fe-gssapi-common_8c_source.html

/*-------------------------------------------------------------------------

 *

 * fe-gssapi-common.c

 *     The front-end (client) GSSAPI common code

 *

 * Portions Copyright (c) 1996-2026, PostgreSQL Global Development Group

 * Portions Copyright (c) 1994, Regents of the University of California

 *

 * IDENTIFICATION

 *      src/interfaces/libpq/fe-gssapi-common.c

 *-------------------------------------------------------------------------

 */


#include "postgres_fe.h"


#include "fe-gssapi-common.h"


#include "libpq-int.h"

#include "pqexpbuffer.h"


/*

 * Fetch all errors of a specific type and append to "str".

 * Each error string is preceded by a space.

 */

static void


pg_GSS_error_int(PQExpBuffer str, OM_uint32 stat, int type)

{

    OM_uint32   lmin_s;

    gss_buffer_desc lmsg;

    OM_uint32   msg_ctx = 0;


    do

    {

        if (gss_display_status(&lmin_s, stat, type, GSS_C_NO_OID,

                               &msg_ctx, &lmsg) != GSS_S_COMPLETE)

            break;

        appendPQExpBufferChar(str, ' ');

        appendBinaryPQExpBuffer(str, lmsg.value, lmsg.length);

        gss_release_buffer(&lmin_s, &lmsg);

    } while (msg_ctx);

}


/*

 * GSSAPI errors contain two parts; put both into conn->errorMessage.

 */

void


pg_GSS_error(const char *mprefix, PGconn *conn,

             OM_uint32 maj_stat, OM_uint32 min_stat)

{

    appendPQExpBuffer(&conn->errorMessage, "%s:", mprefix);

    pg_GSS_error_int(&conn->errorMessage, maj_stat, GSS_C_GSS_CODE);

    appendPQExpBufferChar(&conn->errorMessage, ':');

    pg_GSS_error_int(&conn->errorMessage, min_stat, GSS_C_MECH_CODE);

    appendPQExpBufferChar(&conn->errorMessage, '\n');

}


/*

 * Check if we can acquire credentials at all (and yield them if so).

 */

bool


pg_GSS_have_cred_cache(gss_cred_id_t *cred_out)

{

    OM_uint32   major,

                minor;

    gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;


    major = gss_acquire_cred(&minor, GSS_C_NO_NAME, 0, GSS_C_NO_OID_SET,

                             GSS_C_INITIATE, &cred, NULL, NULL);

    if (major != GSS_S_COMPLETE)

    {

        *cred_out = NULL;

        return false;

    }

    *cred_out = cred;

    return true;

}


/*

 * Try to load service name for a connection

 */

int


pg_GSS_load_servicename(PGconn *conn)

{

    OM_uint32   maj_stat,

                min_stat;

    int         maxlen;

    gss_buffer_desc temp_gbuf;

    char       *host;


    if (conn->gtarg_nam != NULL)

        /* Already taken care of - move along */

        return STATUS_OK;


    host = PQhost(conn);

    if (!(host && host[0] != '\0'))

    {

        libpq_append_conn_error(conn, "host name must be specified");

        return STATUS_ERROR;

    }


    /*

     * Import service principal name so the proper ticket can be acquired by

     * the GSSAPI system.

     */

    maxlen = strlen(conn->krbsrvname) + strlen(host) + 2;

    temp_gbuf.value = (char *) malloc(maxlen);

    if (!temp_gbuf.value)

    {

        libpq_append_conn_error(conn, "out of memory");

        return STATUS_ERROR;

    }

    snprintf(temp_gbuf.value, maxlen, "%s@%s",

             conn->krbsrvname, host);

    temp_gbuf.length = strlen(temp_gbuf.value);


    maj_stat = gss_import_name(&min_stat, &temp_gbuf,

                               GSS_C_NT_HOSTBASED_SERVICE, &conn->gtarg_nam);

    free(temp_gbuf.value);


    if (maj_stat != GSS_S_COMPLETE)

    {

        pg_GSS_error(libpq_gettext("GSSAPI name import error"),

                     conn,

                     maj_stat, min_stat);

        return STATUS_ERROR;

    }

    return STATUS_OK;

}


STATUS_OK
#define STATUS_OK
Definition c.h:1158

STATUS_ERROR
#define STATUS_ERROR
Definition c.h:1159

PQhost
char * PQhost(const PGconn *conn)
Definition fe-connect.c:7571

pg_GSS_error
void pg_GSS_error(const char *mprefix, PGconn *conn, OM_uint32 maj_stat, OM_uint32 min_stat)
Definition fe-gssapi-common.c:47

pg_GSS_load_servicename
int pg_GSS_load_servicename(PGconn *conn)
Definition fe-gssapi-common.c:82

pg_GSS_error_int
static void pg_GSS_error_int(PQExpBuffer str, OM_uint32 stat, int type)
Definition fe-gssapi-common.c:26

pg_GSS_have_cred_cache
bool pg_GSS_have_cred_cache(gss_cred_id_t *cred_out)
Definition fe-gssapi-common.c:61

fe-gssapi-common.h

str
const char * str
Definition hashfn_unstable.h:261

libpq-int.h

libpq_append_conn_error
void libpq_append_conn_error(PGconn *conn, const char *fmt,...)
Definition oauth-utils.c:95

libpq_gettext
#define libpq_gettext(x)
Definition oauth-utils.h:86

snprintf
#define snprintf
Definition port.h:260

postgres_fe.h

appendPQExpBuffer
void appendPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition pqexpbuffer.c:265

appendBinaryPQExpBuffer
void appendBinaryPQExpBuffer(PQExpBuffer str, const char *data, size_t datalen)
Definition pqexpbuffer.c:397

appendPQExpBufferChar
void appendPQExpBufferChar(PQExpBuffer str, char ch)
Definition pqexpbuffer.c:378

pqexpbuffer.h

fb
static int fb(int x)
Definition preproc-init.c:92

free
#define free(a)
Definition snowball_runtime.h:65

malloc
#define malloc(a)
Definition snowball_runtime.h:50

conn
PGconn * conn
Definition streamutil.c:52

PQExpBufferData
Definition pqexpbuffer.h:45

pg_conn
Definition libpq-int.h:372

pg_conn::errorMessage
PQExpBufferData errorMessage
Definition libpq-int.h:683

pg_conn::krbsrvname
char * krbsrvname
Definition libpq-int.h:419

stat
Definition win32_port.h:255

type
const char * type
Definition wait_event_funcs.c:27