuth old, int status);
 static void auth_failed(Port *port);


+char * pg_krb_server_keyfile;
+
+
 #ifdef KRB4
 /*----------------------------------------------------------------
 * MIT Kerberos authentication system - protocol version 4
@@ -89,7 +92,7 @@ pg_krb4_recvauth(Port *port)
 						  &port->raddr.in,
 						  &port->laddr.in,
 						  &auth_data,
-						  PG_KRB_SRVTAB,
+						  pg_krb_server_keyfile,
 						  key_sched,
 						  version);
 	if (status != KSUCCESS)
@@ -197,13 +200,13 @@ pg_krb5_init(void)
 		return STATUS_ERROR;
 	}

-	retval = krb5_kt_resolve(pg_krb5_context, PG_KRB_SRVTAB, &pg_krb5_keytab);
+	retval = krb5_kt_resolve(pg_krb5_context, pg_krb_server_keyfile, &pg_krb5_keytab);
 	if (retval) {
 		snprintf(PQerrormsg, PQERRORMSG_LENGTH,
 				 "pg_krb5_init: krb5_kt_resolve returned"
 				 " Kerberos error %d\n", retval);
 	    com_err("postgres", retval, "while resolving keytab file %s",
-				PG_KRB_SRVTAB);
+				pg_krb_server_keyfile);
 		krb5_free_context(pg_krb5_context);
 		return STATUS_ERROR;
 	}
@@ -216,7 +219,7 @@ pg_krb5_init(void)
 				 " Kerberos error %d\n", retval);
 	    com_err("postgres", retval, 
 				"while getting server principal for service %s",
-				PG_KRB_SRVTAB);
+				pg_krb_server_keyfile);
 		krb5_kt_close(pg_krb5_context, pg_krb5_keytab);
 		krb5_free_context(pg_krb5_context);
 		return STATUS_ERROR;