? gss.patch
? gss2.patch
? gss3.patch
Index: build.xml
===================================================================
RCS file: /cvsroot/jdbc/pgjdbc/build.xml,v
retrieving revision 1.80
diff -c -r1.80 build.xml
*** build.xml	19 Feb 2008 05:31:48 -0000	1.80
--- build.xml	8 May 2008 06:20:05 -0000
***************
*** 78,83 ****
--- 78,84 ----
  
      <available property="datasourceclass" classname="javax.sql.DataSource"/>
      <available property="ssl" classname="javax.net.ssl.SSLContext"/>
+     <available property="gss" classname="org.ietf.jgss.GSSManager"/>
      <available property="junit" classname="junit.framework.Test"/>
      <available property="junit.task" classname="org.apache.tools.ant.taskdefs.optional.junit.JUnitTask"/>
  
***************
*** 186,191 ****
--- 187,195 ----
         <!-- ssl -->
         <include name="${package}/ssl/*.java" if="ssl" />
  
+        <!-- gss -->
+        <include name="${package}/gss/*.java" if="gss" />
+ 
         <!-- datasource stuff -->
         <exclude name="${package}/jdbc2/optional/**" unless="datasource"/>
         <include name="${package}/jdbc3/Jdbc3ConnectionPool.java" if="jdbc3any" />
***************
*** 319,324 ****
--- 323,337 ----
          </not>
      </condition>
  
+     <condition property="gss_config" value="">
+         <equals arg1="${gss}" arg2="true" />
+     </condition>
+     <condition property="gss_config" value="//">
+         <not>
+             <equals arg1="${gss}" arg2="true" />
+         </not>
+     </condition>
+ 
      <!-- Some defaults -->
      <filter token="MAJORVERSION" value="${major}" />
      <filter token="MINORVERSION" value="${minor}" />
***************
*** 329,334 ****
--- 342,348 ----
      <filter token="POOLED_CONN_CLASS" value="${pooledconnclass}" />
      <filter token="DEF_PGPORT" value="${def_pgport}" />
      <filter token="SSL" value="${ssl_config}" />
+     <filter token="GSS" value="${gss_config}" />
      <filter token="NOINITCAUSE" value="${noInitCause}" />
  
       <fail unless="major" message="'major' undefined. Please follow the directions in README."/>
Index: org/postgresql/Driver.java.in
===================================================================
RCS file: /cvsroot/jdbc/pgjdbc/org/postgresql/Driver.java.in,v
retrieving revision 1.73
diff -c -r1.73 Driver.java.in
*** org/postgresql/Driver.java.in	13 Apr 2008 16:03:49 -0000	1.73
--- org/postgresql/Driver.java.in	8 May 2008 06:20:06 -0000
***************
*** 117,122 ****
--- 117,129 ----
      private Properties loadDefaultProperties() throws IOException {
          Properties merged = new Properties();
  
+         try {
+             merged.setProperty("user", System.getProperty("user.name"));
+         } catch (java.lang.SecurityException se) {
+             // We're just trying to set a default, so if we can't
+             // it's not a big deal.
+         }
+ 
          // If we are loaded by the bootstrap classloader, getClassLoader()
          // may return null. In that case, try to fall back to the system
          // classloader.
***************
*** 773,776 ****
--- 780,793 ----
          return l_return;
      }
  
+     public static void makeGSS(org.postgresql.core.PGStream stream, String host, String user, String password, Logger logger) throws IOException, SQLException {
+         @GSS@ org.postgresql.gss.MakeGSS.authenticate(stream, host, user, password, logger);
+     }
+ 
+     public static boolean gssEnabled() {
+         boolean l_return = false;
+         @GSS@ l_return = true;
+         return l_return;
+     }
+ 
  }
Index: org/postgresql/core/v3/ConnectionFactoryImpl.java
===================================================================
RCS file: /cvsroot/jdbc/pgjdbc/org/postgresql/core/v3/ConnectionFactoryImpl.java,v
retrieving revision 1.16
diff -c -r1.16 ConnectionFactoryImpl.java
*** org/postgresql/core/v3/ConnectionFactoryImpl.java	13 Apr 2008 16:03:50 -0000	1.16
--- org/postgresql/core/v3/ConnectionFactoryImpl.java	8 May 2008 06:20:06 -0000
***************
*** 39,44 ****
--- 39,47 ----
      private static final int AUTH_REQ_CRYPT = 4;
      private static final int AUTH_REQ_MD5 = 5;
      private static final int AUTH_REQ_SCM = 6;
+     private static final int AUTH_REQ_GSS = 7;
+     private static final int AUTH_REQ_GSS_CONTINUE = 8;
+     private static final int AUTH_REQ_SSPI = 9;
  
