From 4ea1a273fbc20b29ba4aacd3c21030bd62296d7d Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Sat, 29 Jan 2011 17:06:55 +0100
Subject: [PATCH] Use GSSAPI library for SSPI auth, when native SSPI is not
available
This allows non-Windows clients to connect to a Windows
server with SSPI authentication.
Christian Ullrich, largely modified by me
---
src/interfaces/libpq/fe-auth.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index 0d3cad0b004..7d2ef51f17a 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -831,6 +831,10 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)
#if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
case AUTH_REQ_GSS:
+#if !defined(ENABLE_SSPI)
+ /* no native SSPI, so use GSSAPI library for it */
+ case AUTH_REQ_SSPI:
+#endif
{
int r;
@@ -888,13 +892,14 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)
pgunlock_thread();
}
break;
-#else
+#else /* defined(ENABLE_GSS) || defined(ENABLE_SSPI) */
+ /* No GSSAPI *or* SSPI support */
case AUTH_REQ_GSS:
case AUTH_REQ_GSS_CONT:
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("GSSAPI authentication not supported\n"));
return STATUS_ERROR;
-#endif
+#endif /* defined(ENABLE_GSS) || defined(ENABLE_SSPI) */
#ifdef ENABLE_SSPI
case AUTH_REQ_SSPI:
@@ -914,11 +919,19 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)
pgunlock_thread();
break;
#else
+ /*
+ * No SSPI support. However, if we have GSSAPI but not SSPI
+ * support, AUTH_REQ_SSPI will have been handled in the codepath
+ * for AUTH_REQ_GSSAPI above, so don't duplicate the case label
+ * in that case.
+ */
+#if !defined(ENABLE_GSS)
case AUTH_REQ_SSPI:
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("SSPI authentication not supported\n"));
return STATUS_ERROR;
-#endif
+#endif /* !define(ENABLE_GSSAPI) */
+#endif /* ENABLE_SSPI */
case AUTH_REQ_CRYPT:
--
GitLab