Re: PATCH: Add GSSAPI ccache_name option to libpq
От | Daniel Carter |
---|---|
Тема | Re: PATCH: Add GSSAPI ccache_name option to libpq |
Дата | |
Msg-id | 0f752a59-b77f-3446-ed7f-56906b5ad264@gmail.com обсуждение исходный текст |
Ответ на | Re: PATCH: Add GSSAPI ccache_name option to libpq (Aleksander Alekseev <aleksander@timescale.com>) |
Список | pgsql-hackers |
Hi Aleksander, On 20/04/2021 11:30, Aleksander Alekseev wrote: > Hi Daniel, > >> It's my first go at submitting a patch -- it works as far as I can tell, >> but I suspect there will probably still be stuff to fix before it's >> ready to use! > > You are doing great :) Thanks for the encouragement! > There are several other things worth checking: > 0. Always run `make distclean` before following steps > 1. Make sure `make -j4 world && make -j4 check-world` passes > 2. Make sure `make install-world` and `make installcheck-world` passes > 3. Since you are changing the documentation it's worth checking that > it displays properly. The documentation is in the > $(PGINSTALL)/share/doc/postgresql/html directory > > Several years ago I published some scripts that simplify all this a > little: https://github.com/afiskon/pgscripts, especially step 3. They > may require some modifications for your OS of choice. Please read > https://wiki.postgresql.org/wiki/Submitting_a_Patch for more > information. Thanks for the advice (and the script repository). One thing this has identified is an implicit declaration error on the gss_krb5_ccache_name call (the code was still working so I presume it must get included at some point, although I can't see exactly where). This can be fixed easily enough just by adding a `#include <gssapi/gssapi_krb5.h>` line to libpq-int.h, although I don't know whether this wants to be treated differently because (as far as I can tell) it's a Kerberos-specific feature rather than something which any GSSAPI service could use (hence it being in gssapi_krb5.h rather than gssapi.h) and so might end up breaking other things? (It looks like current versions of both MIT Kerberos and Heimdal use <gssapi/gssapi.h> rather than <gssapi.h>, although Heimdal previously had all its GSSAPI functionality, including this gss_krb5_ccache_name function, in <gssapi.h>.) > Generally speaking, it also a good idea to add some test cases for > your code, although I understand why it might be a little complicated > in this particular case. Maybe you could at least tell us how it can > be checked manually that this code actually does what is supposed to? Something like the following code hopefully demonstrates how it's supposed to work: > const char *conninfo = "dbname='test' user='test' host='krb.local' port='5432' ccache_name='/home/user/test/krb5cc_1000'"; > PGconn *conn; > > conn = PQconnectdb(conninfo); > > if(PQstatus(conn) != CONNECTION_OK) { > fprintf(stderr, "Connection to database failed: %s\n", PQerrorMessage(conn)); > } else { > printf("Connection succeeded\n"); > } > PQfinish(conn); Hopefully this example gives some sort of guide to its intended purpose -- the ccache_name parameter in the connection string specifies a (non-standard) location for the credential cache, which is then used by libpq to fetch data from the database via GSSAPI authentication. Many thanks, Daniel
В списке pgsql-hackers по дате отправления:
Предыдущее
От: Aleksander AlekseevДата:
Сообщение: Re: Synchronous commit behavior during network outage