From 7275ce906e508cde20c9e5f2de8dfabda9fb2c36 Mon Sep 17 00:00:00 2001
From: Khushboo Vashi <khushboo.vashi@enterprisedb.com>
Date: Fri, 14 May 2021 12:33:01 +0530
Subject: [PATCH] =?UTF-8?q?1)=20Fixed=20an=20issue=20where=20the=20user?=
 =?UTF-8?q?=C2=A0is=20not=20warned=20if=20Kerberos=20ticket=20expiration?=
 =?UTF-8?q?=20=20=20=20is=20less=20than=2030=20min=20while=20initiating=20?=
 =?UTF-8?q?a=20global=20backup.=20Fixes=20#6444?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

2) Ensure that proper identification should be there when the server is
   connected using Kerberos or without Kerberos. Fixes #6445
---
 docs/en_US/release_notes_5_3.rst              |  2 ++
 .../browser/server_groups/servers/__init__.py | 12 +++++++++--
 .../server_groups/servers/static/js/server.js | 10 ++++++++++
 .../backup/static/js/backup_dialog_wrapper.js |  3 ++-
 .../utils/driver/psycopg2/connection.py       | 20 +++++++++++++++++++
 .../utils/driver/psycopg2/server_manager.py   |  3 +++
 6 files changed, 47 insertions(+), 3 deletions(-)

diff --git a/docs/en_US/release_notes_5_3.rst b/docs/en_US/release_notes_5_3.rst
index 4382e969a..8de3821eb 100644
--- a/docs/en_US/release_notes_5_3.rst
+++ b/docs/en_US/release_notes_5_3.rst
@@ -39,3 +39,5 @@ Bug fixes
 | `Issue #6417 <https://redmine.postgresql.org/issues/6417>`_ -  Fixed an issue where query editor is not being closed if the user clicks on the 'Don't Save' button.
 | `Issue #6420 <https://redmine.postgresql.org/issues/6420>`_ -  Ensure that pgAdmin4 shut down completely on the Quit command.
 | `Issue #6443 <https://redmine.postgresql.org/issues/6443>`_ -  Fixed an issue where file dialog showing incorrect files for the selected file types.
+| `Issue #6443 <https://redmine.postgresql.org/issues/6444>`_ -  Fixed an issue where the user is not warned if Kerberos ticket expiration is less than 30 min while initiating a global backup.
+| `Issue #6443 <https://redmine.postgresql.org/issues/6445>`_ -  Ensure that proper identification should be there when the server is connected using Kerberos or without Kerberos.
diff --git a/web/pgadmin/browser/server_groups/servers/__init__.py b/web/pgadmin/browser/server_groups/servers/__init__.py
index dc16a5de8..0d32bf4d3 100644
--- a/web/pgadmin/browser/server_groups/servers/__init__.py
+++ b/web/pgadmin/browser/server_groups/servers/__init__.py
@@ -255,6 +255,7 @@ class ServerModule(sg.ServerGroupPluginModule):
                 user_name=server.username,
                 shared=server.shared,
                 is_kerberos_conn=bool(server.kerberos_conn),
+                gss_authenticated=manager.gss_authenticated
             )
 
     @property
@@ -549,7 +550,8 @@ class ServerNode(PGChildNodeView):
                     errmsg=errmsg,
                     user_name=server.username,
                     shared=server.shared,
-                    is_kerberos_conn=bool(server.kerberos_conn)
+                    is_kerberos_conn=bool(server.kerberos_conn),
+                    gss_authenticated=manager.gss_authenticated
                 )
             )
 
@@ -617,7 +619,8 @@ class ServerNode(PGChildNodeView):
                 errmsg=errmsg,
                 shared=server.shared,
                 user_name=server.username,
-                is_kerberos_conn=bool(server.kerberos_conn)
+                is_kerberos_conn=bool(server.kerberos_conn),
+                gss_authenticated=manager.gss_authenticated
             ),
         )
 
@@ -991,6 +994,8 @@ class ServerNode(PGChildNodeView):
             if server.tunnel_identity_file else None,
             'tunnel_authentication': tunnel_authentication,
             'kerberos_conn': bool(server.kerberos_conn),
+            'gss_authenticated': manager.gss_authenticated,
+            'gss_encrypted': manager.gss_encrypted
         }
 
         return ajax_response(response)
@@ -1162,6 +1167,8 @@ class ServerNode(PGChildNodeView):
                     if manager and manager.version
                     else None,
                     is_kerberos_conn=bool(server.kerberos_conn),
+                    gss_authenticated=manager.gss_authenticated if
+                    manager and manager.gss_authenticated else False
                 )
             )
 
