Postgres Pro
Downloads
Home   >   mailing lists

patch to add krb_server_hostname to postgresql.conf - Mailing list pgsql-patches

From Todd Kover
Subject patch to add krb_server_hostname to postgresql.conf
Date
Msg-id 200501032322.j03NMuB6022506@guinness.omniscient.com
Whole thread Raw
Responses Re: patch to add krb_server_hostname to postgresql.conf  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-patches
Tree view 
The attached patch adds a directive to the config file,
krb_server_hostname that allows the hostname that service tickets are
obtained against to be different from the hostname of the db server.

We use this because the db server binds to a specific ip address which
has a name that's different from what hostname() would return.

it's against pogresql-8.0.0rc3 though it's not much different than a
similar patch against 7.4.3.

-Todd

Index: doc/src/sgml/runtime.sgml
===================================================================
RCS file: postgresql-8.0.0rc3/doc/src/sgml/runtime.sgml,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- doc/src/sgml/runtime.sgml    26 Dec 2004 23:06:56 -0000    1.1.1.1
+++ doc/src/sgml/runtime.sgml    3 Jan 2005 23:18:44 -0000    1.2
@@ -952,6 +952,20 @@
       </listitem>
      </varlistentry>

+     <varlistentry id="guc-krb_server_hostname" xreflabel="krb_server_hostname">
+      <term><varname>krb_server_hostname</varname> (<type>string</type>)</term>
+      <indexterm>
+       <primary><varname>krb_server_hostname</> configuration parameter</primary>
+      </indexterm>
+      <listitem>
+       <para>
+        Sets the hostname that service tickets will be obtained against
+    (defaults to the hostname of the postgresql server)
+        <xref linkend="kerberos-auth"> for details.
+       </para>
+      </listitem>
+     </varlistentry>
+
      <varlistentry id="guc-db-user-namespace" xreflabel="db_user_namespace">
       <term><varname>db_user_namespace</varname> (<type>boolean</type>)</term>
       <indexterm>
Index: src/backend/libpq/auth.c
===================================================================
RCS file: postgresql-8.0.0rc3/src/backend/libpq/auth.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- src/backend/libpq/auth.c    31 Dec 2004 21:59:50 -0000    1.1.1.1
+++ src/backend/libpq/auth.c    3 Jan 2005 14:59:44 -0000    1.2
@@ -41,6 +41,7 @@
 static int    recv_and_check_password_packet(Port *port);

 char       *pg_krb_server_keyfile;
+char       *pg_krb_server_hostname = NULL;

 #ifdef USE_PAM
 #ifdef HAVE_PAM_PAM_APPL_H
@@ -189,6 +190,12 @@
 pg_krb5_init(void)
 {
     krb5_error_code retval;
+    char *svr_name;
+
+    if(pg_krb_server_hostname)
+        svr_name = pg_krb_server_hostname;
+    else
+        svr_name = PG_KRB_SRVNAM;

     if (pg_krb5_initialised)
         return STATUS_OK;
@@ -215,9 +222,10 @@
         return STATUS_ERROR;
     }

-    retval = krb5_sname_to_principal(pg_krb5_context, NULL, PG_KRB_SRVNAM,
-                                     KRB5_NT_SRV_HST, &pg_krb5_server);
-    if (retval)
+    retval = krb5_sname_to_principal(pg_krb5_context,
+                pg_krb_server_hostname, PG_KRB_SRVNAM,
+                 KRB5_NT_SRV_HST, &pg_krb5_server);
+     if (retval)
     {
         ereport(LOG,
          (errmsg("Kerberos sname_to_principal(\"%s\") returned error %d",
@@ -254,6 +262,12 @@
     krb5_auth_context auth_context = NULL;
     krb5_ticket *ticket;
     char       *kusername;
+    char       *svr_name;
+
+    if(pg_krb_server_hostname)
+        svr_name = pg_krb_server_hostname;
+    else
+        svr_name = PG_KRB_SRVNAM;

     ret = pg_krb5_init();
     if (ret != STATUS_OK)
Index: src/backend/utils/misc/guc.c
===================================================================
RCS file: postgresql-8.0.0rc3/src/backend/utils/misc/guc.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- src/backend/utils/misc/guc.c    20 Dec 2004 18:15:07 -0000    1.1.1.1
+++ src/backend/utils/misc/guc.c    3 Jan 2005 14:59:45 -0000    1.2
@@ -1546,6 +1546,15 @@
     },

     {
+        {"krb_server_hostname", PGC_POSTMASTER, CONN_AUTH_SECURITY,
+            gettext_noop("Sets the hostname of the Kerberos server."),
+            NULL
+        },
+        &pg_krb_server_hostname,
+        NULL, NULL, NULL
+    },
+
+    {
         {"rendezvous_name", PGC_POSTMASTER, CONN_AUTH_SETTINGS,
             gettext_noop("Sets the Rendezvous broadcast service name."),
             NULL
Index: src/bin/psql/tab-complete.c
===================================================================
RCS file: postgresql-8.0.0rc3/src/bin/psql/tab-complete.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- src/bin/psql/tab-complete.c    24 Dec 2004 15:42:05 -0000    1.1.1.1
+++ src/bin/psql/tab-complete.c    3 Jan 2005 14:59:46 -0000    1.2
@@ -552,6 +552,7 @@
         "geqo_threshold",
         "join_collapse_limit",
         "krb_server_keyfile",
+        "krb_server_hostname",
         "lc_messages",
         "lc_monetary",
         "lc_numeric",
Index: src/include/libpq/auth.h
===================================================================
RCS file: postgresql-8.0.0rc3/src/include/libpq/auth.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- src/include/libpq/auth.h    31 Dec 2004 22:03:32 -0000    1.1.1.1
+++ src/include/libpq/auth.h    3 Jan 2005 14:59:47 -0000    1.2
@@ -27,5 +27,6 @@
 #define PG_KRB5_VERSION "PGVER5.1"

 extern char *pg_krb_server_keyfile;
+extern char *pg_krb_server_hostname;

 #endif   /* AUTH_H */

pgsql-patches by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: [HACKERS] Bgwriter behavior
Next
From: Simon Riggs
Date:
Subject: Re: [HACKERS] Bgwriter behavior