      /** Marker exception; thrown when we want to fall back to using V2. */
      private static class UnsupportedProtocolException extends IOException {
***************
*** 98,104 ****
              sendStartupPacket(newStream, params, logger);
  
              // Do authentication (until AuthenticationOk).
!             doAuthentication(newStream, user, info.getProperty("password"), logger);
  
              // Do final startup.
              ProtocolConnectionImpl protoConnection = new ProtocolConnectionImpl(newStream, user, database, info, logger);
--- 101,107 ----
              sendStartupPacket(newStream, params, logger);
  
              // Do authentication (until AuthenticationOk).
!             doAuthentication(newStream, host, user, info.getProperty("password"), logger);
  
              // Do final startup.
              ProtocolConnectionImpl protoConnection = new ProtocolConnectionImpl(newStream, user, database, info, logger);
***************
*** 250,256 ****
          pgStream.flush();
      }
  
!     private void doAuthentication(PGStream pgStream, String user, String password, Logger logger) throws IOException, SQLException
      {
          // Now get the response from the backend, either an error message
          // or an authentication request
--- 253,259 ----
          pgStream.flush();
      }
  
!     private void doAuthentication(PGStream pgStream, String host, String user, String password, Logger logger) throws IOException, SQLException
      {
          // Now get the response from the backend, either an error message
          // or an authentication request
***************
*** 369,374 ****
--- 372,385 ----
                          break;
                      }
  
