diff options
| -rw-r--r-- | SSPIClient.patch | 268 | ||||
| -rw-r--r-- | build.patch | 154 | ||||
| -rw-r--r-- | postgresql-jdbc-9.3-1102-revert-88b9a034.patch | 52 | ||||
| -rw-r--r-- | postgresql-jdbc.spec | 25 |
4 files changed, 439 insertions, 60 deletions
diff --git a/SSPIClient.patch b/SSPIClient.patch new file mode 100644 index 0000000..8d37658 --- /dev/null +++ b/SSPIClient.patch @@ -0,0 +1,268 @@ +diff --git a/org/postgresql/sspi/SSPIClient.java b/org/postgresql/sspi/SSPIClient.java +index 208018a..f71e8c9 100644 +--- a/org/postgresql/sspi/SSPIClient.java ++++ b/org/postgresql/sspi/SSPIClient.java +@@ -9,23 +9,8 @@ import org.postgresql.util.HostSpec; + import org.postgresql.util.PSQLException; + import org.postgresql.util.PSQLState; + +-import com.sun.jna.LastErrorException; +-import com.sun.jna.Platform; +-import com.sun.jna.platform.win32.Sspi; +-import com.sun.jna.platform.win32.Sspi.SecBufferDesc; +-import com.sun.jna.platform.win32.Win32Exception; +- +-import waffle.windows.auth.IWindowsAuthProvider; +-import waffle.windows.auth.IWindowsCredentialsHandle; +-import waffle.windows.auth.IWindowsSecurityContext; +-import waffle.windows.auth.impl.WindowsAccountImpl; +-import waffle.windows.auth.impl.WindowsAuthProviderImpl; +-import waffle.windows.auth.impl.WindowsCredentialsHandleImpl; +-import waffle.windows.auth.impl.WindowsSecurityContextImpl; +- + /** +- * Use Waffle-JNI to support SSPI authentication when PgJDBC is running on a Windows +- * client and talking to a Windows server. ++ * Empty class + * + * SSPI is not supported on a non-Windows client. + * +@@ -35,227 +20,59 @@ import waffle.windows.auth.impl.WindowsSecurityContextImpl; + */ + public class SSPIClient { + +- public static String SSPI_DEFAULT_SPN_SERVICE_CLASS = "POSTGRES"; +- +- private final Logger logger; +- private final PGStream pgStream; +- private final String spnServiceClass; +- private final boolean enableNegotiate; +- +- private IWindowsCredentialsHandle clientCredentials; +- private WindowsSecurityContextImpl sspiContext; +- private String targetName; +- +- + /** + * Instantiate an SSPIClient for authentication of a connection. + * +- * SSPIClient is not re-usable across connections. +- * +- * It is safe to instantiate SSPIClient even if Waffle and JNA are missing +- * or on non-Windows platforms, however you may not call any methods other than +- * isSSPISupported(). +- * + * @param pgStream PostgreSQL connection stream ++ * + * @param spnServiceClass SSPI SPN service class, defaults to POSTGRES if null + * @param logger + */ + public SSPIClient(PGStream pgStream, + String spnServiceClass, + boolean enableNegotiate, +- Logger logger) { +- this.logger = logger; +- this.pgStream = pgStream; +- +- /* If blank or unspecified, SPN service class should be POSTGRES */ +- String realServiceClass = spnServiceClass; +- if (spnServiceClass != null && spnServiceClass.isEmpty()) +- spnServiceClass = null; +- if (spnServiceClass == null) +- spnServiceClass = SSPI_DEFAULT_SPN_SERVICE_CLASS; +- this.spnServiceClass = spnServiceClass; +- +- /* If we're forcing Kerberos (no spnego), disable SSPI negotiation */ +- this.enableNegotiate = enableNegotiate; +- } ++ Logger logger) {} + + /** +- * Test whether we can attempt SSPI authentication. If false, ++ * Empty method, since there is no support for SSPI in Linux. If false, + * do not attempt to call any other SSPIClient methods. + * +- * @return true if it's safe to attempt SSPI authentication ++ * @return always