upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-04-02 07:46:09 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/backend/utils
History
Stephen Frost b0b39f72b9 GSSAPI encryption support 
On both the frontend and backend, prepare for GSSAPI encryption
support by moving common code for error handling into a separate file.
Fix a TODO for handling multiple status messages in the process.
Eliminate the OIDs, which have not been needed for some time.

Add frontend and backend encryption support functions.  Keep the
context initiation for authentication-only separate on both the
frontend and backend in order to avoid concerns about changing the
requested flags to include encryption support.

In postmaster, pull GSSAPI authorization checking into a shared
function.  Also share the initiator name between the encryption and
non-encryption codepaths.

For HBA, add "hostgssenc" and "hostnogssenc" entries that behave
similarly to their SSL counterparts.  "hostgssenc" requires either
"gss", "trust", or "reject" for its authentication.

Similarly, add a "gssencmode" parameter to libpq.  Supported values are
"disable", "require", and "prefer".  Notably, negotiation will only be
attempted if credentials can be acquired.  Move credential acquisition
into its own function to support this behavior.

Add a simple pg_stat_gssapi view similar to pg_stat_ssl, for monitoring
if GSSAPI authentication was used, what principal was used, and if
encryption is being used on the connection.

Finally, add documentation for everything new, and update existing
documentation on connection security.

Thanks to Michael Paquier for the Windows fixes.

Author: Robbie Harwood, with changes to the read/write functions by me.
Reviewed in various forms and at different times by: Michael Paquier,
   Andres Freund, David Steele.
Discussion: https://www.postgresql.org/message-id/flat/jlg1tgq1ktm.fsf@thriss.redhat.com
2019-04-03 15:02:33 -04:00
..
adt GSSAPI encryption support 2019-04-03 15:02:33 -04:00
cache Generated columns 2019-03-30 08:15:57 +01:00
error Update copyright for 2019 2019-01-02 12:44:25 -05:00
fmgr Change function call information to be variable length. 2019-01-26 14:17:52 -08:00
hash Move hash_any prototype from access/hash.h to utils/hashutils.h 2019-03-11 13:17:50 -03:00
init Update HINT for pre-existing shared memory block. 2019-03-31 19:32:48 -07:00
mb More unconstify use 2019-02-13 11:50:16 +01:00
misc Add wal_recycle and wal_init_zero GUCs. 2019-04-02 14:37:14 +13:00
mmgr Fix inconsistent out-of-memory error reporting in dsa.c. 2019-02-25 11:11:40 +13:00
resowner Enable parallel query with SERIALIZABLE isolation. 2019-03-15 17:47:04 +13:00
sort Make heap TID a tiebreaker nbtree index column. 2019-03-20 10:04:01 -07:00
time Mark correctly initial slot snapshots with MVCC type when built 2019-02-20 12:31:07 +09:00
.gitignore Rearrange makefile rules for running Gen_fmgrtab.pl. 2018-05-03 17:54:18 -04:00
errcodes.txt Partial implementation of SQL/JSON path language 2019-03-16 12:16:48 +03:00
Gen_dummy_probes.pl Update copyright for 2019 2019-01-02 12:44:25 -05:00
Gen_dummy_probes.sed Update copyright for 2019 2019-01-02 12:44:25 -05:00
Gen_fmgrtab.pl Use Getopt::Long for catalog scripts 2019-02-12 12:22:08 -03:00
generate-errcodes.pl Update copyright for 2019 2019-01-02 12:44:25 -05:00
Makefile Use Getopt::Long for catalog scripts 2019-02-12 12:22:08 -03:00
probes.d Update copyright for 2019 2019-01-02 12:44:25 -05:00