@@ -1478,6 +1485,7 @@ class ServerNode(PGChildNodeView):
                     'is_tunnel_password_saved': True
                     if server.tunnel_password is not None else False,
                     'is_kerberos_conn': bool(server.kerberos_conn),
+                    'gss_authenticated': manager.gss_authenticated
                 }
             )
 
diff --git a/web/pgadmin/browser/server_groups/servers/static/js/server.js b/web/pgadmin/browser/server_groups/servers/static/js/server.js
index b21cba431..45dea090e 100644
--- a/web/pgadmin/browser/server_groups/servers/static/js/server.js
+++ b/web/pgadmin/browser/server_groups/servers/static/js/server.js
@@ -910,6 +910,16 @@ define('pgadmin.node.server', [
           group: gettext('Connection'), 'options': {
             'onText':  gettext('True'), 'offText':  gettext('False'), 'size': 'mini',
           }
+        },{
+          id: 'gss_authenticated', label: gettext('GSS authenticated?'), type: 'switch',
+          group: gettext('Connection'), 'options': {
+            'onText':  gettext('True'), 'offText':  gettext('False'), 'size': 'mini',
+          }, mode: ['properties'], visible: 'isConnected'
+        },{
+          id: 'gss_encrypted', label: gettext('GSS encrypted?'), type: 'switch',
+          group: gettext('Connection'), 'options': {
+            'onText':  gettext('True'), 'offText':  gettext('False'), 'size': 'mini',
+          }, mode: ['properties'], visible: 'isConnected',
         },{
           id: 'password', label: gettext('Password'), type: 'password', maxlength: null,
           group: gettext('Connection'), control: 'input', mode: ['create'],
diff --git a/web/pgadmin/tools/backup/static/js/backup_dialog_wrapper.js b/web/pgadmin/tools/backup/static/js/backup_dialog_wrapper.js
index 1a59d420a..5a86bf82e 100644
--- a/web/pgadmin/tools/backup/static/js/backup_dialog_wrapper.js
+++ b/web/pgadmin/tools/backup/static/js/backup_dialog_wrapper.js
@@ -15,6 +15,7 @@ import _ from 'underscore';
 import {DialogWrapper} from '../../../../static/js/alertify/dialog_wrapper';
 import {fetch_ticket_lifetime} from  '../../../../authenticate/static/js/kerberos';
 import userInfo from 'pgadmin.user_management.current_user';
+import pgConst from 'pgadmin.browser.constants';
 
 export class BackupDialogWrapper extends DialogWrapper {
   constructor(dialogContainerSelector, dialogTitle, typeOfDialog,
@@ -169,7 +170,7 @@ export class BackupDialogWrapper extends DialogWrapper {
       this.setExtraParameters(selectedTreeNode, treeInfo);
       let backupDate = this.view.model.toJSON();
 
-      if(userInfo['current_auth_source'] == 'KERBEROS' && (backupDate.type == 'globals' || backupDate.type == 'server')) {
+      if(userInfo['current_auth_source'] == pgConst['KERBEROS'] && treeInfo.server.gss_authenticated && (backupDate.type == 'globals' || backupDate.type == 'server')) {
         let newPromise = fetch_ticket_lifetime();
         newPromise.then(
           function(lifetime) {
diff --git a/web/pgadmin/utils/driver/psycopg2/connection.py b/web/pgadmin/utils/driver/psycopg2/connection.py
index 3baa61fac..8ff0963f4 100644
--- a/web/pgadmin/utils/driver/psycopg2/connection.py
+++ b/web/pgadmin/utils/driver/psycopg2/connection.py
@@ -562,6 +562,26 @@ WHERE db.datname = current_database()""")
                 if len(manager.db_info) == 1:
                     manager.did = res['did']
 
+                if manager.sversion >= 120000:
+                    status = self._execute(cur, """
+        SELECT
+             gss_authenticated, encrypted
+        FROM
+            pg_catalog.pg_stat_gssapi
+        WHERE pid = pg_backend_pid()""")
+                    if status is None:
+                        if cur.rowcount > 0:
+                            res_enc = cur.fetchmany(1)[0]
+                            manager.db_info[res['did']]['gss_authenticated'] =\
+                                res_enc['gss_authenticated']
+                            manager.db_info[res['did']]['gss_encrypted'] = \
+                                res_enc['encrypted']
+
+                            if len(manager.db_info) == 1:
+                                manager.gss_authenticated = \
+                                    res_enc['gss_authenticated']
+                                manager.gss_encrypted = res_enc['encrypted']
+
         self._set_user_info(cur, manager, **kwargs)
 
         self._set_server_type_and_password(kwargs, manager)
diff --git a/web/pgadmin/utils/driver/psycopg2/server_manager.py b/web/pgadmin/utils/driver/psycopg2/server_manager.py
index 8c16c8ec3..2a951b6ed 100644
--- a/web/pgadmin/utils/driver/psycopg2/server_manager.py
+++ b/web/pgadmin/utils/driver/psycopg2/server_manager.py
@@ -106,6 +106,9 @@ class ServerManager(object):
             self.tunnel_password = None
 
         self.kerberos_conn = server.kerberos_conn
+        self.gss_authenticated = False
+        self.gss_encrypted = False
+
         for con in self.connections:
             self.connections[con]._release()