Remove automatic registration of GSS provider

AGWA · AGWA · commit 83d7d7f83f6e · 2020-06-02T11:00:49.000-04:00
This removes the dependency from the kerberos module to the pq module,
which would have complicated releases.
diff --git a/README.md b/README.md
@@ -22,7 +22,7 @@
 
 ## Optional Features
 
-* GSS (Kerberos) auth (to use, import `github.com/lib/pq/auth/kerberos`)
+* GSS (Kerberos) auth (to use, see GoDoc)
 
 ## Tests
 
diff --git a/auth/kerberos/go.mod b/auth/kerberos/go.mod
@@ -2,10 +2,7 @@ module github.com/lib/pq/auth/kerberos
 
 go 1.13
 
-replace github.com/lib/pq => ../..
-
 require (
 	github.com/alexbrainman/sspi v0.0.0-20180613141037-e580b900e9f5
 	github.com/jcmturner/gokrb5/v8 v8.2.0
-	github.com/lib/pq v1.6.0
 )
diff --git a/auth/kerberos/go.sum b/auth/kerberos/go.sum
@@ -20,8 +20,6 @@ github.com/jcmturner/gokrb5/v8 v8.2.0 h1:lzPl/30ZLkTveYsYZPKMcgXc8MbnE6RsTd4F9Kg
 github.com/jcmturner/gokrb5/v8 v8.2.0/go.mod h1:T1hnNppQsBtxW0tCHMHTkAt8n/sABdzZgZdoFrZaZNM=
 github.com/jcmturner/rpc/v2 v2.0.2 h1:gMB4IwRXYsWw4Bc6o/az2HJgFUA1ffSh90i26ZJ6Xl0=
 github.com/jcmturner/rpc/v2 v2.0.2/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
-github.com/lib/pq v1.6.0 h1:I5DPxhYJChW9KYc66se+oKFFQX6VuQrKiprsX6ivRZc=
-github.com/lib/pq v1.6.0/go.mod h1:4vXEAYvW1fRQ2/FhZ78H73A60MHw1geSm145z2mdY1g=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -30,8 +28,6 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200117160349-530e935923ad h1:Jh8cai0fqIK+f6nG0UgPW5wFk8wmiMhM3AyciDBdtQg=
 golang.org/x/crypto v0.0.0-20200117160349-530e935923ad/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4 h1:QmwruyY+bKbDDL0BaglrbZABEali68eoMFhTZpCjYVA=
-golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa h1:F+8P+gmewFQYRk6JoLQLwjBCTu3mcIURZfNkVweuRKA=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -40,10 +36,5 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/jcmturner/aescts.v1 v1.0.1/go.mod h1:nsR8qBOg+OucoIW+WMhB3GspUQXq9XorLnQb9XtvcOo=
-gopkg.in/jcmturner/dnsutils.v1 v1.0.1/go.mod h1:m3v+5svpVOhtFAP/wSz+yzh4Mc0Fg7eRhxkJMWSIz9Q=
-gopkg.in/jcmturner/goidentity.v3 v3.0.0/go.mod h1:oG2kH0IvSYNIu80dVAyu/yoefjq1mNfM5bm88whjWx4=
-gopkg.in/jcmturner/gokrb5.v7 v7.5.0/go.mod h1:l8VISx+WGYp+Fp7KRbsiUuXTTOnxIc3Tuvyavf11/WM=
-gopkg.in/jcmturner/rpc.v1 v1.1.0/go.mod h1:YIdkC4XfD6GXbzje11McwsDuOlZQSb9W4vfLvuNnlv8=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/auth/kerberos/krb_unix.go b/auth/kerberos/krb_unix.go
@@ -12,21 +12,20 @@ import (
 	"github.com/jcmturner/gokrb5/v8/config"
 	"github.com/jcmturner/gokrb5/v8/credentials"
 	"github.com/jcmturner/gokrb5/v8/spnego"
-	"github.com/lib/pq"
 )
 
 /*
  * UNIX Kerberos support, using jcmturner's pure-go
  * implementation
  */
 
-// Implements the Gss interface
-type gss struct {
+// Implements the pq.Gss interface
+type Gss struct {
 	cli *client.Client
 }
 
-func NewGSS() (pq.Gss, error) {
-	g := &gss{}
+func NewGSS() (*Gss, error) {
+	g := &Gss{}
 	err := g.init()
 
 	if err != nil {
@@ -36,7 +35,7 @@ func NewGSS() (pq.Gss, error) {
 	return g, nil
 }
 
-func (g *gss) init() error {
+func (g *Gss) init() error {
 	cfgPath, ok := os.LookupEnv("KRB5_CONFIG")
 	if !ok {
 		cfgPath = "/etc/krb5.conf"
@@ -76,7 +75,7 @@ func (g *gss) init() error {
 	return nil
 }
 
-func (g *gss) GetInitToken(host string, service string) ([]byte, error) {
+func (g *Gss) GetInitToken(host string, service string) ([]byte, error) {
 
 	// Resolve the hostname down to an 'A' record, if required (usually, it is)
 	if g.cli.Config.LibDefaults.DNSCanonicalizeHostname {
@@ -92,7 +91,7 @@ func (g *gss) GetInitToken(host string, service string) ([]byte, error) {
 	return g.GetInitTokenFromSpn(spn)
 }
 
-func (g *gss) GetInitTokenFromSpn(spn string) ([]byte, error) {
+func (g *Gss) GetInitTokenFromSpn(spn string) ([]byte, error) {
 	s := spnego.SPNEGOClient(g.cli, spn)
 
 	st, err := s.InitSecContext()
@@ -108,7 +107,7 @@ func (g *gss) GetInitTokenFromSpn(spn string) ([]byte, error) {
 	return b, nil
 }
 
-func (g *gss) Continue(inToken []byte) (done bool, outToken []byte, err error) {
+func (g *Gss) Continue(inToken []byte) (done bool, outToken []byte, err error) {
 	t := &spnego.SPNEGOToken{}
 	err = t.Unmarshal(inToken)
 	if err != nil {
@@ -122,7 +121,3 @@ func (g *gss) Continue(inToken []byte) (done bool, outToken []byte, err error) {
 
 	return true, nil, nil
 }
-
-func init() {
-	pq.RegisterNewGSSFunc(NewGSS)
-}
diff --git a/auth/kerberos/krb_windows.go b/auth/kerberos/krb_windows.go
@@ -5,16 +5,16 @@ package kerberos
 import (
 	"github.com/alexbrainman/sspi"
 	"github.com/alexbrainman/sspi/negotiate"
-	"github.com/lib/pq"
 )
 
-type gss struct {
+// Implements the pq.Gss interface
+type Gss struct {
 	creds *sspi.Credentials
 	ctx   *negotiate.ClientContext
 }
 
-func NewGSS() (pq.Gss, error) {
-	g := &gss{}
+func NewGSS() (*Gss, error) {
+	g := &Gss{}
 	err := g.init()
 
 	if err != nil {
@@ -24,7 +24,7 @@ func NewGSS() (pq.Gss, error) {
 	return g, nil
 }
 
-func (g *gss) init() error {
+func (g *Gss) init() error {
 	creds, err := negotiate.AcquireCurrentUserCredentials()
 	if err != nil {
 		return err
@@ -34,7 +34,7 @@ func (g *gss) init() error {
 	return nil
 }
 
-func (g *gss) GetInitToken(host string, service string) ([]byte, error) {
+func (g *Gss) GetInitToken(host string, service string) ([]byte, error) {
 
 	host, err := canonicalizeHostname(host)
 	if err != nil {
@@ -46,7 +46,7 @@ func (g *gss) GetInitToken(host string, service string) ([]byte, error) {
 	return g.GetInitTokenFromSpn(spn)
 }
 
-func (g *gss) GetInitTokenFromSpn(spn string) ([]byte, error) {
+func (g *Gss) GetInitTokenFromSpn(spn string) ([]byte, error) {
 	ctx, token, err := negotiate.NewClientContext(g.creds, spn)
 	if err != nil {
 		return nil, err
@@ -57,10 +57,6 @@ func (g *gss) GetInitTokenFromSpn(spn string) ([]byte, error) {
 	return token, nil
 }
 
-func (g *gss) Continue(inToken []byte) (done bool, outToken []byte, err error) {
+func (g *Gss) Continue(inToken []byte) (done bool, outToken []byte, err error) {
 	return g.ctx.Update(inToken)
 }
-
-func init() {
-	pq.RegisterNewGSSFunc(NewGSS)
-}
diff --git a/doc.go b/doc.go
@@ -247,10 +247,14 @@ https://godoc.org/github.com/lib/pq/example/listen.
 Kerberos Support
 
 
-If you need support for Kerberos authentication, add the following import
-statement to your program:
+If you need support for Kerberos authentication, add the following to your main
+package:
 
-import _ "github.com/lib/pq/auth/kerberos"
+	import "github.com/lib/pq/auth/kerberos"
+
+	func init() {
+		pq.RegisterGSSProvider(func() (pq.Gss, error) { return kerberos.NewGSS() })
+	}
 
 This package is in a separate module so that users who don't need Kerberos
 don't have to download unnecessary dependencies.
diff --git a/krb.go b/krb.go
@@ -1,16 +1,21 @@
 package pq
 
-// A function that creates a GSS authentication provider. You
-// only need to care about this type if you are writing a GSS
-// authentication provider.
+// A function that creates a GSS authentication provider,
+// for use with RegisterGSSProvider.
 type NewGSSFunc func() (Gss, error)
 
 var newGss NewGSSFunc
 
 // Register the function for creating a GSS authentication provider.
-// You only need to care about this function if you are writing a
-// GSS authentication provider.
-func RegisterNewGSSFunc(newGssArg NewGSSFunc) {
+// For example, if you need to use Kerberos to authenticate with your server,
+// add this to your main package:
+//
+//	import "github.com/lib/pq/auth/kerberos"
+//	
+//	func init() {
+//		pq.RegisterGSSProvider(func() (pq.Gss, error) { return kerberos.NewGSS() })
+//	}
+func RegisterGSSProvider(newGssArg NewGSSFunc) {
 	newGss = newGssArg
 }
 

Original file line number	Diff line number	Diff line change
`@@ -2,10 +2,7 @@ module github.com/lib/pq/auth/kerberos`
`2`	`2`
`3`	`3`	`go 1.13`
`4`	`4`
`5`		`-replace github.com/lib/pq => ../..`
`6`		`-`
`7`	`5`	`require (`
`8`	`6`	`github.com/alexbrainman/sspi v0.0.0-20180613141037-e580b900e9f5`
`9`	`7`	`github.com/jcmturner/gokrb5/v8 v8.2.0`
`10`		`- github.com/lib/pq v1.6.0`
`11`	`8`	`)`