From 9c052dc90d15c6d8d9f648f1d0cee1ca94477c0d Mon Sep 17 00:00:00 2001
From: Albert Chang <ac@retool.com>
Date: Tue, 25 Jun 2024 20:47:41 -0700
Subject: [PATCH] parametrize service principal and host

---
 packages/pg/lib/client.js                | 7 ++++---
 packages/pg/lib/connection-parameters.js | 2 ++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/packages/pg/lib/client.js b/packages/pg/lib/client.js
index 653056f05..abca449f7 100644
--- a/packages/pg/lib/client.js
+++ b/packages/pg/lib/client.js
@@ -10,6 +10,7 @@ var Query = require('./query')
 var defaults = require('./defaults')
 var Connection = require('./connection')
 const crypto = require('./crypto/utils')
+const kerberos = require('kerberos').Kerberos
 
 class Client extends EventEmitter {
   constructor(config) {
@@ -20,6 +21,7 @@ class Client extends EventEmitter {
     this.database = this.connectionParameters.database
     this.port = this.connectionParameters.port
     this.host = this.connectionParameters.host
+    this.principal = this.connectionParameters.principal
 
     // "hiding" the password so it doesn't show up in stack traces
     // or if the client is console.logged
@@ -204,8 +206,7 @@ class Client extends EventEmitter {
 
   async _handleGSSInit(msg) {
     try {
-      // TODO: Below needs to be parameterized
-      this.client = await kerberos.initializeClient('postgres@pg.US-WEST-2.COMPUTE.INTERNAL', {
+      this.client = await kerberos.initializeClient(`${this.principal}@${this.host}`, {
         mechOID: kerberos.GSS_MECH_OID_SPNEGO,
       })
 
@@ -226,7 +227,7 @@ class Client extends EventEmitter {
 
       // TODO: probably a better way to handle this.
       if (token == null) {
-        return
+        this.emit('error', 'Received null GSSAPI token on continue')
       }
       const buf = Buffer.from(token, 'base64')
       this.connection.sendBinaryPassword(buf)
diff --git a/packages/pg/lib/connection-parameters.js b/packages/pg/lib/connection-parameters.js
index 6a535a820..4488ea9ab 100644
--- a/packages/pg/lib/connection-parameters.js
+++ b/packages/pg/lib/connection-parameters.js
@@ -65,6 +65,8 @@ class ConnectionParameters {
 
     this.port = parseInt(val('port', config), 10)
     this.host = val('host', config)
+    // Kerberos/GSSAPI service principal
+    this.principal = val('principal', config)
 
     // "hiding" the password so it doesn't show up in stack traces
     // or if the client is console.logged