Kerberos fixes from Magnus Hagander --- in theory Kerberos 5 auth

should work on Windows now.  Also, rename set_noblock to pg_set_noblock;
since it is included in libpq, the former name polluted application
namespace.

src/interfaces/libpq/Makefile

@@ -5,7 +5,7 @@
 # Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 # Portions Copyright (c) 1994, Regents of the University of California
 #
-# $PostgreSQL: pgsql/src/interfaces/libpq/Makefile,v 1.130 2005/03/14 17:27:50 momjian Exp $
+# $PostgreSQL: pgsql/src/interfaces/libpq/Makefile,v 1.131 2005/03/25 00:34:28 tgl Exp $
 #
 #-------------------------------------------------------------------------
 
@@ -55,7 +55,7 @@ endif
 # matter.)
 SHLIB_LINK += $(filter -lcrypt -ldes -lkrb -lcom_err -lcrypto -lk5crypto -lkrb5 -lssl -lsocket -lnsl -lresolv -lintl, $(LIBS)) $(PTHREAD_LIBS)
 ifeq ($(PORTNAME), win32)
-SHLIB_LINK += -lshfolder -lwsock32 -lws2_32 $(filter -leay32 -lssleay32, $(LIBS))
+SHLIB_LINK += -lshfolder -lwsock32 -lws2_32 $(filter -leay32 -lssleay32 -lcomerr32 -lkrb5_32, $(LIBS))
 endif
 
 

src/interfaces/libpq/fe-auth.c

@@ -10,7 +10,7 @@
  * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.99 2005/01/12 21:37:54 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.100 2005/03/25 00:34:28 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -367,7 +367,13 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
 	krb5_principal server;
 	krb5_auth_context auth_context = NULL;
 	krb5_error *err_ret = NULL;
-	int			flags;
+
+	if (!hostname)
+	{
+		snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+				 "pg_krb5_sendauth: hostname must be specified for Kerberos authentication\n");
+		return STATUS_ERROR;
+	}
 
 	ret = pg_krb5_init(PQerrormsg);
 	if (ret != STATUS_OK)
@@ -388,8 +394,7 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
 	 * socket, and we have to block somehow to do mutual authentication
 	 * anyway. So we temporarily make it blocking.
 	 */
-	flags = fcntl(sock, F_GETFL);
-	if (flags < 0 || fcntl(sock, F_SETFL, (long) (flags & ~O_NONBLOCK)))
+	if (!pg_set_block(sock))
 	{
 		char		sebuf[256];
 
@@ -436,7 +441,7 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
 
 	krb5_free_principal(pg_krb5_context, server);
 
-	if (fcntl(sock, F_SETFL, (long) flags))
+	if (!pg_set_noblock(sock))
 	{
 		char		sebuf[256];
 
@@ -599,8 +604,7 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
 							   (struct sockaddr_in *) & conn->raddr.addr,
 								 hostname) != STATUS_OK)
 			{
-				snprintf(PQerrormsg, PQERRORMSG_LENGTH,
-					libpq_gettext("Kerberos 4 authentication failed\n"));
+				/* PQerrormsg already filled in */
 				pgunlock_thread();
 				return STATUS_ERROR;
 			}
@@ -618,8 +622,7 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
 			if (pg_krb5_sendauth(PQerrormsg, conn->sock,
 								 hostname) != STATUS_OK)
 			{
-				snprintf(PQerrormsg, PQERRORMSG_LENGTH,
-					libpq_gettext("Kerberos 5 authentication failed\n"));
+				/* PQerrormsg already filled in */
 				pgunlock_thread();
 				return STATUS_ERROR;
 			}

src/interfaces/libpq/fe-connect.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.303 2005/02/22 04:42:20 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.304 2005/03/25 00:34:29 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1211,7 +1211,7 @@ keep_going:						/* We will come back to here until there
 							continue;
 						}
 					}
-					if (!set_noblock(conn->sock))
+					if (!pg_set_noblock(conn->sock))
 					{
 						printfPQExpBuffer(&conn->errorMessage,
 										  libpq_gettext("could not set socket to non-blocking mode: %s\n"),