| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
to validate the realm of the connecting user. By default
it's empty meaning no verification, which is the way
Kerberos authentication has traditionally worked in
PostgreSQL.
|
| |
|
|
| |
Kris Jurka
|
| |
|
|
|
| |
by dynamically loading the function that's missing from the MingW
headers and library.
|
| |
|
|
|
|
|
| |
against a Unix server, and Windows-specific server-side authentication
using SSPI "negotiate" method (Kerberos or NTLM).
Only builds properly with MSVC for now.
|
| |
|
|
| |
when built on a 64-bit machine. Per buildfarm results extracted by Stefan.
|
| |
|
|
| |
enabled, because the only Kerberos library supported always contains it.
|
| |
|
|
|
|
| |
such as OpenBSD (possibly all Heimdal).
Stefan Kaltenbrunner
|
| |
|
|
|
|
| |
* use elog not ereport for debug
* fix debug levels for some output
* properly check for memory allocation errors in a couple of missed places
|
| |
|
|
|
|
| |
Documentation still being written, will be committed later.
Henry B. Hotz and Magnus Hagander
|
| |
|
|
|
|
| |
authentication checks in the backend.
Gavin Sherry
|
| |
|
|
| |
back-stamped for this.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
manually release the LDAP handle via ldap_unbind(). This isn't a
significant problem in practice because an error eventually results
in exiting the process, but we can cleanup correctly without too
much pain.
In passing, fix an error in snprintf() usage: the "size" parameter
to snprintf() is the size of the destination buffer, including space
for the NUL terminator. Also, depending on the value of NAMEDATALEN,
the old coding could have allowed for a buffer overflow.
|
| | |
|
| | |
|
| |
|
|
| |
Euler Taveira de Oliveira
|
| | |
|
| | |
|
| |
|
|
|
| |
entirely on older Windows platforms without the needed library function.
Magnus Hagander
|
| | |
|
| |
|
|
|
| |
have no other gods before c.h'. Also remove some demonstrably redundant
#include lines, mostly of <errno.h> which was added to c.h years ago.
|
| |
|
|
|
|
|
| |
Strip unused include files out unused include files, and add needed
includes to C files.
The next step is to remove unused include files in C files.
|
| |
|
|
|
| |
make the LDAP code's error messages look like they were written by someone
who had heard of our style guidelines.
|
| |
|
|
|
|
|
| |
PAM (such as Win32, but also unixen without PAM). On Unix, uses
OpenLDAP. On win32, uses the builin WinLDAP library.
Magnus Hagander
|
| | |
|
| |
|
|
|
|
|
|
|
| |
comment line where output as too long, and update typedefs for /lib
directory. Also fix case where identifiers were used as variable names
in the backend, but as typedefs in ecpg (favor the backend for
indenting).
Backpatch to 8.1.X.
|
| |
|
|
|
|
| |
exported routines of ip.c, md5.c, and fe-auth.c to begin with 'pg_'.
Also get rid of the vestigial fe_setauthsvc/fe_getauthsvc routines
altogether.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
'localhost'.
Improve kerberos error message.
|
| |
|
|
|
|
|
| |
to call krb5_sname_to_principal() always. Also, use krb_srvname rather
than the hardwired string 'postgres' as the appl_version string in the
krb5_sendauth/recvauth calls, to avoid breaking compatibility with PG
8.0. Magnus Hagander
|
| |
|
|
|
|
| |
pg_strcasecmp and pg_strncasecmp ... but I see some of the former have
crept back in.
Eternal vigilance is the price of locale independence, apparently.
|
| |
|
|
|
| |
some security issues, and upstream has declared it "dead". Patch from
Magnus Hagander, minor editorialization from Neil Conway.
|
| |
|
|
|
|
|
|
|
| |
part of service principal. If not set, any service principal matching
an entry in the keytab can be used.
NEW KERBEROS MATCHING BEHAVIOR FOR 8.1.
Todd Kover
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
postgresql.conf.
---------------------------------------------------------------------------
Here's an updated version of the patch, with the following changes:
1) No longer uses "service name" as "application version". It's instead
hardcoded as "postgres". It could be argued that this part should be
backpatched to 8.0, but it doesn't make a big difference until you can
start changing it with GUC / connection parameters. This change only
affects kerberos 5, not 4.
2) Now downcases kerberos usernames when the client is running on win32.
3) Adds guc option for "krb_caseins_users" to make the server ignore
case mismatch which is required by some KDCs such as Active Directory.
Off by default, per discussion with Tom. This change only affects
kerberos 5, not 4.
4) Updated so it doesn't conflict with the rendevouz/bonjour patch
already in ;-)
Magnus Hagander
|
| |
|
|
| |
macros around strings that were missing them.
|
| |
|
|
| |
version of Kerberos. Per report from Reinhard Max.
|
| |
|
|
|
|
|
|
| |
Also performed an initial run through of upgrading our Copyright date to
extend to 2005 ... first run here was very simple ... change everything
where: grep 1996-2004 && the word 'Copyright' ... scanned through the
generated list with 'less' first, and after, to make sure that I only
picked up the right entries ...
|
| |
|
|
|
|
|
| |
its presence. This amounts to desupporting Kerberos 5 releases 1.0.*,
which is small loss, and simplifies use of our Kerberos code on platforms
with Red-Hat-style include file layouts. Per gripe from John Gray and
followup discussion.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
real gettext() later on, so it was called twice before.
|
| |
|
|
| |
that makes it impossible to translate to other languages.
|
| |
|
|
|
| |
ill-considered conditional logic in getpeereid patch of 3-Dec-2002).
Per bug #1021.
|
| | |
|
| | |
|
