Expand some more uses of "deleg" to "delegation" or "delegated".

author Tom Lane <[email protected]>

Sun, 21 May 2023 14:55:18 +0000 (10:55 -0400)

committer Tom Lane <[email protected]>

Sun, 21 May 2023 14:55:18 +0000 (10:55 -0400)
author Tom Lane <[email protected]>
Sun, 21 May 2023 14:55:18 +0000 (10:55 -0400)
committer Tom Lane <[email protected]>
Sun, 21 May 2023 14:55:18 +0000 (10:55 -0400)
diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out

index 826baac9f1808487cbfcbf4fb59c88deffe4ac6e..c8c4614b547b0488619af6adcf0b82bdf1c0aa51 100644 (file)
--- a/contrib/postgres_fdw/expected/postgres_fdw.out
+++ b/contrib/postgres_fdw/expected/postgres_fdw.out
@@ -172,7 +172,7 @@ ALTER SERVER testserver1 OPTIONS (
         --requirepeer 'value',
         krbsrvname 'value',
         gsslib 'value',
-       gssdeleg 'value'
+       gssdelegation 'value'
         --replication 'value'
  );
  -- Error, invalid list syntax
diff --git a/contrib/postgres_fdw/option.c b/contrib/postgres_fdw/option.c

index fe40d50c6dd560a103cc24d658ace04ec3f564e5..8c822f4ef909cec6197406fcfe36a2225cf0565d 100644 (file)
--- a/contrib/postgres_fdw/option.c
+++ b/contrib/postgres_fdw/option.c
@@ -289,10 +289,10 @@ InitPgFdwOptions(void)
                 {"sslkey", UserMappingRelationId, true},
  
                 /*
-                * gssdeleg is also a libpq option but should be allowed in a user
-                * mapping context too
+                * gssdelegation is also a libpq option but should be allowed in a
+                * user mapping context too
                  */
-               {"gssdeleg", UserMappingRelationId, true},
+               {"gssdelegation", UserMappingRelationId, true},
  
                 {NULL, InvalidOid, false}
         };
diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql

index 15f3af6c293bf0148d4a3adde968a7a19e16d5da..b54903ad8fa49c37f5ad45a1c58ba5260d8ad0eb 100644 (file)
--- a/contrib/postgres_fdw/sql/postgres_fdw.sql
+++ b/contrib/postgres_fdw/sql/postgres_fdw.sql
@@ -186,7 +186,7 @@ ALTER SERVER testserver1 OPTIONS (
         --requirepeer 'value',
         krbsrvname 'value',
         gsslib 'value',
-       gssdeleg 'value'
+       gssdelegation 'value'
         --replication 'value'
  );
  
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml

index cce25d06e690a137d6c42a09f71f3e7d18526678..e38a7debc3561755d9732bb630cae3dcb31f5a86 100644 (file)
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -2054,8 +2054,8 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
        </listitem>
       </varlistentry>
  
-     <varlistentry id="libpq-connect-gssdeleg" xreflabel="gssdeleg">
-      <term><literal>gssdeleg</literal></term>
+     <varlistentry id="libpq-connect-gssdelegation" xreflabel="gssdelegation">
+      <term><literal>gssdelegation</literal></term>
        <listitem>
         <para>
          Forward (delegate) GSS credentials to the server.  The default is
@@ -8271,10 +8271,10 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough)
      <listitem>
       <para>
        <indexterm>
-       <primary><envar>PGGSSDELEG</envar></primary>
+       <primary><envar>PGGSSDELEGATION</envar></primary>
        </indexterm>
-      <envar>PGGSSDELEG</envar> behaves the same as the <xref
-      linkend="libpq-connect-gssdeleg"/> connection parameter.
+      <envar>PGGSSDELEGATION</envar> behaves the same as the <xref
+      linkend="libpq-connect-gssdelegation"/> connection parameter.
       </para>
      </listitem>
  
diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql

index d0c932ad0e3ac2ff3d8875c623a90a713c81b1c1..c18fea8362dff57d40ca50193cd016802c950913 100644 (file)
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@@ -980,7 +980,7 @@ CREATE VIEW pg_stat_gssapi AS
              S.gss_auth AS gss_authenticated,
              S.gss_princ AS principal,
              S.gss_enc AS encrypted,
-            S.gss_deleg AS credentials_delegated
+            S.gss_delegation AS credentials_delegated
      FROM pg_stat_get_activity(NULL) AS S
      WHERE S.client_port IS NOT NULL;
  
diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c

index 6e1977fa6205be5949b06ffc326274b39d0448fe..ca3ad55b628f10035685dc3190379a8461b92206 100644 (file)
--- a/src/backend/foreign/foreign.c
+++ b/src/backend/foreign/foreign.c
@@ -574,7 +574,7 @@ static const struct ConnectionOption libpq_conninfo_options[] = {
         {"requiressl", ForeignServerRelationId},
         {"sslmode", ForeignServerRelationId},
         {"gsslib", ForeignServerRelationId},
-       {"gssdeleg", ForeignServerRelationId},
+       {"gssdelegation", ForeignServerRelationId},
         {NULL, InvalidOid}
  };
  
diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c

index 3359b34f5275a0ca58322468c92213962ff22fac..6856ed99e7d4cd2b31b5bb6889ffb44d4a77fa8e 100644 (file)
--- a/src/backend/utils/init/postinit.c
+++ b/src/backend/utils/init/postinit.c
@@ -282,14 +282,14 @@ PerformAuthentication(Port *port)
  
                         if (princ)
                                 appendStringInfo(&logmsg,
-                                                                _(" GSS (authenticated=%s, encrypted=%s, deleg_credentials=%s, principal=%s)"),
+                                                                _(" GSS (authenticated=%s, encrypted=%s, delegated_credentials=%s, principal=%s)"),
                                                                  be_gssapi_get_auth(port) ? _("yes") : _("no"),
                                                                  be_gssapi_get_enc(port) ? _("yes") : _("no"),
                                                                  be_gssapi_get_delegation(port) ? _("yes") : _("no"),
                                                                  princ);
                         else
                                 appendStringInfo(&logmsg,
-                                                                _(" GSS (authenticated=%s, encrypted=%s, deleg_credentials=%s)"),
+                                                                _(" GSS (authenticated=%s, encrypted=%s, delegated_credentials=%s)"),
                                                                  be_gssapi_get_auth(port) ? _("yes") : _("no"),
                                                                  be_gssapi_get_enc(port) ? _("yes") : _("no"),
                                                                  be_gssapi_get_delegation(port) ? _("yes") : _("no"));
diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h

index 2ced5832247e59f09b43294644c9ee3884cdf1b2..c784937a0ebee434c843030a584873fb1d62861a 100644 (file)
--- a/src/include/catalog/catversion.h
+++ b/src/include/catalog/catversion.h
@@ -57,6 +57,6 @@
   */
  
  /*                                                     yyyymmddN */
-#define CATALOG_VERSION_NO     202305191
+#define CATALOG_VERSION_NO     202305211
  
  #endif
diff --git a/src/include/catalog/pg_proc.dat b/src/include/catalog/pg_proc.dat

index 2e0f9f2b5ca1dd091db5ac21ad7004ce131ca6e5..6996073989a5dda2244f77f0320b26f16a46906f 100644 (file)
--- a/src/include/catalog/pg_proc.dat
+++ b/src/include/catalog/pg_proc.dat
@@ -5415,7 +5415,7 @@
    prorettype => 'record', proargtypes => 'int4',
    proallargtypes => '{int4,oid,int4,oid,text,text,text,text,text,timestamptz,timestamptz,timestamptz,timestamptz,inet,text,int4,xid,xid,text,bool,text,text,int4,text,numeric,text,bool,text,bool,bool,int4,int8}',
    proargmodes => '{i,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o,o}',
-  proargnames => '{pid,datid,pid,usesysid,application_name,state,query,wait_event_type,wait_event,xact_start,query_start,backend_start,state_change,client_addr,client_hostname,client_port,backend_xid,backend_xmin,backend_type,ssl,sslversion,sslcipher,sslbits,ssl_client_dn,ssl_client_serial,ssl_issuer_dn,gss_auth,gss_princ,gss_enc,gss_deleg,leader_pid,query_id}',
+  proargnames => '{pid,datid,pid,usesysid,application_name,state,query,wait_event_type,wait_event,xact_start,query_start,backend_start,state_change,client_addr,client_hostname,client_port,backend_xid,backend_xmin,backend_type,ssl,sslversion,sslcipher,sslbits,ssl_client_dn,ssl_client_serial,ssl_issuer_dn,gss_auth,gss_princ,gss_enc,gss_delegation,leader_pid,query_id}',
    prosrc => 'pg_stat_get_activity' },
  { oid => '3318',
    descr => 'statistics: information about progress of backends running maintenance command',
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c

index 0dc31988b47f4d196c54eb3061535d228a5fe2e7..de0e13e50d12ccc023130171b664c6a6b0fdc384 100644 (file)
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -97,7 +97,7 @@ pg_GSS_continue(PGconn *conn, int payloadlen)
         if (!pg_GSS_have_cred_cache(&conn->gcred))
                 conn->gcred = GSS_C_NO_CREDENTIAL;
  
-       if (conn->gssdeleg && pg_strcasecmp(conn->gssdeleg, "enable") == 0)
+       if (conn->gssdelegation && pg_strcasecmp(conn->gssdelegation, "enable") == 0)
                 gss_flags |= GSS_C_DELEG_FLAG;
  
         maj_stat = gss_init_sec_context(&min_stat,
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c

index 30486c59ba940cb487d011a8c4f755342383d9ec..786d22a7706e5f5af95faace92c3ca94e2c0fc36 100644 (file)
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -343,9 +343,9 @@ static const internalPQconninfoOption PQconninfoOptions[] = {
                 "GSS-library", "", 7,   /* sizeof("gssapi") == 7 */
         offsetof(struct pg_conn, gsslib)},
  
-       {"gssdeleg", "PGGSSDELEG", NULL, NULL,
+       {"gssdelegation", "PGGSSDELEGATION", NULL, NULL,
                 "GSS-delegation", "", 8,        /* sizeof("disable") == 8 */
-       offsetof(struct pg_conn, gssdeleg)},
+       offsetof(struct pg_conn, gssdelegation)},
  
         {"replication", NULL, NULL, NULL,
                 "Replication", "D", 5,
@@ -4453,7 +4453,7 @@ freePGconn(PGconn *conn)
         free(conn->gssencmode);
         free(conn->krbsrvname);
         free(conn->gsslib);
-       free(conn->gssdeleg);
+       free(conn->gssdelegation);
         free(conn->connip);
         /* Note that conn->Pfdebug is not ours to close or free */
         free(conn->write_err_msg);
diff --git a/src/interfaces/libpq/fe-secure-gssapi.c b/src/interfaces/libpq/fe-secure-gssapi.c

index 3b2d0fd1401e1dad31906f1b7697f776b876f4fa..c77d5cfe9f5905e301e5f5ace48dcd67e60dd733 100644 (file)
--- a/src/interfaces/libpq/fe-secure-gssapi.c
+++ b/src/interfaces/libpq/fe-secure-gssapi.c
@@ -622,18 +622,18 @@ pqsecure_open_gss(PGconn *conn)
         if (ret != STATUS_OK)
                 return PGRES_POLLING_FAILED;
  
-       if (conn->gssdeleg && pg_strcasecmp(conn->gssdeleg, "enable") == 0)
+       if (conn->gssdelegation && pg_strcasecmp(conn->gssdelegation, "enable") == 0)
         {
                 /* Acquire credentials if possible */
                 if (conn->gcred == GSS_C_NO_CREDENTIAL)
                         (void) pg_GSS_have_cred_cache(&conn->gcred);
  
                 /*
-                * We have credentials and gssdeleg is enabled, so request credential
-                * delegation.  This may or may not actually result in credentials
-                * being delegated- it depends on if the forwardable flag has been set
-                * in the credential and if the server is configured to accept
-                * delegated credentials.
+                * We have credentials and gssdelegation is enabled, so request
+                * credential delegation.  This may or may not actually result in
+                * credentials being delegated- it depends on if the forwardable flag
+                * has been set in the credential and if the server is configured to
+                * accept delegated credentials.
                  */
                 if (conn->gcred != GSS_C_NO_CREDENTIAL)
                         gss_flags |= GSS_C_DELEG_FLAG;
diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h

index e985b57cb5a9e91dfe4b430116ff66cf80bbf898..f1854f9919c241941de39b9fc9fa12891088cb88 100644 (file)
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@@ -404,7 +404,7 @@ struct pg_conn
         char       *krbsrvname;         /* Kerberos service name */
         char       *gsslib;                     /* What GSS library to use ("gssapi" or
                                                                  * "sspi") */
-       char       *gssdeleg;           /* Try to delegate GSS credentials? */
+       char       *gssdelegation;      /* Try to delegate GSS credentials? */
         char       *ssl_min_protocol_version;   /* minimum TLS protocol version */
         char       *ssl_max_protocol_version;   /* maximum TLS protocol version */
         char       *target_session_attrs;       /* desired session properties */
diff --git a/src/test/kerberos/README b/src/test/kerberos/README

index 72ae519dea7f02d8b3584f3196542d2fe0c943c5..a048d442afcf4b7ecb741431dae523bd9f4e5b96 100644 (file)
--- a/src/test/kerberos/README
+++ b/src/test/kerberos/README
@@ -19,6 +19,8 @@ Running the tests
  =================
  
  NOTE: You must have given the --enable-tap-tests argument to configure.
+Also, to use "make installcheck", you must have built and installed
+contrib/dblink and contrib/postgres_fdw in addition to the core code.
  
  Run
      make check PG_TEST_EXTRA=kerberos
diff --git a/src/test/kerberos/t/001_auth.pl b/src/test/kerberos/t/001_auth.pl

index 5aff49a51318955cc59c836f3ae364965494706e..bff26fda0c913ee5548b532c0e843aef5fb30c6a 100644 (file)
--- a/src/test/kerberos/t/001_auth.pl
+++ b/src/test/kerberos/t/001_auth.pl
@@ -351,7 +351,7 @@ test_access(
         '',
         'succeeds with mapping with default gssencmode and host hba, ticket not forwardable',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)"
  );
  
  test_access(
@@ -362,7 +362,7 @@ test_access(
         'gssencmode=prefer',
         'succeeds with GSS-encrypted access preferred with host hba, ticket not forwardable',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)"
  );
  
  test_access(
@@ -373,7 +373,7 @@ test_access(
         'gssencmode=require',
         'succeeds with GSS-encrypted access required with host hba, ticket not forwardable',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)"
  );
  
  test_access(
@@ -381,20 +381,20 @@ test_access(
         'test1',
         'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();',
         0,
-       'gssencmode=prefer gssdeleg=enable',
+       'gssencmode=prefer gssdelegation=enable',
         'succeeds with GSS-encrypted access preferred with host hba and credentials not delegated even though asked for (ticket not forwardable)',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)"
  );
  test_access(
         $node,
         'test1',
         'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();',
         0,
-       'gssencmode=require gssdeleg=enable',
+       'gssencmode=require gssdelegation=enable',
         'succeeds with GSS-encrypted access required with host hba and credentials not delegated even though asked for (ticket not forwardable)',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)"
  );
  
  
@@ -480,20 +480,20 @@ test_access(
         'test1',
         'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();',
         0,
-       'gssencmode=prefer gssdeleg=enable',
+       'gssencmode=prefer gssdelegation=enable',
         'succeeds with GSS-encrypted access preferred and hostgssenc hba and credentials not forwarded (server does not accept them, default)',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)"
  );
  test_access(
         $node,
         'test1',
         'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();',
         0,
-       'gssencmode=require gssdeleg=enable',
+       'gssencmode=require gssdelegation=enable',
         'succeeds with GSS-encrypted access required and hostgssenc hba and credentials not forwarded (server does not accept them, default)',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)"
  );
  
