Revert "Add support for Kerberos credential delegation"

This reverts commit 3d4fa227bce4294ce1cc214b4a9d3b7caa3f0454.

Per discussion and buildfarm, this depends on APIs that seem to not
be available on at least one platform (NetBSD).  Should be certainly
possible to rework to be optional on that platform if necessary but bit
late for that at this point.

Discussion: https://postgr.es/m/3286097.1680922218@sss.pgh.pa.us

1 files changed, 3 insertions, 12 deletions

diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index fe2634230a3..b0550e63324 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -58,8 +58,7 @@ pg_GSS_continue(PGconn *conn, int payloadlen)
 {
 	OM_uint32	maj_stat,
 				min_stat,
-				lmin_s,
-				gss_flags = GSS_C_MUTUAL_FLAG;
+				lmin_s;
 	gss_buffer_desc ginbuf;
 	gss_buffer_desc goutbuf;
 
@@ -93,19 +92,12 @@ pg_GSS_continue(PGconn *conn, int payloadlen)
 		ginbuf.value = NULL;
 	}
 
-	/* Only try to acquire credentials if GSS delegation isn't disabled. */
-	if (!pg_GSS_have_cred_cache(&conn->gcred))
-		conn->gcred = GSS_C_NO_CREDENTIAL;
-
-	if (conn->gssdeleg && pg_strcasecmp(conn->gssdeleg, "enable") == 0)
-		gss_flags |= GSS_C_DELEG_FLAG;
-
 	maj_stat = gss_init_sec_context(&min_stat,
-									conn->gcred,
+									GSS_C_NO_CREDENTIAL,
 									&conn->gctx,
 									conn->gtarg_nam,
 									GSS_C_NO_OID,
-									gss_flags,
+									GSS_C_MUTUAL_FLAG,
 									0,
 									GSS_C_NO_CHANNEL_BINDINGS,
 									(ginbuf.value == NULL) ? GSS_C_NO_BUFFER : &ginbuf,
@@ -147,7 +139,6 @@ pg_GSS_continue(PGconn *conn, int payloadlen)
 	{
 		conn->client_finished_auth = true;
 		gss_release_name(&lmin_s, &conn->gtarg_nam);
-		conn->gssapi_used = true;
 	}
 
 	return STATUS_OK;