false + */ + public boolean isSSPISupported() { +- try { +- /* +- * SSPI is windows-only. Attempt to use JNA to identify the platform. +- * If Waffle is missing we won't have JNA and this will throw a +- * NoClassDefFoundError. +- */ +- if (!Platform.isWindows()) +- { +- logger.debug("SSPI not supported: non-Windows host"); +- return false; +- } +- /* Waffle must be on the CLASSPATH */ +- Class.forName("waffle.windows.auth.impl.WindowsSecurityContextImpl"); +- return true; +- } catch (NoClassDefFoundError ex) { +- if (logger.logDebug()) +- logger.debug("SSPI unavailable (no Waffle/JNA libraries?)", ex); +- return false; +- } catch (ClassNotFoundException ex) { +- if (logger.logDebug()) +- logger.debug("SSPI unavailable (no Waffle/JNA libraries?)", ex); +- return false; +- } ++ return false; + } + +- private String makeSPN() throws PSQLException +- { +- final HostSpec hs = pgStream.getHostSpec(); +- +- try { +- return NTDSAPIWrapper.instance.DsMakeSpn( +- spnServiceClass, hs.getHost(), +- null, (short)hs.getPort(), null); +- } catch (LastErrorException ex) { +- throw new PSQLException("SSPI setup failed to determine SPN", +- PSQLState.CONNECTION_UNABLE_TO_CONNECT, ex); +- } ++ private String makeSPN() throws PSQLException{ ++ return ""; + } + + + /** +- * Respond to an authentication request from the back-end +- * for SSPI authentication (AUTH_REQ_SSPI). ++ * Not supported on Linux does nothing. + * + * @throws SQLException on SSPI authentication handshake failure + * @throws IOException on network I/O issues + */ + public void startSSPI() throws SQLException, IOException { +- +- /* +- * We usually use SSPI negotiation (spnego), but it's disabled if the client +- * asked for GSSPI and usespngo isn't explicitly turned on. +- */ +- final String securityPackage = enableNegotiate ? "negotiate" : "kerberos"; +- +- logger.debug("Beginning SSPI/Kerberos negotiation with SSPI package: " + securityPackage); +- +- try { +- /* +- * Acquire a handle for the local Windows login credentials for the current user +- * +- * See AcquireCredentialsHandle (http://msdn.microsoft.com/en-us/library/windows/desktop/aa374712%28v=vs.85%29.aspx) +- * +- * This corresponds to pg_SSPI_startup in libpq/fe-auth.c . +- */ +- try { +- clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage); +- clientCredentials.initialize(); +- } catch (Win32Exception ex) { +- throw new PSQLException( +- "Could not obtain local Windows credentials for SSPI", +- PSQLState.CONNECTION_UNABLE_TO_CONNECT /* TODO: Should be authentication error */, +- ex); +- } +- +- try { +- targetName = makeSPN(); +- +- if (logger.logDebug()) +- { +- logger.debug("SSPI target name: " + targetName); +- } +- +- sspiContext = new WindowsSecurityContextImpl(); +- sspiContext.setPrincipalName(targetName); +- sspiContext.setCredentialsHandle(clientCredentials.getHandle()); +- sspiContext.setSecurityPackage(securityPackage); +- sspiContext.initialize(null, null, targetName); +- } catch (Win32Exception ex) { +- throw new PSQLException( +- "Could not initialize SSPI security context", +- PSQLState.CONNECTION_UNABLE_TO_CONNECT /* TODO: Should be auth error */, +- ex); +- } +- +- sendSSPIResponse(sspiContext.getToken()); +- logger.debug("Sent first SSPI negotiation message"); +- } catch (NoClassDefFoundError ex) { +- throw new PSQLException( +- "SSPI cannot be used, Waffle or its dependencies are missing from the classpath", +- PSQLState.NOT_IMPLEMENTED, ex); +- } + } + + /** +- * Continue an existing authentication conversation with +- * the back-end in resonse to an authentication request +- * of type AUTH_REQ_GSS_CONT. +- * ++ * Not supported on Linux does nothing. ++ * + * @param msgLength Length of message to read, excluding length word and message type word + * @throws SQLException + * @throws IOException + */ + public void continueSSPI(int msgLength) throws SQLException, IOException { +- +- if (sspiContext == null) +- throw new IllegalStateException( +- "Cannot continue SSPI authentication that we didn't begin"); +- +- logger.debug("Continuing SSPI negotiation"); +- +- /* Read the response token from the server */ +- byte[] receivedToken = pgStream.Receive(msgLength); +- +- SecBufferDesc continueToken = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, receivedToken); +- +- sspiContext.initialize(sspiContext.getHandle(), continueToken, targetName); +- +- /* +- * Now send the response token. If negotiation is complete +- * there may be zero bytes to send, in which case we shouldn't +- * send a reply as the server is not expecting one; see fe-auth.c +- * in libpq for details. +- */ +- byte[] responseToken = sspiContext.getToken(); +- if (responseToken.length > 0) +- { +- sendSSPIResponse(responseToken); +- logger.debug("Sent SSPI negotiation continuation message"); +- } else { +- logger.debug("SSPI authentication complete, no reply required"); +- } + } + + private void sendSSPIResponse(byte[] outToken) throws IOException { +- /* +- * The sspiContext now contains a token we can send to the server to +- * start the handshake. Send a 'password' message containing the +- * required data; the server knows we're doing SSPI negotiation +- * and will deal with it appropriately. +- */ +- pgStream.SendChar('p'); +- pgStream.SendInteger4(4 + outToken.length); +- pgStream.Send(outToken); +- pgStream.flush(); + } + + /** +- * Clean up native win32 resources after completion or failure of +- * SSPI authentication. This SSPIClient instance becomes unusable +- * after disposal. ++ * Not supported on Linux does nothing. + */ + public void dispose() { +- if (sspiContext != null) { +- sspiContext.dispose(); +- sspiContext = null; +- } +- if (clientCredentials != null) { +- clientCredentials.dispose(); +- clientCredentials = null; +- } + } + } diff --git a/build.patch b/build.patch new file mode 100644 index 0000000..1e5f54a --- /dev/null +++ b/build.patch @@ -0,0 +1,154 @@ +diff --git a/build.xml b/build.xml +index a93eaae..399fd4d 100644 +--- a/build.xml ++++ b/build.xml +@@ -79,18 +79,14 @@ + <!-- ssl --> + <include name="${package}/ssl/**" /> + +- <!-- gss and sspi --> ++ <!-- gss --> + <include name="${package}/gss/*.java"/> +- <include name="${package}/sspi/*.java"/> + + <!-- datasource stuff --> + <include name="${package}/ds/**"/> + + <!-- XA stuff --> + <include name="${package}/xa/**"/> +- +- <!-- OSGi package --> +- <include name="${package}/osgi/*.java"/> + </patternset> + + <property name="waffle-jna.version" value="1.7" /> +@@ -218,18 +214,6 @@ + </artifact:dependencies> + + <!-- +- These are used for test compilation and for test running only. They aren't +- exposed to javac during the main driver compilation. +- --> +- <artifact:dependencies pathId="dependency.test.classpath" +- filesetId="dependency.test.fileset" +- useScope="test" +- pomRefId="org.postgresql:postgresql:pom"> +- <remoteRepository id="${maven.remote.repository.id}" +- url="${maven.remote.repository.url}"/> +- </artifact:dependencies> +- +- <!-- + These are used for building only and are only exposed for ant script + --> + <artifact:dependencies pathId="dependency.build.classpath"> +@@ -354,13 +338,8 @@ + + <!-- create the jar file --> + <target name="jar" depends="compile, artifact-version"> +- <property name="temp.jar.dir" value="${builddir}/${jardir}"/> + <property name="artifact.jar" value="${jardir}/${artifact.version.string}.jar"/> +- <property name="artifact.jar.build" value="${temp.jar.dir}/${artifact.version.string}.jar"/> +- +- <mkdir dir="${temp.jar.dir}" /> +- +- <jar jarfile="${artifact.jar.build}"> ++ <jar jarfile="${artifact.jar}"> + <fileset dir="${builddir}"> + <include name="${package}/**/*.class" /> + </fileset> +@@ -383,34 +362,6 @@ + <attribute name="Implementation-Vendor" value="PostgreSQL Global Development Group" /> + </manifest> + </jar> +- +- <!-- add OSGi meta information --> +- <property name="osgidir" value="${builddir}/osgi"/> +- <mkdir dir="${osgidir}"/> +- +- <!-- create a bnd file named after the JAR file so that bnd wrap tool find it --> +- <echo file="${osgidir}/${artifact.version.string}.bnd"> +-Bundle-ManifestVersion: 2 +- +-Bundle-Name: PostgreSQL JDBC Driver ${jdbc.version.upper} +-Bundle-SymbolicName: org.postgresql.${jdbc.version} +-Bundle-Version: ${osgi.version} +- +-Bundle-Vendor: PostgreSQL Global Development Group +-Bundle-Copyright: Copyright (c) 2003-2015, PostgreSQL Global Development Group +-Bundle-License: http://www.postgresql.org/about/licence/ +-Bundle-DocURL: http://jdbc.postgresql.org/ +- +-Bundle-Classpath: . +-Bundle-Activator: org.postgresql.osgi.PGBundleActivator +-Require-Capability: osgi.ee;filter:="(&(|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=${java.specification.version}))" +-Export-Package: org.postgresql*; version=${fullversion} +-Import-Package: javax.sql, javax.transaction.xa, javax.naming, *;resolution:=optional +- </echo> +- +- <!-- run wrap task from bnd --> +- <taskdef resource="aQute/bnd/ant/taskdef.properties" classpathref="dependency.build.classpath"/> +- <bndwrap jars="${artifact.jar.build}" output="${artifact.jar}" definitions="${osgidir}"/> + </target> + + <!-- create a distribution with docs, dependencies, and driver jar --> +@@ -469,14 +420,13 @@ Import-Package: javax.sql, javax.transaction.xa, javax.naming, *;resolution:=opt + </zip> + </target> + +- <target name="compile" depends="prepare,check_versions,driver,maven-dependencies"> ++ <target name="compile" depends="prepare,check_versions,driver"> + + <available classname="org.postgresql.Driver" property="old.driver.present" /> + <fail message="Old driver was detected on classpath or in jre/lib/ext, please remove and try again." if="old.driver.present" /> + + <javac classpath="${srcdir}" srcdir="${srcdir}" destdir="${builddir}" + debug="${debug}" debuglevel="lines,vars,source" source="${java.specification.version}" includeantruntime="false"> +- <classpath refid="dependency.compile.classpath"/> + <!-- Do NOT add dependency.test here, we should not depend on junit --> + <!-- Similarly, omit dependency.runtime, we're intentionally not compiling against those libs --> + <patternset refid="jdbc.version.src.pattern"/> +@@ -663,13 +613,11 @@ Import-Package: javax.sql, javax.transaction.xa, javax.naming, *;resolution:=opt + + <!-- This compiles and builds the test jarfile. --> + <target name="testjar" depends="snapshot-version, jar"> ++ <fail message="JUnit could not be found in your classpath. You must download and install it from http://junit.org to build and run the test suite." unless="junit" /> + <mkdir dir="${builddir}/tests"/> + <javac srcdir="${srcdir}" destdir="${builddir}/tests" debug="${debug}" + debuglevel="lines,vars,source" + source="${java.specification.version}" includeantruntime="false"> +- <classpath refid="dependency.compile.classpath" /> +- <classpath refid="dependency.runtime.classpath" /> +- <classpath refid="dependency.test.classpath" /> + <include name="${package}/test/**" /> + + <exclude name="${package}/test/jdbc4/jdbc41/**" unless="jdbc41tests" /> +@@ -712,9 +660,6 @@ Import-Package: javax.sql, javax.transaction.xa, javax.naming, *;resolution:=opt + <sysproperty key="protocolVersion" value="${protocolVersion}" /> + <sysproperty key="ssltest.properties" value="${ssltest.properties}" /> + +- <classpath refid="dependency.compile.classpath" /> +- <classpath refid="dependency.runtime.classpath" /> +- <classpath refid="dependency.test.classpath" /> + <classpath> + <pathelement location="${artifact.jar}" /> + <pathelement location="${jardir}/postgresql-tests.jar" /> +@@ -835,8 +780,7 @@ Import-Package: javax.sql, javax.transaction.xa, javax.naming, *;resolution:=opt + </target> + + <target name="artifact-version" +- description="Sets the version string for the jar artifact" +- depends="maven-dependencies"> ++ description="Sets the version string for the jar artifact"> + <property name="artifact.version.string" value="${maven.artifact.id}-${maven.artifact.version}.${jdbc.version}" /> + <echo message="Artifact version string: ${artifact.version.string}" /> + </target> +@@ -853,8 +797,7 @@ Import-Package: javax.sql, javax.transaction.xa, javax.naming, *;resolution:=opt + <echo message="Maven version string: ${maven.artifact.version.string}" /> + </target> + +- <target name="prepare-pom" depends="maven-dependencies" +- description="Write a pom.xml for uploading to Maven Central"> ++ <target name="prepare-pom" description="Write a pom.xml for uploading to Maven Central"> + + <mkdir dir="${builddir}/pom"/> + diff --git a/postgresql-jdbc-9.3-1102-revert-88b9a034.patch b/postgresql-jdbc-9.3-1102-revert-88b9a034.patch deleted file mode 100644 index e5b49d3..0000000 --- a/postgresql-jdbc-9.3-1102-revert-88b9a034.patch +++ /dev/null @@ -1,52 +0,0 @@ -commit 7fe0e29ab432a4ce0753f287db4efcd8a441c6e1 (HEAD, REL9_3_STABLE) -Author: Pavel Raiskup <praiskup@redhat.com> -AuthorDate: Mon Jul 14 09:00:03 2014 +0200 -Commit: Pavel Raiskup <praiskup@redhat.com> -CommitDate: Mon Jul 14 09:00:03 2014 +0200 - - Revert "backpatch fix to build to allow travis CI to build it" - - This reverts commit 88b9a034c8dd86a1de961f370e548cac74ed1031. - -diff --git a/build.xml b/build.xml -index 152517d..2b86a36 100644 ---- a/build.xml -+++ b/build.xml -@@ -106,10 +106,6 @@ - <include name="${package}/xa/jdbc4/*.java" if="jdbc4any"/> - </patternset> - -- <artifact:dependencies pathId="dependency.classpath" useScope="test"> -- <dependency groupId="junit" artifactId="junit" version="3.8.2" scope="test"/> -- </artifact:dependencies> -- - <target name="check_versions"> - <condition property="jdbc2"> - <or> -@@ -233,7 +229,6 @@ - <fail message="Old driver was detected on classpath or in jre/lib/ext, please remove and try again." if="old.driver.present" /> - - <javac classpath="${srcdir}" srcdir="${srcdir}" destdir="${builddir}" debug="${debug}" source="${java.specification.version}"> -- <classpath refid="dependency.classpath" /> - <patternset refid="jdbc.version.src.pattern"/> - </javac> - </target> -@@ -434,9 +429,9 @@ - - <!-- This compiles and builds the test jarfile. --> - <target name="testjar" depends="jar"> -+ <fail message="JUnit could not be found in your classpath. You must download and install it from http://junit.org to build and run the test suite." unless="junit" /> - <mkdir dir="${builddir}/tests"/> - <javac srcdir="${srcdir}" destdir="${builddir}/tests" debug="${debug}" source="${java.specification.version}"> -- <classpath refid="dependency.classpath" /> - <include name="${package}/test/**" /> - - <exclude name="${package}/test/jdbc4/**" unless="jdbc4tests" /> -@@ -472,7 +467,6 @@ - <sysproperty key="protocolVersion" value="${protocolVersion}" /> - <sysproperty key="ssltest.properties" value="${ssltest.properties}" /> - -- <classpath refid="dependency.classpath" /> - <classpath> - <pathelement location="${artifact.jar}" /> - <pathelement location="${jardir}/postgresql-tests.jar" /> diff --git a/postgresql-jdbc.spec b/postgresql-jdbc.spec index 9c4e036..2f4fbf8 100644 --- a/postgresql-jdbc.spec +++ b/postgresql-jdbc.spec @@ -29,13 +29,13 @@ # %global section devel -%global upstreamrel 1200 +%global upstreamrel 1205 %global upstreamver 9.4-%{upstreamrel} Summary: JDBC driver for PostgreSQL Name: postgresql-jdbc Version: 9.4.%{upstreamrel} -Release: 2%{?dist} +Release: 1%{?dist} # ASL 2.0 applies only to postgresql-jdbc.pom file, the rest is BSD License: BSD and ASL 2.0 Group: Applications/Databases @@ -45,11 +45,12 @@ Source0: http://jdbc.postgresql.org/download/%{name}-%{upstreamver}.src.tar.gz # originally http://repo2.maven.org/maven2/postgresql/postgresql/8.4-701.jdbc4/postgresql-8.4-701.jdbc4.pom: Source1: %{name}.pom -# Revert back fix for travis build which breaks our ant-build for version 1.9.2 -# & 1.9.4. -# ~> downstream -# ~> 1118667 -Patch0: postgresql-jdbc-9.3-1102-revert-88b9a034.patch +# Stripped maven from from ant build +Patch0: build.patch + +# Erased parts of code where was required sspi +# sspi is used for authorization but windows only +Patch1: SSPIClient.patch BuildArch: noarch BuildRequires: java-devel >= 1:1.8 @@ -76,7 +77,11 @@ This package contains the API Documentation for %{name}. %prep %setup -c -q +rm -f %{name}-%{upstreamver}.src/org/postgresql/sspi/NTDSAPI.java +rm -f %{name}-%{upstreamver}.src/org/postgresql/sspi/NTDSAPIWrapper.java +rm -f %{name}-%{upstreamver}.src/org/postgresql/osgi/* mv -f %{name}-%{upstreamver}.src/* . +rm -f %{name}-%{upstreamver}.src/.gitattributes rm -f %{name}-%{upstreamver}.src/.gitignore rm -f %{name}-%{upstreamver}.src/.travis.yml rmdir %{name}-%{upstreamver}.src @@ -85,6 +90,7 @@ rmdir %{name}-%{upstreamver}.src find -name "*.jar" -or -name "*.class" | xargs rm -f %patch0 -p1 -b .revert-travis-fix +%patch1 -p1 %build export OPT_JAR_LIST="ant/ant-junit junit" @@ -102,7 +108,7 @@ ant jar publicapi install -d $RPM_BUILD_ROOT%{_javadir} # Per jpp conventions, jars have version-numbered names and we add # versionless symlinks. -install -m 644 jars/postgresql-%{upstreamver}.jdbc41.jar $RPM_BUILD_ROOT%{_javadir}/%{name}.jar +install -m 644 jars/postgresql-%{upstreamver}.jdbc42.jar $RPM_BUILD_ROOT%{_javadir}/%{name}.jar pushd $RPM_BUILD_ROOT%{_javadir} @@ -147,6 +153,9 @@ ant test 2>&1 | tee "$test_log" || : %doc %{_javadocdir}/%{name} %changelog +* Wed Nov 25 2015 Pavel Kajaba <pkajaba@redhat.com> - 9.4.1205-1 +- Stripped osgi and sspi. Rebased to most recent version + * Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.4.1200-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild |