diff options
| author | Stephen Frost <sfrost@snowman.net> | 2023-04-08 07:21:35 -0400 |
|---|---|---|
| committer | Stephen Frost <sfrost@snowman.net> | 2023-04-08 07:21:35 -0400 |
| commit | 3d03b24c350ab060bb223623bdff38835bd7afd0 (patch) | |
| tree | 26137687e4b234c47de0140295baaed9928cc968 /src/backend/libpq/be-gssapi-common.c | |
| parent | db4f21e4a34b1d5a3f7123e28e77f575d1a971ea (diff) | |
| download | postgresql-3d03b24c350ab060bb223623bdff38835bd7afd0.tar.gz postgresql-3d03b24c350ab060bb223623bdff38835bd7afd0.zip | |
Revert "Add support for Kerberos credential delegation"
This reverts commit 3d4fa227bce4294ce1cc214b4a9d3b7caa3f0454.
Per discussion and buildfarm, this depends on APIs that seem to not
be available on at least one platform (NetBSD). Should be certainly
possible to rework to be optional on that platform if necessary but bit
late for that at this point.
Discussion: https://postgr.es/m/3286097.1680922218@sss.pgh.pa.us
Diffstat (limited to 'src/backend/libpq/be-gssapi-common.c')
| -rw-r--r-- | src/backend/libpq/be-gssapi-common.c | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/src/backend/libpq/be-gssapi-common.c b/src/backend/libpq/be-gssapi-common.c index 64d41e52915..fb39c760d8c 100644 --- a/src/backend/libpq/be-gssapi-common.c +++ b/src/backend/libpq/be-gssapi-common.c @@ -92,56 +92,3 @@ pg_GSS_error(const char *errmsg, (errmsg_internal("%s", errmsg), errdetail_internal("%s: %s", msg_major, msg_minor))); } - -/* - * Store the credentials passed in into the memory cache for later usage. - * - * This allows credentials to be delegated to us for us to use to connect - * to other systems with, using, e.g. postgres_fdw or dblink. - */ -#define GSS_MEMORY_CACHE "MEMORY:" -void -pg_store_delegated_credential(gss_cred_id_t cred) -{ - OM_uint32 major, - minor; - gss_OID_set mech; - gss_cred_usage_t usage; - gss_key_value_element_desc cc; - gss_key_value_set_desc ccset; - - cc.key = "ccache"; - cc.value = GSS_MEMORY_CACHE; - ccset.count = 1; - ccset.elements = &cc; - - /* Make the delegated credential only available to current process */ - major = gss_store_cred_into(&minor, - cred, - GSS_C_INITIATE, /* credential only used for - * starting libpq connection */ - GSS_C_NULL_OID, /* store all */ - true, /* overwrite */ - true, /* make default */ - &ccset, - &mech, - &usage); - - if (major != GSS_S_COMPLETE) - { - pg_GSS_error("gss_store_cred", major, minor); - } - - /* Credential stored, so we can release our credential handle. */ - major = gss_release_cred(&minor, &cred); - if (major != GSS_S_COMPLETE) - { - pg_GSS_error("gss_release_cred", major, minor); - } - - /* - * Set KRB5CCNAME for this backend, so that later calls to - * gss_acquire_cred will find the delegated credentials we stored. - */ - setenv("KRB5CCNAME", GSS_MEMORY_CACHE, 1); -} |