Postgres Pro
Downloads
Home   >   mailing lists

Re: LOCAL_CREDS -> SCM_CREDS in src/backend/libpq/auth.c:535 - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: LOCAL_CREDS -> SCM_CREDS in src/backend/libpq/auth.c:535
Date
Msg-id 200109261953.f8QJrTw21971@candle.pha.pa.us
Whole thread Raw
In response to LOCAL_CREDS -> SCM_CREDS in src/backend/libpq/auth.c:535  (bpalmer <bpalmer@crimelabs.net>)
List pgsql-hackers
Tree view 
> For OpenBSD to work,  we need a change from LOCAL_CREDS to SCM_CREDS.
> Bruce,  I think you are familure with this one.  Care to make the change?
> (I have no idea where to make it!).

OK, I have applied the following patch that fixes the problem on
OpenBSD.  In my reading of the OpenBSD kernel, it has 'struct sockcred'
but has no code in the kernel to deal with SCM_CREDS or LOCAL_CREDS.
The patch tests for both HAVE_STRUCT_SOCKCRED and LOCAL_CREDS before it
will try local socket credential authentication.  This means we have
local creds on Linux, NetBSD, FreeBSD, and BSD/OS.  I will document this
in pg_hba.conf.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
Index: src/backend/libpq/auth.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/libpq/auth.c,v
retrieving revision 1.67
diff -c -r1.67 auth.c
*** src/backend/libpq/auth.c    2001/09/21 20:31:45    1.67
--- src/backend/libpq/auth.c    2001/09/26 19:30:30
***************
*** 520,526 ****
              break;

          case uaIdent:
! #if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) ||
defined(HAVE_STRUCT_SOCKCRED))
              /*
               *    If we are doing ident on unix-domain sockets,
               *    use SCM_CREDS only if it is defined and SO_PEERCRED isn't.
--- 520,526 ----
              break;

          case uaIdent:
! #if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) ||
(defined(HAVE_STRUCT_SOCKCRED)&& defined(LOCAL_CREDS))) 
              /*
               *    If we are doing ident on unix-domain sockets,
               *    use SCM_CREDS only if it is defined and SO_PEERCRED isn't.
Index: src/backend/libpq/hba.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/libpq/hba.c,v
retrieving revision 1.72
diff -c -r1.72 hba.c
*** src/backend/libpq/hba.c    2001/09/21 20:31:46    1.72
--- src/backend/libpq/hba.c    2001/09/26 19:30:30
***************
*** 904,910 ****

      return true;

! #elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
      struct msghdr msg;

  /* Credentials structure */
--- 904,910 ----

      return true;

! #elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) &&
defined(LOCAL_CREDS))
      struct msghdr msg;

  /* Credentials structure */
Index: src/interfaces/libpq/fe-auth.c
===================================================================
RCS file: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v
retrieving revision 1.60
diff -c -r1.60 fe-auth.c
*** src/interfaces/libpq/fe-auth.c    2001/09/21 20:31:49    1.60
--- src/interfaces/libpq/fe-auth.c    2001/09/26 19:30:53
***************
*** 435,444 ****

  #endif     /* KRB5 */

- #if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
  static int
  pg_local_sendauth(char *PQerrormsg, PGconn *conn)
  {
      char buf;
      struct iovec iov;
      struct msghdr msg;
--- 435,444 ----

  #endif     /* KRB5 */

  static int
  pg_local_sendauth(char *PQerrormsg, PGconn *conn)
  {
+ #if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) &&
defined(LOCAL_CREDS))
      char buf;
      struct iovec iov;
      struct msghdr msg;
***************
*** 485,492 ****
          return STATUS_ERROR;
      }
      return STATUS_OK;
! }
  #endif

  static int
  pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
--- 485,496 ----
          return STATUS_ERROR;
      }
      return STATUS_OK;
! #else
!     snprintf(PQerrormsg, PQERRORMSG_LENGTH,
!              libpq_gettext("SCM_CRED authentication method not supported\n"));
!     return STATUS_ERROR;
  #endif
+ }

  static int
  pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
***************
*** 614,627 ****
              break;

          case AUTH_REQ_SCM_CREDS:
- #if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
              if (pg_local_sendauth(PQerrormsg, conn) != STATUS_OK)
                  return STATUS_ERROR;
- #else
-             snprintf(PQerrormsg, PQERRORMSG_LENGTH,
-                      libpq_gettext("SCM_CRED authentication method not supported\n"));
-             return STATUS_ERROR;
- #endif
              break;

          default:
--- 618,625 ----

pgsql-hackers by date:

Previous
From: Doug McNaught
Date:
Subject: Re: Spinlock performance improvement proposal
Next
From: "D. Hageman"
Date:
Subject: Re: Spinlock performance improvement proposal