From 038860cdcb75c7aa5f9f9bcd0652d389346c6b0f Mon Sep 17 00:00:00 2001
From: Albert Chang <ac@retool.com>
Date: Tue, 25 Jun 2024 20:47:41 -0700
Subject: [PATCH] parametrize service principal and host

handle accept token

return if no token step
---
 packages/pg/lib/client.js                | 5 +++--
 packages/pg/lib/connection-parameters.js | 2 ++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/packages/pg/lib/client.js b/packages/pg/lib/client.js
index 653056f05..867d28547 100644
--- a/packages/pg/lib/client.js
+++ b/packages/pg/lib/client.js
@@ -10,6 +10,7 @@ var Query = require('./query')
 var defaults = require('./defaults')
 var Connection = require('./connection')
 const crypto = require('./crypto/utils')
+const kerberos = require('kerberos').Kerberos
 
 class Client extends EventEmitter {
   constructor(config) {
@@ -20,6 +21,7 @@ class Client extends EventEmitter {
     this.database = this.connectionParameters.database
     this.port = this.connectionParameters.port
     this.host = this.connectionParameters.host
+    this.principal = this.connectionParameters.principal
 
     // "hiding" the password so it doesn't show up in stack traces
     // or if the client is console.logged
@@ -204,8 +206,7 @@ class Client extends EventEmitter {
 
   async _handleGSSInit(msg) {
     try {
-      // TODO: Below needs to be parameterized
-      this.client = await kerberos.initializeClient('postgres@pg.US-WEST-2.COMPUTE.INTERNAL', {
+      this.client = await kerberos.initializeClient(`${this.principal}@${this.host}`, {
         mechOID: kerberos.GSS_MECH_OID_SPNEGO,
       })
 
diff --git a/packages/pg/lib/connection-parameters.js b/packages/pg/lib/connection-parameters.js
index 6a535a820..4488ea9ab 100644
--- a/packages/pg/lib/connection-parameters.js
+++ b/packages/pg/lib/connection-parameters.js
@@ -65,6 +65,8 @@ class ConnectionParameters {
 
     this.port = parseInt(val('port', config), 10)
     this.host = val('host', config)
+    // Kerberos/GSSAPI service principal
+    this.principal = val('principal', config)
 
     // "hiding" the password so it doesn't show up in stack traces
     // or if the client is console.logged