Add GSS information to connection authorized log message

GSS information (if used) such as if the connection was authorized using
GSS or if it was encrypted using GSS, and perhaps most importantly, what
the GSS principal used for the authentication was, is extremely useful
but wasn't being included in the connection authorized log message.

Therefore, add to the connection authorized log message that
information, in a similar manner to how we log SSL information when SSL
is used for a connection.

Author: Vignesh C
Reviewed-by: Bharath Rupireddy
Discussion: https://www.postgresql.org/message-id/CALDaNm2N1385_Ltoo%3DS7VGT-ESu_bRQa-sC1wg6ikrM2L2Z49w%40mail.gmail.com

src/backend/utils/init/postinit.c

@@ -245,62 +245,40 @@ PerformAuthentication(Port *port)
 
 	if (Log_connections)
 	{
+		StringInfoData logmsg;
+
+		initStringInfo(&logmsg);
 		if (am_walsender)
-		{
-#ifdef USE_SSL
-			if (port->ssl_in_use)
-				ereport(LOG,
-						(port->application_name != NULL
-						 ? errmsg("replication connection authorized: user=%s application_name=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)",
-								  port->user_name,
-								  port->application_name,
-								  be_tls_get_version(port),
-								  be_tls_get_cipher(port),
-								  be_tls_get_cipher_bits(port),
-								  be_tls_get_compression(port) ? _("on") : _("off"))
-						 : errmsg("replication connection authorized: user=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)",
-								  port->user_name,
-								  be_tls_get_version(port),
-								  be_tls_get_cipher(port),
-								  be_tls_get_cipher_bits(port),
-								  be_tls_get_compression(port) ? _("on") : _("off"))));
-			else
-#endif
-				ereport(LOG,
-						(port->application_name != NULL
-						 ? errmsg("replication connection authorized: user=%s application_name=%s",
-								  port->user_name,
-								  port->application_name)
-						 : errmsg("replication connection authorized: user=%s",
-								  port->user_name)));
-		}
+			appendStringInfo(&logmsg, _("replication connection authorized: user=%s"),
+							 port->user_name);
 		else
-		{
+			appendStringInfo(&logmsg, _("connection authorized: user=%s"),
+							 port->user_name);
+		if (!am_walsender)
+			appendStringInfo(&logmsg, _(" database=%s"), port->database_name);
+
+		if (port->application_name != NULL)
+			appendStringInfo(&logmsg, _(" application_name=%s"),
+							 port->application_name);
+
 #ifdef USE_SSL
-			if (port->ssl_in_use)
-				ereport(LOG,
-						(port->application_name != NULL
-						 ? errmsg("connection authorized: user=%s database=%s application_name=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)",
-								  port->user_name, port->database_name, port->application_name,
-								  be_tls_get_version(port),
-								  be_tls_get_cipher(port),
-								  be_tls_get_cipher_bits(port),
-								  be_tls_get_compression(port) ? _("on") : _("off"))
-						 : errmsg("connection authorized: user=%s database=%s SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)",
-								  port->user_name, port->database_name,
-								  be_tls_get_version(port),
-								  be_tls_get_cipher(port),
-								  be_tls_get_cipher_bits(port),
-								  be_tls_get_compression(port) ? _("on") : _("off"))));
-			else
+		if (port->ssl_in_use)
+			appendStringInfo(&logmsg, _(" SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)"),
+							 be_tls_get_version(port),
+							 be_tls_get_cipher(port),
+							 be_tls_get_cipher_bits(port),
+							 be_tls_get_compression(port) ? _("on") : _("off"));
 #endif
-				ereport(LOG,
-						(port->application_name != NULL
-						 ? errmsg("connection authorized: user=%s database=%s application_name=%s",
-								  port->user_name, port->database_name, port->application_name)
-						 : errmsg("connection authorized: user=%s database=%s",
-								  port->user_name, port->database_name)));
-		}
+#ifdef ENABLE_GSS
+		if (be_gssapi_get_princ(port))
+			appendStringInfo(&logmsg, _(" GSS (authenticated=%s, encrypted=%s, principal=%s)"),
+							 be_gssapi_get_auth(port) ? _("yes") : _("no"),
+							 be_gssapi_get_enc(port) ? _("yes") : _("no"),
+							 be_gssapi_get_princ(port));
+#endif
+
+		ereport(LOG, errmsg_internal("%s", logmsg.data));
+		pfree(logmsg.data);
 	}
 
 	set_ps_display("startup");