  $node->append_conf('postgresql.conf', qq{gss_accept_delegation=off});
@@ -504,20 +504,20 @@ test_access(
         'test1',
         'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();',
         0,
-       'gssencmode=prefer gssdeleg=enable',
+       'gssencmode=prefer gssdelegation=enable',
         'succeeds with GSS-encrypted access preferred and hostgssenc hba and credentials not forwarded (server does not accept them, explicitly disabled)',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)"
  );
  test_access(
         $node,
         'test1',
         'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();',
         0,
-       'gssencmode=require gssdeleg=enable',
+       'gssencmode=require gssdelegation=enable',
         'succeeds with GSS-encrypted access required and hostgssenc hba and credentials not forwarded (server does not accept them, explicitly disabled)',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)"
  );
  
  $node->append_conf('postgresql.conf', qq{gss_accept_delegation=on});
@@ -528,20 +528,20 @@ test_access(
         'test1',
         'SELECT gss_authenticated AND encrypted AND credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();',
         0,
-       'gssencmode=prefer gssdeleg=enable',
+       'gssencmode=prefer gssdelegation=enable',
         'succeeds with GSS-encrypted access preferred and hostgssenc hba and credentials forwarded',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=yes, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=yes, principal=test1\@$realm)"
  );
  test_access(
         $node,
         'test1',
         'SELECT gss_authenticated AND encrypted AND credentials_delegated from pg_stat_gssapi where pid = pg_backend_pid();',
         0,
-       'gssencmode=require gssdeleg=enable',
+       'gssencmode=require gssdelegation=enable',
         'succeeds with GSS-encrypted access required and hostgssenc hba and credentials forwarded',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=yes, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=yes, principal=test1\@$realm)"
  );
  test_access(
         $node,
@@ -551,17 +551,17 @@ test_access(
         'gssencmode=prefer',
         'succeeds with GSS-encrypted access preferred and hostgssenc hba and credentials not forwarded',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)"
  );
  test_access(
         $node,
         'test1',
         'SELECT gss_authenticated AND encrypted AND NOT credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();',
         0,
-       'gssencmode=require gssdeleg=disable',
+       'gssencmode=require gssdelegation=disable',
         'succeeds with GSS-encrypted access required and hostgssenc hba and credentials explicitly not forwarded',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=no, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=no, principal=test1\@$realm)"
  );
  
  my $psql_out = '';
@@ -572,7 +572,7 @@ $psql_rc = $node->psql(
         'postgres',
         "SELECT * FROM dblink('user=test1 dbname=$dbname host=$host hostaddr=$hostaddr port=$port','select 1') as t1(c1 int);",
         connstr =>
-         "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdeleg=disable",
+         "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdelegation=disable",
         stdout => \$psql_out,
         stderr => \$psql_stderr);
  is($psql_rc, '3', 'dblink attempt fails without delegated credentials');
@@ -589,7 +589,7 @@ $psql_rc = $node->psql(
         'postgres',
         "SELECT * FROM dblink('user=test2 dbname=$dbname port=$port passfile=$pgpass','select 1') as t1(c1 int);",
         connstr =>
-         "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdeleg=disable",
+         "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdelegation=disable",
         stdout => \$psql_out,
         stderr => \$psql_stderr);
  is($psql_rc, '3',
@@ -608,7 +608,7 @@ $psql_rc = $node->psql(
         'postgres',
         "TABLE tf1;",
         connstr =>
-         "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdeleg=disable",
+         "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdelegation=disable",
         stdout => \$psql_out,
         stderr => \$psql_stderr);
  is($psql_rc, '3', 'postgres_fdw does not work without delegated credentials');
@@ -626,7 +626,7 @@ $psql_rc = $node->psql(
         'postgres',
         "TABLE tf2;",
         connstr =>
-         "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdeleg=disable",
+         "user=test1 host=$host hostaddr=$hostaddr gssencmode=require gssdelegation=disable",
         stdout => \$psql_out,
         stderr => \$psql_stderr);
  is($psql_rc, '3',
@@ -668,10 +668,10 @@ test_access(
         'test1',
         'SELECT gss_authenticated AND NOT encrypted AND credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();',
         0,
-       'gssencmode=prefer gssdeleg=enable',
+       'gssencmode=prefer gssdelegation=enable',
         'succeeds with GSS-encrypted access preferred and hostnogssenc hba, but no encryption',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=no, deleg_credentials=yes, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=no, delegated_credentials=yes, principal=test1\@$realm)"
  );
  test_access($node, 'test1', 'SELECT true', 2, 'gssencmode=require',
         'fails with GSS-encrypted access required and hostnogssenc hba');
@@ -680,10 +680,10 @@ test_access(
         'test1',
         'SELECT gss_authenticated AND NOT encrypted AND credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();',
         0,
-       'gssencmode=disable gssdeleg=enable',
+       'gssencmode=disable gssdelegation=enable',
         'succeeds with GSS encryption disabled and hostnogssenc hba',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=no, deleg_credentials=yes, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=no, delegated_credentials=yes, principal=test1\@$realm)"
  );
  
