Hello all,
this patch adds support for connecting to servers running on Windows
and requesting SSPI authentication. It does this by treating
AUTH_REQ_SSPI the same as AUTH_REQ_GSS if no native SSPI support is
available.
In addition to being generally useful, this is a workaround to a
problem with MIT KfW that I encountered back in September 2010 [1].
This change has been tested and works correctly on FreeBSD 8.1, using
the Kerberos and GSSAPI libraries from Heimdal 1.4. The server is
running PostgreSQL 9.0.2 on Windows 2008.
I originally fixed only the JDBC driver in this way [2], but then I
thought that I might try applying the same logic to libpq as well.
The preprocessor logic in that part of fe_sendauth() is quite
impenetrable; I hope I have not broken everything else.
[1] <http://archives.postgresql.org/message-id/i6cpc2%24m3h%241%40dough.gmane.org>
[2] <http://archives.postgresql.org/message-id/i6org1%24mup%241%40dough.gmane.org>
*** src/interfaces/libpq/fe-auth.c.orig Mon Jan 3 13:33:32 2011
--- src/interfaces/libpq/fe-auth.c Mon Jan 3 13:34:41 2011
***************
*** 831,836 ****
--- 831,839 ---- #if defined(ENABLE_GSS) || defined(ENABLE_SSPI) case AUTH_REQ_GSS:
+ #if defined(ENABLE_GSS) && !defined(ENABLE_SSPI)
+ case AUTH_REQ_SSPI:
+ #endif { int r;
***************
*** 891,896 ****
--- 894,902 ---- #else case AUTH_REQ_GSS: case AUTH_REQ_GSS_CONT:
+ #ifndef ENABLE_SSPI
+ case AUTH_REQ_SSPI:
+ #endif printfPQExpBuffer(&conn->errorMessage, libpq_gettext("GSSAPI authentication
notsupported\n")); return STATUS_ERROR;
***************
*** 913,923 **** } pgunlock_thread(); break;
- #else
- case AUTH_REQ_SSPI:
- printfPQExpBuffer(&conn->errorMessage,
- libpq_gettext("SSPI authentication not supported\n"));
- return STATUS_ERROR; #endif
--- 919,924 ----
