Disallow gssapi authentication on local connections, since it

author Magnus Hagander <magnus@hagander.net>

Mon, 8 Mar 2010 09:57:35 +0000 (09:57 +0000)

committer Magnus Hagander <magnus@hagander.net>

Mon, 8 Mar 2010 09:57:35 +0000 (09:57 +0000)
author Magnus Hagander <magnus@hagander.net>
Mon, 8 Mar 2010 09:57:35 +0000 (09:57 +0000)
committer Magnus Hagander <magnus@hagander.net>
Mon, 8 Mar 2010 09:57:35 +0000 (09:57 +0000)
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c

index 13fece4af464695dbfc71725cf3ee3db0c962bba..faafdf7b61bbc407a194fd6ad38e51af0544a1a0 100644 (file)
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -10,7 +10,7 @@
   *
   *
   * IDENTIFICATION
- *   $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.188.2.3 2010/03/06 00:45:55 tgl Exp $
+ *   $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.188.2.4 2010/03/08 09:57:35 mha Exp $
   *
   *-------------------------------------------------------------------------
   */
@@ -922,6 +922,22 @@ parse_hba_line(List *line, int line_num, HbaLine *parsedline)
         return false;
     }
  
+   if (parsedline->conntype == ctLocal &&
+       parsedline->auth_method == uaGSS)
+   {
+       ereport(LOG,
+               (errcode(ERRCODE_CONFIG_FILE_ERROR),
+            errmsg("gssapi authentication is not supported on local sockets"),
+                errcontext("line %d of configuration file \"%s\"",
+                           line_num, HbaFileName)));
+       return false;
+   }
+   /*
+    * SSPI authentication can never be enabled on ctLocal connections, because
+    * it's only supported on Windows, where ctLocal isn't supported.
+    */
+
+
     if (parsedline->conntype != ctHostSSL &&
         parsedline->auth_method == uaCert)
     {
author	Magnus Hagander <magnus@hagander.net>
	Mon, 8 Mar 2010 09:57:35 +0000 (09:57 +0000)
committer	Magnus Hagander <magnus@hagander.net>
	Mon, 8 Mar 2010 09:57:35 +0000 (09:57 +0000)