  test_query(
@@ -691,7 +691,7 @@ test_query(
         'test1',
         "SELECT * FROM dblink('user=test1 dbname=$dbname host=$host hostaddr=$hostaddr port=$port','select 1') as t1(c1 int);",
         qr/^1$/s,
-       'gssencmode=prefer gssdeleg=enable',
+       'gssencmode=prefer gssdelegation=enable',
         'dblink works not-encrypted (server not configured to accept encrypted GSSAPI connections)'
  );
  
@@ -700,7 +700,7 @@ test_query(
         'test1',
         "TABLE tf1;",
         qr/^1$/s,
-       'gssencmode=prefer gssdeleg=enable',
+       'gssencmode=prefer gssdelegation=enable',
         'postgres_fdw works not-encrypted (server not configured to accept encrypted GSSAPI connections)'
  );
  
@@ -711,7 +711,7 @@ $psql_rc = $node->psql(
         'postgres',
         "SELECT * FROM dblink('user=test2 dbname=$dbname port=$port passfile=$pgpass','select 1') as t1(c1 int);",
         connstr =>
-         "user=test1 host=$host hostaddr=$hostaddr gssencmode=prefer gssdeleg=enable",
+         "user=test1 host=$host hostaddr=$hostaddr gssencmode=prefer gssdelegation=enable",
         stdout => \$psql_out,
         stderr => \$psql_stderr);
  is($psql_rc, '3',
@@ -730,7 +730,7 @@ $psql_rc = $node->psql(
         'postgres',
         "TABLE tf2;",
         connstr =>
-         "user=test1 host=$host hostaddr=$hostaddr gssencmode=prefer gssdeleg=enable",
+         "user=test1 host=$host hostaddr=$hostaddr gssencmode=prefer gssdelegation=enable",
         stdout => \$psql_out,
         stderr => \$psql_stderr);
  is($psql_rc, '3',
@@ -760,10 +760,10 @@ test_access(
         'test1',
         'SELECT gss_authenticated AND encrypted AND credentials_delegated FROM pg_stat_gssapi WHERE pid = pg_backend_pid();',
         0,
-       'gssdeleg=enable',
+       'gssdelegation=enable',
         'succeeds with include_realm=0 and defaults',
         "connection authenticated: identity=\"test1\@$realm\" method=gss",
-       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, deleg_credentials=yes, principal=test1\@$realm)"
+       "connection authorized: user=$username database=$dbname application_name=$application GSS (authenticated=yes, encrypted=yes, delegated_credentials=yes, principal=test1\@$realm)"
  );
  
  test_query(
@@ -771,12 +771,12 @@ test_query(
         'test1',
         "SELECT * FROM dblink('user=test1 dbname=$dbname host=$host hostaddr=$hostaddr port=$port password=1234','select 1') as t1(c1 int);",
         qr/^1$/s,
-       'gssencmode=require gssdeleg=enable',
+       'gssencmode=require gssdelegation=enable',
         'dblink works encrypted');
  
  test_query(
         $node, 'test1', "TABLE tf1;", qr/^1$/s,
-       'gssencmode=require gssdeleg=enable',
+       'gssencmode=require gssdelegation=enable',
         'postgres_fdw works encrypted');
  
