88 *
99 *
1010 * IDENTIFICATION
11- * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.149 2007/07/10 13:14:20 mha Exp $
11+ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.150 2007/07/11 08:27:33 mha Exp $
1212 *
1313 *-------------------------------------------------------------------------
1414 */
@@ -317,18 +317,18 @@ static GSS_DLLIMP gss_OID GSS_C_NT_USER_NAME = &GSS_C_NT_USER_NAME_desc;
317317
318318
319319static void
320- pg_GSS_error (int severity ,char * text ,OM_uint32 maj_stat ,OM_uint32 min_stat )
320+ pg_GSS_error (int severity ,char * errmsg ,OM_uint32 maj_stat ,OM_uint32 min_stat )
321321{
322322gss_buffer_desc gmsg ;
323323OM_uint32 lmaj_s ,lmin_s ,msg_ctx ;
324- char localmsg1 [128 ],
325- localmsg2 [128 ];
324+ char msg_major [128 ],
325+ msg_minor [128 ];
326326
327327/* Fetch major status message */
328328msg_ctx = 0 ;
329329lmaj_s = gss_display_status (& lmin_s ,maj_stat ,GSS_C_GSS_CODE ,
330330GSS_C_NO_OID ,& msg_ctx ,& gmsg );
331- strlcpy (localmsg1 ,gmsg .value ,sizeof (localmsg1 ));
331+ strlcpy (msg_major ,gmsg .value ,sizeof (msg_major ));
332332gss_release_buffer (& lmin_s ,& gmsg );
333333
334334if (msg_ctx )
@@ -343,7 +343,7 @@ pg_GSS_error(int severity, char *text, OM_uint32 maj_stat, OM_uint32 min_stat)
343343msg_ctx = 0 ;
344344lmaj_s = gss_display_status (& lmin_s ,min_stat ,GSS_C_MECH_CODE ,
345345GSS_C_NO_OID ,& msg_ctx ,& gmsg );
346- strlcpy (localmsg2 ,gmsg .value ,sizeof (localmsg2 ));
346+ strlcpy (msg_minor ,gmsg .value ,sizeof (msg_minor ));
347347gss_release_buffer (& lmin_s ,& gmsg );
348348
349349if (msg_ctx )
@@ -353,7 +353,8 @@ pg_GSS_error(int severity, char *text, OM_uint32 maj_stat, OM_uint32 min_stat)
353353/* errmsg_internal, since translation of the first part must be
354354 * done before calling this function anyway. */
355355ereport (severity ,
356- (errmsg_internal ("%s:%s\n%s" ,text ,localmsg1 ,localmsg2 )));
356+ (errmsg_internal ("%s" ,errmsg ),
357+ errdetail ("%s: %s" ,msg_major ,msg_minor )));
357358}
358359
359360static int
@@ -430,9 +431,8 @@ pg_GSS_recvauth(Port *port)
430431gbuf .length = buf .len ;
431432gbuf .value = buf .data ;
432433
433- ereport (DEBUG4 ,
434- (errmsg_internal ("Processing received GSS token of length: %u" ,
435- gbuf .length )));
434+ elog (DEBUG4 ,"Processing received GSS token of length %u" ,
435+ gbuf .length );
436436
437437maj_stat = gss_accept_sec_context (
438438& min_stat ,
@@ -450,20 +450,19 @@ pg_GSS_recvauth(Port *port)
450450/* gbuf no longer used */
451451pfree (buf .data );
452452
453- ereport (DEBUG5 ,
454- (errmsg_internal ("gss_accept_sec_context major: %i, "
455- "minor: %i, outlen: %u, outflags: %x" ,
456- maj_stat ,min_stat ,
457- port -> gss -> outbuf .length ,gflags )));
453+ elog (DEBUG5 ,"gss_accept_sec_context major: %i, "
454+ "minor: %i, outlen: %u, outflags: %x" ,
455+ maj_stat ,min_stat ,
456+ port -> gss -> outbuf .length ,gflags );
458457
459458if (port -> gss -> outbuf .length != 0 )
460459{
461460/*
462461 * Negotiation generated data to be sent to the client.
463462 */
464- ereport (DEBUG4 ,
465- ( errmsg_internal ( "sending GSS response token of length %u" ,
466- port -> gss -> outbuf . length )));
463+ elog (DEBUG4 , "sending GSS response token of length %u" ,
464+ port -> gss -> outbuf . length );
465+
467466sendAuthRequest (port ,AUTH_REQ_GSS_CONT );
468467}
469468
@@ -477,8 +476,7 @@ pg_GSS_recvauth(Port *port)
477476}
478477
479478if (maj_stat == GSS_S_CONTINUE_NEEDED )
480- ereport (DEBUG4 ,
481- (errmsg_internal ("GSS continue needed" )));
479+ elog (DEBUG4 ,"GSS continue needed" );
482480
483481}while (maj_stat == GSS_S_CONTINUE_NEEDED );
484482
@@ -497,8 +495,10 @@ pg_GSS_recvauth(Port *port)
497495 * pg username that was specified for the connection.
498496 */
499497maj_stat = gss_display_name (& min_stat ,port -> gss -> name ,& gbuf ,NULL );
500- ereport (DEBUG1 ,
501- (errmsg ("GSSAPI authenticated name: %s" , (char * )gbuf .value )));
498+ if (maj_stat != GSS_S_COMPLETE )
499+ pg_GSS_error (ERROR ,
500+ gettext_noop ("retreiving GSS user name failed" ),
501+ maj_stat ,min_stat );
502502
503503/*
504504 * Compare the part of the username that comes before the @
@@ -517,12 +517,15 @@ pg_GSS_recvauth(Port *port)
517517ret = strcmp (port -> user_name ,gbuf .value );
518518
519519if (ret )
520+ {
520521/* GSS name and PGUSER are not equivalent */
521- ereport (ERROR ,
522- (errcode (ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION ),
523- errmsg ("provided username and GSSAPI username don't match" ),
524- errdetail ("provided: %s, GSSAPI: %s" ,
525- port -> user_name , (char * )gbuf .value )));
522+ elog (DEBUG2 ,
523+ "provided username (%s) and GSSAPI username (%s) don't match" ,
524+ port -> user_name , (char * )gbuf .value );
525+
526+ gss_release_buffer (& lmin_s ,& gbuf );
527+ return STATUS_ERROR ;
528+ }
526529
527530gss_release_buffer (& lmin_s ,& gbuf );
528531
@@ -780,9 +783,9 @@ sendAuthRequest(Port *port, AuthRequest areq)
780783{
781784OM_uint32 lmin_s ;
782785
783- ereport (DEBUG4 ,
784- ( errmsg_internal ( "sending GSS token of length %u" ,
785- port -> gss -> outbuf . length )));
786+ elog (DEBUG4 ,"sending GSS token of length %u" ,
787+ port -> gss -> outbuf . length );
788+
786789pq_sendbytes (& buf ,port -> gss -> outbuf .value ,port -> gss -> outbuf .length );
787790gss_release_buffer (& lmin_s ,& port -> gss -> outbuf );
788791}