[PATCHES] patch to add krb_server_hostname to postgresql.conf

Mon, 03 Jan 2005 15:27:46 -0800 

The attached patch adds a directive to the config file,
krb_server_hostname that allows the hostname that service tickets are
obtained against to be different from the hostname of the db server.

We use this because the db server binds to a specific ip address which
has a name that's different from what hostname() would return.

it's against pogresql-8.0.0rc3 though it's not much different than a
similar patch against 7.4.3.

-Todd


Index: doc/src/sgml/runtime.sgml
===================================================================
RCS file: postgresql-8.0.0rc3/doc/src/sgml/runtime.sgml,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- doc/src/sgml/runtime.sgml   26 Dec 2004 23:06:56 -0000      1.1.1.1
+++ doc/src/sgml/runtime.sgml   3 Jan 2005 23:18:44 -0000       1.2
@@ -952,6 +952,20 @@
       </listitem>
      </varlistentry>
 
+     <varlistentry id="guc-krb_server_hostname" 
xreflabel="krb_server_hostname">
+      <term><varname>krb_server_hostname</varname> (<type>string</type>)</term>
+      <indexterm>
+       <primary><varname>krb_server_hostname</> configuration 
parameter</primary>
+      </indexterm>
+      <listitem>
+       <para>
+        Sets the hostname that service tickets will be obtained against
+       (defaults to the hostname of the postgresql server)
+        <xref linkend="kerberos-auth"> for details.
+       </para>
+      </listitem>
+     </varlistentry>
+
      <varlistentry id="guc-db-user-namespace" xreflabel="db_user_namespace">
       <term><varname>db_user_namespace</varname> (<type>boolean</type>)</term>
       <indexterm>
Index: src/backend/libpq/auth.c
===================================================================
RCS file: postgresql-8.0.0rc3/src/backend/libpq/auth.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- src/backend/libpq/auth.c    31 Dec 2004 21:59:50 -0000      1.1.1.1
+++ src/backend/libpq/auth.c    3 Jan 2005 14:59:44 -0000       1.2
@@ -41,6 +41,7 @@
 static int     recv_and_check_password_packet(Port *port);
 
 char      *pg_krb_server_keyfile;
+char      *pg_krb_server_hostname = NULL;
 
 #ifdef USE_PAM
 #ifdef HAVE_PAM_PAM_APPL_H
@@ -189,6 +190,12 @@
 pg_krb5_init(void)
 {
        krb5_error_code retval;
+       char *svr_name;
+
+       if(pg_krb_server_hostname)
+               svr_name = pg_krb_server_hostname;
+       else
+               svr_name = PG_KRB_SRVNAM;
 
        if (pg_krb5_initialised)
                return STATUS_OK;
@@ -215,9 +222,10 @@
                return STATUS_ERROR;
        }
 
-       retval = krb5_sname_to_principal(pg_krb5_context, NULL, PG_KRB_SRVNAM,
-                                                                        
KRB5_NT_SRV_HST, &pg_krb5_server);
-       if (retval)
+       retval = krb5_sname_to_principal(pg_krb5_context, 
+                               pg_krb_server_hostname, PG_KRB_SRVNAM,
+                               KRB5_NT_SRV_HST, &pg_krb5_server);
+        if (retval)
        {
                ereport(LOG,
                 (errmsg("Kerberos sname_to_principal(\"%s\") returned error 
%d",
@@ -254,6 +262,12 @@
        krb5_auth_context auth_context = NULL;
        krb5_ticket *ticket;
        char       *kusername;
+       char       *svr_name;
+
+       if(pg_krb_server_hostname)
+               svr_name = pg_krb_server_hostname;
+       else
+               svr_name = PG_KRB_SRVNAM;
 
        ret = pg_krb5_init();
        if (ret != STATUS_OK)
Index: src/backend/utils/misc/guc.c
===================================================================
RCS file: postgresql-8.0.0rc3/src/backend/utils/misc/guc.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- src/backend/utils/misc/guc.c        20 Dec 2004 18:15:07 -0000      1.1.1.1
+++ src/backend/utils/misc/guc.c        3 Jan 2005 14:59:45 -0000       1.2
@@ -1546,6 +1546,15 @@
        },
 
        {
+               {"krb_server_hostname", PGC_POSTMASTER, CONN_AUTH_SECURITY,
+                       gettext_noop("Sets the hostname of the Kerberos 
server."),
+                       NULL
+               },
+               &pg_krb_server_hostname,
+               NULL, NULL, NULL
+       },
+
+       {
                {"rendezvous_name", PGC_POSTMASTER, CONN_AUTH_SETTINGS,
                        gettext_noop("Sets the Rendezvous broadcast service 
name."),
                        NULL
Index: src/bin/psql/tab-complete.c
===================================================================
RCS file: postgresql-8.0.0rc3/src/bin/psql/tab-complete.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- src/bin/psql/tab-complete.c 24 Dec 2004 15:42:05 -0000      1.1.1.1
+++ src/bin/psql/tab-complete.c 3 Jan 2005 14:59:46 -0000       1.2
@@ -552,6 +552,7 @@
                "geqo_threshold",
                "join_collapse_limit",
                "krb_server_keyfile",
+               "krb_server_hostname",
                "lc_messages",
                "lc_monetary",
                "lc_numeric",
Index: src/include/libpq/auth.h
===================================================================
RCS file: postgresql-8.0.0rc3/src/include/libpq/auth.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- src/include/libpq/auth.h    31 Dec 2004 22:03:32 -0000      1.1.1.1
+++ src/include/libpq/auth.h    3 Jan 2005 14:59:47 -0000       1.2
@@ -27,5 +27,6 @@
 #define PG_KRB5_VERSION "PGVER5.1"
 
 extern char *pg_krb_server_keyfile;
+extern char *pg_krb_server_hostname;
 
 #endif   /* AUTH_H */

---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

Reply via email to