1) Fixed an issue where the user is not warned if Kerberos ticket expiration

is less than 30 min while initiating a global backup. Fixes #6444 2) Ensure that proper identification should be there when the server is connected using Kerberos or without Kerberos. Fixes #6445
2024-11-26 02:30:21 -06:00 · 2021-05-14 12:33:01 +05:30 · 2021-05-14 12:33:01 +05:30 · 7275ce906e
commit 7275ce906e
parent 7ed97eeec4
6 changed files with 47 additions and 3 deletions
--- a/docs/en_US/release_notes_5_3.rst
+++ b/docs/en_US/release_notes_5_3.rst
@ -39,3 +39,5 @@ Bug fixes
 | `Issue #6417 <https://redmine.postgresql.org/issues/6417>`_ -  Fixed an issue where query editor is not being closed if the user clicks on the 'Don't Save' button.
 | `Issue #6420 <https://redmine.postgresql.org/issues/6420>`_ -  Ensure that pgAdmin4 shut down completely on the Quit command.
 | `Issue #6443 <https://redmine.postgresql.org/issues/6443>`_ -  Fixed an issue where file dialog showing incorrect files for the selected file types.
+| `Issue #6443 <https://redmine.postgresql.org/issues/6444>`_ -  Fixed an issue where the user is not warned if Kerberos ticket expiration is less than 30 min while initiating a global backup.
+| `Issue #6443 <https://redmine.postgresql.org/issues/6445>`_ -  Ensure that proper identification should be there when the server is connected using Kerberos or without Kerberos.
--- a/web/pgadmin/browser/server_groups/servers/init.py
+++ b/web/pgadmin/browser/server_groups/servers/init.py
@ -255,6 +255,7 @@ class ServerModule(sg.ServerGroupPluginModule):
                user_name=server.username,
                shared=server.shared,
                is_kerberos_conn=bool(server.kerberos_conn),
+                gss_authenticated=manager.gss_authenticated
            )

    @property
@ -549,7 +550,8 @@ class ServerNode(PGChildNodeView):
                    errmsg=errmsg,
                    user_name=server.username,
                    shared=server.shared,
-                    is_kerberos_conn=bool(server.kerberos_conn)
+                    is_kerberos_conn=bool(server.kerberos_conn),
+                    gss_authenticated=manager.gss_authenticated
                )
            )

@ -617,7 +619,8 @@ class ServerNode(PGChildNodeView):
                errmsg=errmsg,
                shared=server.shared,
                user_name=server.username,
-                is_kerberos_conn=bool(server.kerberos_conn)
+                is_kerberos_conn=bool(server.kerberos_conn),
+                gss_authenticated=manager.gss_authenticated
            ),
        )

@ -991,6 +994,8 @@ class ServerNode(PGChildNodeView):
            if server.tunnel_identity_file else None,
            'tunnel_authentication': tunnel_authentication,
            'kerberos_conn': bool(server.kerberos_conn),
+            'gss_authenticated': manager.gss_authenticated,
+            'gss_encrypted': manager.gss_encrypted
        }

        return ajax_response(response)
@ -1162,6 +1167,8 @@ class ServerNode(PGChildNodeView):
                    if manager and manager.version
                    else None,
                    is_kerberos_conn=bool(server.kerberos_conn),
+                    gss_authenticated=manager.gss_authenticated if
+                    manager and manager.gss_authenticated else False
                )
            )

@ -1478,6 +1485,7 @@ class ServerNode(PGChildNodeView):
                    'is_tunnel_password_saved': True
                    if server.tunnel_password is not None else False,
                    'is_kerberos_conn': bool(server.kerberos_conn),
+                    'gss_authenticated': manager.gss_authenticated
                }
            )

--- a/web/pgadmin/browser/server_groups/servers/static/js/server.js
+++ b/web/pgadmin/browser/server_groups/servers/static/js/server.js
@ -910,6 +910,16 @@ define('pgadmin.node.server', [
          group: gettext('Connection'), 'options': {
            'onText':  gettext('True'), 'offText':  gettext('False'), 'size': 'mini',
          }
+        },{
+          id: 'gss_authenticated', label: gettext('GSS authenticated?'), type: 'switch',
+          group: gettext('Connection'), 'options': {
+            'onText':  gettext('True'), 'offText':  gettext('False'), 'size': 'mini',
+          }, mode: ['properties'], visible: 'isConnected'
+        },{
+          id: 'gss_encrypted', label: gettext('GSS encrypted?'), type: 'switch',
+          group: gettext('Connection'), 'options': {
+            'onText':  gettext('True'), 'offText':  gettext('False'), 'size': 'mini',
+          }, mode: ['properties'], visible: 'isConnected',
        },{
          id: 'password', label: gettext('Password'), type: 'password', maxlength: null,
          group: gettext('Connection'), control: 'input', mode: ['create'],
--- a/web/pgadmin/tools/backup/static/js/backup_dialog_wrapper.js
+++ b/web/pgadmin/tools/backup/static/js/backup_dialog_wrapper.js
@ -15,6 +15,7 @@ import _ from 'underscore';
 import {DialogWrapper} from '../../../../static/js/alertify/dialog_wrapper';
 import {fetch_ticket_lifetime} from  '../../../../authenticate/static/js/kerberos';
 import userInfo from 'pgadmin.user_management.current_user';
+import pgConst from 'pgadmin.browser.constants';

 export class BackupDialogWrapper extends DialogWrapper {
  constructor(dialogContainerSelector, dialogTitle, typeOfDialog,
@ -169,7 +170,7 @@ export class BackupDialogWrapper extends DialogWrapper {
      this.setExtraParameters(selectedTreeNode, treeInfo);
      let backupDate = this.view.model.toJSON();

-      if(userInfo['current_auth_source'] == 'KERBEROS' && (backupDate.type == 'globals' || backupDate.type == 'server')) {
+      if(userInfo['current_auth_source'] == pgConst['KERBEROS'] && treeInfo.server.gss_authenticated && (backupDate.type == 'globals' || backupDate.type == 'server')) {
        let newPromise = fetch_ticket_lifetime();
        newPromise.then(
          function(lifetime) {
--- a/web/pgadmin/utils/driver/psycopg2/connection.py
+++ b/web/pgadmin/utils/driver/psycopg2/connection.py
@ -562,6 +562,26 @@ WHERE db.datname = current_database()""")
                if len(manager.db_info) == 1:
                    manager.did = res['did']

+                if manager.sversion >= 120000:
+                    status = self._execute(cur, """
+        SELECT
+             gss_authenticated, encrypted
+        FROM
+            pg_catalog.pg_stat_gssapi
+        WHERE pid = pg_backend_pid()""")
+                    if status is None:
+                        if cur.rowcount > 0:
+                            res_enc = cur.fetchmany(1)[0]
+                            manager.db_info[res['did']]['gss_authenticated'] =\
+                                res_enc['gss_authenticated']
+                            manager.db_info[res['did']]['gss_encrypted'] = \
+                                res_enc['encrypted']
+
+                            if len(manager.db_info) == 1:
+                                manager.gss_authenticated = \
+                                    res_enc['gss_authenticated']
+                                manager.gss_encrypted = res_enc['encrypted']
+
        self._set_user_info(cur, manager, **kwargs)

        self._set_server_type_and_password(kwargs, manager)
--- a/web/pgadmin/utils/driver/psycopg2/server_manager.py
+++ b/web/pgadmin/utils/driver/psycopg2/server_manager.py
@ -106,6 +106,9 @@ class ServerManager(object):
            self.tunnel_password = None

        self.kerberos_conn = server.kerberos_conn
+        self.gss_authenticated = False
+        self.gss_encrypted = False
+
        for con in self.connections:
            self.connections[con]._release()