  # Reset pg_hba.conf, and cause a usermap failure with an authentication
diff --git a/src/test/regress/expected/rules.out b/src/test/regress/expected/rules.out

index fa9e1bd5e4183fe21d361cca9c3fc2b3b1e20e20..7fd81e6a7d007275f11d18a74531c2794ddef743 100644 (file)
--- a/src/test/regress/expected/rules.out
+++ b/src/test/regress/expected/rules.out
@@ -1760,7 +1760,7 @@ pg_stat_activity| SELECT s.datid,
      s.query_id,
      s.query,
      s.backend_type
-   FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, gss_deleg, leader_pid, query_id)
+   FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, gss_delegation, leader_pid, query_id)
       LEFT JOIN pg_database d ON ((s.datid = d.oid)))
       LEFT JOIN pg_authid u ON ((s.usesysid = u.oid)));
  pg_stat_all_indexes| SELECT c.oid AS relid,
@@ -1877,8 +1877,8 @@ pg_stat_gssapi| SELECT pid,
      gss_auth AS gss_authenticated,
      gss_princ AS principal,
      gss_enc AS encrypted,
-    gss_deleg AS credentials_delegated
-   FROM pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, gss_deleg, leader_pid, query_id)
+    gss_delegation AS credentials_delegated
+   FROM pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, gss_delegation, leader_pid, query_id)
    WHERE (client_port IS NOT NULL);
  pg_stat_io| SELECT backend_type,
      object,
@@ -2078,7 +2078,7 @@ pg_stat_replication| SELECT s.pid,
      w.sync_priority,
      w.sync_state,
      w.reply_time
-   FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, gss_deleg, leader_pid, query_id)
+   FROM ((pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, gss_delegation, leader_pid, query_id)
       JOIN pg_stat_get_wal_senders() w(pid, state, sent_lsn, write_lsn, flush_lsn, replay_lsn, write_lag, flush_lag, replay_lag, sync_priority, sync_state, reply_time) ON ((s.pid = w.pid)))
       LEFT JOIN pg_authid u ON ((s.usesysid = u.oid)));
  pg_stat_replication_slots| SELECT s.slot_name,
@@ -2112,7 +2112,7 @@ pg_stat_ssl| SELECT pid,
      ssl_client_dn AS client_dn,
      ssl_client_serial AS client_serial,
      ssl_issuer_dn AS issuer_dn
-   FROM pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, gss_deleg, leader_pid, query_id)
+   FROM pg_stat_get_activity(NULL::integer) s(datid, pid, usesysid, application_name, state, query, wait_event_type, wait_event, xact_start, query_start, backend_start, state_change, client_addr, client_hostname, client_port, backend_xid, backend_xmin, backend_type, ssl, sslversion, sslcipher, sslbits, ssl_client_dn, ssl_client_serial, ssl_issuer_dn, gss_auth, gss_princ, gss_enc, gss_delegation, leader_pid, query_id)
    WHERE (client_port IS NOT NULL);
  pg_stat_subscription| SELECT su.oid AS subid,
      su.subname,
author	Tom Lane <[email protected]>
	Sun, 21 May 2023 14:55:18 +0000 (10:55 -0400)
committer	Tom Lane <[email protected]>
	Sun, 21 May 2023 14:55:18 +0000 (10:55 -0400)
contrib/postgres_fdw/expected/postgres_fdw.out		patch \| blob \| blame \| history
contrib/postgres_fdw/option.c		patch \| blob \| blame \| history
contrib/postgres_fdw/sql/postgres_fdw.sql		patch \| blob \| blame \| history
doc/src/sgml/libpq.sgml		patch \| blob \| blame \| history
src/backend/catalog/system_views.sql		patch \| blob \| blame \| history
src/backend/foreign/foreign.c		patch \| blob \| blame \| history
src/backend/utils/init/postinit.c		patch \| blob \| blame \| history
src/include/catalog/catversion.h		patch \| blob \| blame \| history
src/include/catalog/pg_proc.dat		patch \| blob \| blame \| history
src/interfaces/libpq/fe-auth.c		patch \| blob \| blame \| history
src/interfaces/libpq/fe-connect.c		patch \| blob \| blame \| history
src/interfaces/libpq/fe-secure-gssapi.c		patch \| blob \| blame \| history
src/interfaces/libpq/libpq-int.h		patch \| blob \| blame \| history
src/test/kerberos/README		patch \| blob \| blame \| history
src/test/kerberos/t/001_auth.pl		patch \| blob \| blame \| history
src/test/regress/expected/rules.out		patch \| blob \| blame \| history