+                 case AUTH_REQ_GSS:
+                     if (!Driver.gssEnabled())
+                         throw new PSQLException(GT.tr("The driver does not support GSSAPI authentication."), PSQLState.CONNECTION_FAILURE);
+ 
+                     Driver.makeGSS(pgStream, host, user, password, logger);
+                     break;
+ 
+ 
                  case AUTH_REQ_OK:
                      if (logger.logDebug())
                          logger.debug(" <=BE AuthenticationOk");
Index: org/postgresql/gss/GSSCallbackHandler.java
===================================================================
RCS file: org/postgresql/gss/GSSCallbackHandler.java
diff -N org/postgresql/gss/GSSCallbackHandler.java
*** /dev/null	1 Jan 1970 00:00:00 -0000
--- org/postgresql/gss/GSSCallbackHandler.java	8 May 2008 06:20:06 -0000
***************
*** 0 ****
--- 1,49 ----
+ package org.postgresql.gss;
+ 
+ import java.io.IOException;
+ import javax.security.auth.callback.*;
+ 
+ public class GSSCallbackHandler implements CallbackHandler {
+ 
+     private final String user;
+     private final String password;
+ 
+     public GSSCallbackHandler(String user, String password)
+     {
+         this.user = user;
+         this.password = password;
+     }
+ 
+     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
+     {
+         for (int i=0; i<callbacks.length; i++) {
+             if (callbacks[i] instanceof TextOutputCallback) {
+                 TextOutputCallback toc = (TextOutputCallback)callbacks[i];
+                 switch (toc.getMessageType()) {
+                     case TextOutputCallback.INFORMATION:
+                         System.out.println("INFO: " + toc.getMessage());
+                         break;
+                     case TextOutputCallback.ERROR:
+                         System.out.println("ERROR: " + toc.getMessage());
+                         break;
+                     case TextOutputCallback.WARNING:
+                         System.out.println("WARNING: " + toc.getMessage());
+                         break;
+                     default:
+                         throw new IOException("Unsupported message type: " + toc.getMessageType());
+                 }
+             } else if (callbacks[i] instanceof NameCallback) {
+                 NameCallback nc = (NameCallback)callbacks[i];
+                 nc.setName(user);
+             } else if (callbacks[i] instanceof PasswordCallback) {
+                 PasswordCallback pc = (PasswordCallback)callbacks[i];
+                 pc.setPassword(password.toCharArray());
+             } else {
+                 throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+             }
+         }
+     }
+ 
+ }
+ 
+ 
Index: org/postgresql/gss/MakeGSS.java
===================================================================
RCS file: org/postgresql/gss/MakeGSS.java
diff -N org/postgresql/gss/MakeGSS.java
*** /dev/null	1 Jan 1970 00:00:00 -0000
--- org/postgresql/gss/MakeGSS.java	8 May 2008 06:20:06 -0000
***************
*** 0 ****
--- 1,142 ----
+ package org.postgresql.gss;
+ 
+ import org.ietf.jgss.*;
+ import javax.security.auth.Subject;
+ import javax.security.auth.login.LoginContext;
+ import java.security.PrivilegedAction;
+ 
+ import java.io.IOException;
+ import java.sql.SQLException;
+ 
+ import com.sun.security.auth.callback.TextCallbackHandler;
+ import org.postgresql.core.PGStream;
+ import org.postgresql.core.Logger;
+ import org.postgresql.util.*;
+ 
+ 
+ public class MakeGSS
+ {
+ 
+     public static void authenticate(PGStream pgStream, String host, String user, String password, Logger logger) throws IOException, SQLException
+     {
+         if (logger.logDebug())
+             logger.debug(" <=BE AuthenticationReqGSS");
+ 
+         Object result = null;
+ 
+         try {
+             // LoginContext lc = new LoginContext("pgjdbc", new TextCallbackHandler());
+             LoginContext lc = new LoginContext("pgjdbc", new GSSCallbackHandler(user, password));
+             lc.login();
+ 
+             Subject sub = lc.getSubject();
+             PrivilegedAction action = new GssAction(pgStream, host, user, password, logger);
+             result = Subject.doAs(sub, action);
+         } catch (Exception e) {
+             throw new PSQLException(GT.tr("GSS Authentication failed"), PSQLState.CONNECTION_FAILURE, e);
+         }
+ 
+         if (result instanceof IOException)
+             throw (IOException)result;
+         else if (result instanceof SQLException)
+             throw (SQLException)result;
+         else if (result != null)
+             throw new PSQLException(GT.tr("GSS Authentication failed"), PSQLState.CONNECTION_FAILURE, (Exception)result);
+ 
+     }
+ 
+ }
+ 
+ class GssAction implements PrivilegedAction
+ {
+     private final PGStream pgStream;
+     private final String host;
+     private final String user;
+     private final String password;
+     private final Logger logger;
+ 
+     public GssAction(PGStream pgStream, String host, String user, String password, Logger logger)
+     {
+         this.pgStream = pgStream;
+         this.host = host;
+         this.user = user;
+         this.password = password;
+         this.logger = logger;
+     }
+ 
+     public Object run() {
+ 
+         try {
+ 
+             org.ietf.jgss.Oid desiredMechs[] = new org.ietf.jgss.Oid[1];
+             desiredMechs[0] = new org.ietf.jgss.Oid("1.2.840.113554.1.2.2");
+ 
+ 
+             GSSManager manager = GSSManager.getInstance();
+ 
+             GSSName clientName = manager.createName(user, GSSName.NT_USER_NAME);
+             GSSCredential clientCreds = manager.createCredential(clientName, 8*3600, desiredMechs, GSSCredential.INITIATE_ONLY);
+ 
+             GSSName serverName = manager.createName("postgres@" + host, GSSName.NT_HOSTBASED_SERVICE);
+ 
+             GSSContext secContext = manager.createContext(serverName, desiredMechs[0], clientCreds, GSSContext.DEFAULT_LIFETIME);
+             secContext.requestMutualAuth(true);
+ 
+             byte inToken[] = new byte[0];
+             byte outToken[] = null;
+ 
+             boolean established = false;
+             while (!established) {
+                 outToken = secContext.initSecContext(inToken, 0, inToken.length);
+ 
+ 
+                 if (outToken != null) {
+                     if (logger.logDebug())
+                         logger.debug(" FE=> Password(GSS Authentication Token)");
+ 
+                     pgStream.SendChar('p');
+                     pgStream.SendInteger4(4 + outToken.length);
+                     pgStream.Send(outToken);
+                     pgStream.flush();
+                 }
+ 
+                 if (!secContext.isEstablished()) {
+                     int response = pgStream.ReceiveChar();
+                     // Error
+                     if (response == 'E') {
+                         int l_elen = pgStream.ReceiveInteger4();
+                         ServerErrorMessage l_errorMsg = new ServerErrorMessage(pgStream.ReceiveString(l_elen - 4), logger.getLogLevel());
+ 
+                         if (logger.logDebug())
+                             logger.debug(" <=BE ErrorMessage(" + l_errorMsg + ")");
+ 
+                         return new PSQLException(l_errorMsg);
+ 
+                     } else if (response == 'R') {
+ 
+                         if (logger.logDebug())
+                             logger.debug(" <=BE AuthenticationGSSContinue");
+ 
+                         int len = pgStream.ReceiveInteger4();
+                         int type = pgStream.ReceiveInteger4();
+                         // KJJ check type = 8
+                         inToken = pgStream.Receive(len - 8);
+                     } else {
+                         // Unknown/unexpected message type.
+                         return new PSQLException(GT.tr("Protocol error.  Session setup failed."), PSQLState.CONNECTION_UNABLE_TO_CONNECT);
+                     }
+                 } else {
+                     established = true;
+                 }
+             }
+ 
+         } catch (IOException e) {
+             return e;
+         } catch (GSSException gsse) {
+             return new PSQLException(GT.tr("GSS Authentication failed"), PSQLState.CONNECTION_FAILURE, gsse);
+         }
+ 
+         return null;
+     }
+ }
+