1) Fixed an issue where the user is not warned if Kerberos ticket expiration

is less than 30 min while initiating a global backup. Fixes #6444

2) Ensure that proper identification should be there when the server is
   connected using Kerberos or without Kerberos. Fixes #6445
This commit is contained in:
Khushboo Vashi 2021-05-14 12:33:01 +05:30 committed by Akshay Joshi
parent 7ed97eeec4
commit 7275ce906e
6 changed files with 47 additions and 3 deletions

View File

@ -39,3 +39,5 @@ Bug fixes
| `Issue #6417 <https://redmine.postgresql.org/issues/6417>`_ - Fixed an issue where query editor is not being closed if the user clicks on the 'Don't Save' button. | `Issue #6417 <https://redmine.postgresql.org/issues/6417>`_ - Fixed an issue where query editor is not being closed if the user clicks on the 'Don't Save' button.
| `Issue #6420 <https://redmine.postgresql.org/issues/6420>`_ - Ensure that pgAdmin4 shut down completely on the Quit command. | `Issue #6420 <https://redmine.postgresql.org/issues/6420>`_ - Ensure that pgAdmin4 shut down completely on the Quit command.
| `Issue #6443 <https://redmine.postgresql.org/issues/6443>`_ - Fixed an issue where file dialog showing incorrect files for the selected file types. | `Issue #6443 <https://redmine.postgresql.org/issues/6443>`_ - Fixed an issue where file dialog showing incorrect files for the selected file types.
| `Issue #6443 <https://redmine.postgresql.org/issues/6444>`_ - Fixed an issue where the user is not warned if Kerberos ticket expiration is less than 30 min while initiating a global backup.
| `Issue #6443 <https://redmine.postgresql.org/issues/6445>`_ - Ensure that proper identification should be there when the server is connected using Kerberos or without Kerberos.

View File

@ -255,6 +255,7 @@ class ServerModule(sg.ServerGroupPluginModule):
user_name=server.username, user_name=server.username,
shared=server.shared, shared=server.shared,
is_kerberos_conn=bool(server.kerberos_conn), is_kerberos_conn=bool(server.kerberos_conn),
gss_authenticated=manager.gss_authenticated
) )
@property @property
@ -549,7 +550,8 @@ class ServerNode(PGChildNodeView):
errmsg=errmsg, errmsg=errmsg,
user_name=server.username, user_name=server.username,
shared=server.shared, shared=server.shared,
is_kerberos_conn=bool(server.kerberos_conn) is_kerberos_conn=bool(server.kerberos_conn),
gss_authenticated=manager.gss_authenticated
) )
) )
@ -617,7 +619,8 @@ class ServerNode(PGChildNodeView):
errmsg=errmsg, errmsg=errmsg,
shared=server.shared, shared=server.shared,
user_name=server.username, user_name=server.username,
is_kerberos_conn=bool(server.kerberos_conn) is_kerberos_conn=bool(server.kerberos_conn),
gss_authenticated=manager.gss_authenticated
), ),
) )
@ -991,6 +994,8 @@ class ServerNode(PGChildNodeView):
if server.tunnel_identity_file else None, if server.tunnel_identity_file else None,
'tunnel_authentication': tunnel_authentication, 'tunnel_authentication': tunnel_authentication,
'kerberos_conn': bool(server.kerberos_conn), 'kerberos_conn': bool(server.kerberos_conn),
'gss_authenticated': manager.gss_authenticated,
'gss_encrypted': manager.gss_encrypted
} }
return ajax_response(response) return ajax_response(response)
@ -1162,6 +1167,8 @@ class ServerNode(PGChildNodeView):
if manager and manager.version if manager and manager.version
else None, else None,
is_kerberos_conn=bool(server.kerberos_conn), is_kerberos_conn=bool(server.kerberos_conn),
gss_authenticated=manager.gss_authenticated if
manager and manager.gss_authenticated else False
) )
) )
@ -1478,6 +1485,7 @@ class ServerNode(PGChildNodeView):
'is_tunnel_password_saved': True 'is_tunnel_password_saved': True
if server.tunnel_password is not None else False, if server.tunnel_password is not None else False,
'is_kerberos_conn': bool(server.kerberos_conn), 'is_kerberos_conn': bool(server.kerberos_conn),
'gss_authenticated': manager.gss_authenticated
} }
) )

View File

@ -910,6 +910,16 @@ define('pgadmin.node.server', [
group: gettext('Connection'), 'options': { group: gettext('Connection'), 'options': {
'onText': gettext('True'), 'offText': gettext('False'), 'size': 'mini', 'onText': gettext('True'), 'offText': gettext('False'), 'size': 'mini',
} }
},{
id: 'gss_authenticated', label: gettext('GSS authenticated?'), type: 'switch',
group: gettext('Connection'), 'options': {
'onText': gettext('True'), 'offText': gettext('False'), 'size': 'mini',
}, mode: ['properties'], visible: 'isConnected'
},{
id: 'gss_encrypted', label: gettext('GSS encrypted?'), type: 'switch',
group: gettext('Connection'), 'options': {
'onText': gettext('True'), 'offText': gettext('False'), 'size': 'mini',
}, mode: ['properties'], visible: 'isConnected',
},{ },{
id: 'password', label: gettext('Password'), type: 'password', maxlength: null, id: 'password', label: gettext('Password'), type: 'password', maxlength: null,
group: gettext('Connection'), control: 'input', mode: ['create'], group: gettext('Connection'), control: 'input', mode: ['create'],

View File

@ -15,6 +15,7 @@ import _ from 'underscore';
import {DialogWrapper} from '../../../../static/js/alertify/dialog_wrapper'; import {DialogWrapper} from '../../../../static/js/alertify/dialog_wrapper';
import {fetch_ticket_lifetime} from '../../../../authenticate/static/js/kerberos'; import {fetch_ticket_lifetime} from '../../../../authenticate/static/js/kerberos';
import userInfo from 'pgadmin.user_management.current_user'; import userInfo from 'pgadmin.user_management.current_user';
import pgConst from 'pgadmin.browser.constants';
export class BackupDialogWrapper extends DialogWrapper { export class BackupDialogWrapper extends DialogWrapper {
constructor(dialogContainerSelector, dialogTitle, typeOfDialog, constructor(dialogContainerSelector, dialogTitle, typeOfDialog,
@ -169,7 +170,7 @@ export class BackupDialogWrapper extends DialogWrapper {
this.setExtraParameters(selectedTreeNode, treeInfo); this.setExtraParameters(selectedTreeNode, treeInfo);
let backupDate = this.view.model.toJSON(); let backupDate = this.view.model.toJSON();
if(userInfo['current_auth_source'] == 'KERBEROS' && (backupDate.type == 'globals' || backupDate.type == 'server')) { if(userInfo['current_auth_source'] == pgConst['KERBEROS'] && treeInfo.server.gss_authenticated && (backupDate.type == 'globals' || backupDate.type == 'server')) {
let newPromise = fetch_ticket_lifetime(); let newPromise = fetch_ticket_lifetime();
newPromise.then( newPromise.then(
function(lifetime) { function(lifetime) {

View File

@ -562,6 +562,26 @@ WHERE db.datname = current_database()""")
if len(manager.db_info) == 1: if len(manager.db_info) == 1:
manager.did = res['did'] manager.did = res['did']
if manager.sversion >= 120000:
status = self._execute(cur, """
SELECT
gss_authenticated, encrypted
FROM
pg_catalog.pg_stat_gssapi
WHERE pid = pg_backend_pid()""")
if status is None:
if cur.rowcount > 0:
res_enc = cur.fetchmany(1)[0]
manager.db_info[res['did']]['gss_authenticated'] =\
res_enc['gss_authenticated']
manager.db_info[res['did']]['gss_encrypted'] = \
res_enc['encrypted']
if len(manager.db_info) == 1:
manager.gss_authenticated = \
res_enc['gss_authenticated']
manager.gss_encrypted = res_enc['encrypted']
self._set_user_info(cur, manager, **kwargs) self._set_user_info(cur, manager, **kwargs)
self._set_server_type_and_password(kwargs, manager) self._set_server_type_and_password(kwargs, manager)

View File

@ -106,6 +106,9 @@ class ServerManager(object):
self.tunnel_password = None self.tunnel_password = None
self.kerberos_conn = server.kerberos_conn self.kerberos_conn = server.kerberos_conn
self.gss_authenticated = False
self.gss_encrypted = False
for con in self.connections: for con in self.connections:
self.connections[con]._release() self.connections[con]._release()