Use GSSAPI library for SSPI auth, when native SSPI is not available

This allows non-Windows clients to connect to a Windows
server with SSPI authentication.

Christian Ullrich, largely modified by me

diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index 0d3cad0b004a99f3ca5e0536181c2a4933785fad..7d2ef51f17ae6c265ebe9fef5eee46a05adad3c5 100644 (file)
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -831,6 +831,10 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)
 
 #if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
                case AUTH_REQ_GSS:
+#if !defined(ENABLE_SSPI)
+                       /* no native SSPI, so use GSSAPI library for it */
+               case AUTH_REQ_SSPI:
+#endif
                        {
                                int                     r;
 
@@ -888,13 +892,14 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)
                                pgunlock_thread();
                        }
                        break;
-#else
+#else /* defined(ENABLE_GSS) || defined(ENABLE_SSPI) */
+                       /* No GSSAPI *or* SSPI support */
                case AUTH_REQ_GSS:
                case AUTH_REQ_GSS_CONT:
                        printfPQExpBuffer(&conn->errorMessage,
                                         libpq_gettext("GSSAPI authentication not supported\n"));
                        return STATUS_ERROR;
-#endif
+#endif /* defined(ENABLE_GSS) || defined(ENABLE_SSPI) */
 
 #ifdef ENABLE_SSPI
                case AUTH_REQ_SSPI:
@@ -914,11 +919,19 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)
                        pgunlock_thread();
                        break;
 #else
+                       /*
+                        * No SSPI support. However, if we have GSSAPI but not SSPI
+                        * support, AUTH_REQ_SSPI will have been handled in the codepath
+                        * for AUTH_REQ_GSSAPI above, so don't duplicate the case label
+                        * in that case.
+                        */
+#if !defined(ENABLE_GSS)
                case AUTH_REQ_SSPI:
                        printfPQExpBuffer(&conn->errorMessage,
                                           libpq_gettext("SSPI authentication not supported\n"));
                        return STATUS_ERROR;
-#endif
+#endif /* !define(ENABLE_GSSAPI) */
+#endif /* ENABLE_SSPI */
 
 
                case AUTH_REQ_CRYPT: