Re: Patch: use SCM_CREDS authentication over PF_LOCAL sockets - Mailing list pgsql-patches
| From | Bruce Momjian |
|---|---|
| Subject | Re: Patch: use SCM_CREDS authentication over PF_LOCAL sockets |
| Date | |
| Msg-id | 200108190137.f7J1bKS08322@candle.pha.pa.us Whole thread Raw |
| In response to | Re: Patch: use SCM_CREDS authentication over PF_LOCAL sockets (Tom Lane <tgl@sss.pgh.pa.us>) |
| Responses |
Re: Patch: use SCM_CREDS authentication over PF_LOCAL sockets
|
| List | pgsql-patches |
> Peter Eisentraut <peter_e@gmx.net> writes:
> > Since this patch overwrites the previous SO_PEERCRED patch I assume you
> > want it to work on Linux, too. On Linux SCM_CREDS is called
> > SCM_CREDENTIALS.
>
> Overwrite? It looks like an addition to me. I think the #ifdef tests
> in ident_unix are in the wrong order, however: we should prefer
> SO_PEERCRED if available, since that works with old clients. As written
> the postmaster code will select SCM_CREDS if both methods are available,
> which is the wrong choice IMHO.
Yes, but I mentioned PEERCRED is new in 7.2 and wasn't widely
distributed by Debian, so we should decide which we want first. Also,
let me mention that this could turn out to be a portability headache.
We currently support two SCM_CRED implementations, FreeBSD and BSD/OS,
and they are both different. I found:
Linux : SO_PEERCRED
FreeBSD: SCM_CREDS
BSD/OS: SCM_CREDS (different from FreeBSD)
NetBSD: LOCAL_CREDS
Solaris: Doors
from a 1999 message:
http://cert.uni-stuttgart.de/archive/bugtraq/1999/01/msg00098.html
I also found this mention:
BSD/OS, FreeBSD and other BSD derived operating systems also
have SCM_CREDS that sends credential information through a UNIX
domain socket. [ Ok, someone point me to some standard that
documents the semantics. Every BSD camp is doing it differently
":( ]
in a 1999 FAQ:
http://www.attrition.org/~modify/texts/unix/secure-faq.txt
I am slightly concerned that a platform will define SCM_CREDS but not
have an interface we support. However, from the list above, it seems we
may be safe but not support NetBSD or Solaris versions.
FYI, this email states why BSD/OS and FreeBSD are different. The
implementor didn't know of the BSD/OS implementation:
http://groups.google.com/groups?q=scm_creds+freebsd+bsd/os&hl=en&safe=off&rnum=1&selm=6n5vnk%24p5k%242%40apakabar.cc.columbia.edu
I think this is a valuable feature to reduce the need to configure local
users as 'trust' or use 'ident' on local tcp/ip sockets. One possible
solution would be to enable SCM_CREDS _only_ on BSD/OS and FreeBSD and
wait for others to verify it works on their platforms or submit a patch.
> > The invocation
> > changes to StrNCpy look suspicious; see the comment at StrNCpy in c.h. In
> > one place you include errno.h twice.
>
> These are good points.
Removed the duplicate errno. Thanks. I checked the StrNCpy call and I
can't see the problem. I wrote the thing. Have I been away from this
too long? :-)
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
pgsql-patches by date: