Heimdal support (Kerberos V implementation from KTH)

config/c-library.m4

 # Macros that test various C library quirks
-# $Header: /cvsroot/pgsql/config/c-library.m4,v 1.10 2001/12/20 21:23:05 momjian Exp $
+# $Header: /cvsroot/pgsql/config/c-library.m4,v 1.11 2002/02/23 04:17:45 petere Exp $
 
 
 # PGAC_VAR_INT_TIMEZONE
@@ -196,3 +196,34 @@ if test x"$pgac_cv_header_strings_both" = x"yes"; then
   AC_DEFINE([STRING_H_WITH_STRINGS_H], 1,
             [Define if string.h and strings.h may both be included])
 fi])
+
+
+# PGAC_CHECK_MEMBER(AGGREGATE.MEMBER,
+#                   [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND],
+#                   [INCLUDES])
+# -----------------------------------------------------------
+
+AC_DEFUN([PGAC_CHECK_MEMBER],
+[changequote(<<, >>)dnl
+dnl The name to #define.
+define(<<pgac_define_name>>, translit(HAVE_$1, [a-z .*], [A-Z__P]))dnl
+dnl The cache variable name.
+define(<<pgac_cache_name>>, translit(pgac_cv_member_$1, [ .*], [__p]))dnl
+changequote([, ])dnl
+AC_CACHE_CHECK([for $1], [pgac_cache_name],
+[AC_TRY_COMPILE([$4],
+[static ]patsubst([$1], [\..*])[ pgac_var;
+if (pgac_var.]patsubst([$1], [^[^.]*\.])[)
+return 0;],
+[pgac_cache_name=yes],
+[pgac_cache_name=no])])
+
+if test x"[$]pgac_cache_name" = x"yes"; then
+  AC_DEFINE_UNQUOTED(pgac_define_name)
+  $2
+else
+  ifelse([$3], [], :, [$3])
+fi
+undefine([pgac_define_name])[]dnl
+undefine([pgac_cache_name])[]dnl
+])

configure.in

@@ -725,10 +725,12 @@ if test "$with_krb4" = yes ; then
 fi
 
 if test "$with_krb5" = yes ; then
-  AC_CHECK_LIB(com_err, [com_err], [], [AC_MSG_ERROR([library 'com_err' is required for Kerberos 5])])
-  AC_CHECK_LIB(crypto,  [krb5_encrypt], [],
-    [AC_CHECK_LIB(k5crypto, [krb5_encrypt], [], [AC_MSG_ERROR([library 'crypto' or 'k5crypto' is required for Kerberos 5])])])
-  AC_CHECK_LIB(krb5,    [krb5_sendauth], [], [AC_MSG_ERROR([library 'krb5' is required for Kerberos 5])])
+  AC_SEARCH_LIBS(com_err, [krb5 'krb5 -ldes -lasn1 -lroken' com_err], [],
+                 [AC_MSG_ERROR([could not find function 'com_err' required for Kerberos 5])])
+  AC_SEARCH_LIBS(krb5_encrypt, [krb5 'krb5 -ldes -lasn1 -lroken' crypto k5crypto], [],
+                 [AC_MSG_ERROR([could not find function 'krb5_encrypt' required for Kerberos 5])])
+  AC_SEARCH_LIBS(krb5_sendauth, [krb5 'krb5 -ldes -lasn1 -lroken'], [],
+                 [AC_MSG_ERROR([could not find function 'krb5_sendauth' required for Kerberos 5])])
 fi
 
 if test "$with_openssl" = yes ; then
@@ -802,6 +804,21 @@ PGAC_STRUCT_FCRED
 PGAC_STRUCT_SOCKCRED
 PGAC_STRUCT_SOCKADDR_UN
 
+if test "$with_krb5" = yes; then
+# Check for differences between MIT and Heimdal (KTH) releases
+  PGAC_CHECK_MEMBER([krb5_ticket.enc_part2], [],
+                    [PGAC_CHECK_MEMBER([krb5_ticket.client], [],
+                                       [AC_MSG_ERROR([could not determine how to get client name from Kerberos 5 ticket])],
+                                       [#include <krb5.h>])],
+                    [#include <krb5.h>])
+  PGAC_CHECK_MEMBER([krb5_error.text.data], [],
+                    [PGAC_CHECK_MEMBER([krb5_error.e_data], [],
+                                       [AC_MSG_ERROR([could not determine how to extract Kerberos 5 error messages])],
+                                       [#include <krb5.h>])],
+                    [#include <krb5.h>])
+fi
+
+
 ##
 ## Functions, global variables
 ##

doc/src/sgml/release.sgml

 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.116 2002/02/18 23:11:00 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.117 2002/02/23 04:17:45 petere Exp $
 -->
 
 <appendix id="release">
@@ -26,6 +26,7 @@ worries about funny characters.
 <literallayout><![CDATA[
 Access privileges on functions
 Access privileges on procedural languages
+Kerberos 5 support now works with Heimdal
 ]]></literallayout>
 
  </sect1>

src/backend/libpq/auth.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.73 2002/02/19 19:49:09 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.74 2002/02/23 04:17:46 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -229,7 +229,7 @@ pg_krb5_init(void)
 				 " Kerberos error %d\n", retval);
 		com_err("postgres", retval,
 				"while getting server principal for service %s",
-				pg_krb_server_keyfile);
+				PG_KRB_SRVNAM);
 		krb5_kt_close(pg_krb5_context, pg_krb5_keytab);
 		krb5_free_context(pg_krb5_context);
 		return STATUS_ERROR;
@@ -283,8 +283,15 @@ pg_krb5_recvauth(Port *port)
 	 *
 	 * I have no idea why this is considered necessary.
 	 */
+#if defined(HAVE_KRB5_TICKET_ENC_PART2)
 	retval = krb5_unparse_name(pg_krb5_context,
 							   ticket->enc_part2->client, &kusername);
+#elif defined(HAVE_KRB5_TICKET_CLIENT)
+	retval = krb5_unparse_name(pg_krb5_context,
+							   ticket->client, &kusername);
+#else
+#error "bogus configuration"
+#endif
 	if (retval)
 	{
 		snprintf(PQerrormsg, PQERRORMSG_LENGTH,

src/include/pg_config.h.in

@@ -8,7 +8,7 @@
  * or in pg_config.h afterwards.  Of course, if you edit pg_config.h, then your
  * changes will be overwritten the next time you run configure.
  *
- * $Id: pg_config.h.in,v 1.16 2002/01/22 19:02:40 tgl Exp $
+ * $Id: pg_config.h.in,v 1.17 2002/02/23 04:17:46 petere Exp $
  */
 
 #ifndef PG_CONFIG_H
@@ -622,6 +622,18 @@ extern int fdatasync(int fildes);
 /* Set to 1 if you have struct sockaddr_un */
 #undef HAVE_STRUCT_SOCKADDR_UN
 
+/* Set to 1 if you have krb5_ticket.enc_part2 */
+#undef HAVE_KRB5_TICKET_ENC_PART2
+
+/* Set to 1 if you have krb5_ticket.client */
+#undef HAVE_KRB5_TICKET_CLIENT
+
+/* Set to 1 if you have krb5_error.text.data */
+#undef HAVE_KRB5_ERROR_TEXT_DATA
+
+/* Set to 1 if you have krb5_ticket.e_data */
+#undef HAVE_KRB5_ERROR_E_DATA
+
 /* Set to 1 if type "long int" works and is 64 bits */
 #undef HAVE_LONG_INT_64
 

src/interfaces/libpq/fe-auth.c

@@ -10,7 +10,7 @@
  * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.63 2001/11/05 17:46:37 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.64 2002/02/23 04:17:47 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -403,9 +403,18 @@ pg_krb5_sendauth(char *PQerrormsg, int sock,
 	{
 		if (retval == KRB5_SENDAUTH_REJECTED && err_ret)
 		{
+#if defined(HAVE_KRB5_ERROR_TEXT_DATA)
 			snprintf(PQerrormsg, PQERRORMSG_LENGTH,
 			  libpq_gettext("Kerberos 5 authentication rejected: %*s\n"),
 					 err_ret->text.length, err_ret->text.data);
+#elif defined(HAVE_KRB5_ERROR_E_DATA)
+			snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+			  libpq_gettext("Kerberos 5 authentication rejected: %*s\n"),
+					 err_ret->e_data->length,
+					 (const char *)err_ret->e_data->data);
+#else
+#error "bogus configuration"
+#endif
 		}
 		else
 		{
@@ -683,7 +692,7 @@ fe_getauthsvc(char *PQerrormsg)
 char *
 fe_getauthname(char *PQerrormsg)
 {
-	char	   *name = (char *) NULL;
+	const char *name = (char *) NULL;
 	char	   *authn = (char *) NULL;
 	MsgType		authsvc;