Re: Bruce Momjian 2013-12-18 <20131218171628.GA1690@momjian.us>
> On Mon, Dec 9, 2013 at 07:47:34PM -0500, Bruce Momjian wrote:
> > On Mon, Dec 9, 2013 at 06:45:39PM -0300, Alvaro Herrera wrote:
> > > Bruce Momjian wrote:
> > >
> > > > return STATUS_ERROR;
> > > > }
> > > >
> > > > ! user_name = get_user_name(&errstr);
> > > > ! if (!user_name)
> > > > {
> > > > ! ereport(LOG, (errmsg("%s\n", errstr)));
> > > > ! pfree(errstr);
> > > > return STATUS_ERROR;
> > > > }
> > >
> > > The message is already translated by get_user_name, so I think this
> > > should use errmsg_internal() instead of errmsg(). Also, why do you add
> > > a newline?
> >
> > OK, done.
> >
> > > Not clear whether the new file should be in src/port or src/common.
> >
> > Agreed. It isn't designed to add missing OS functionality, but it is
> > mostly OS-specific code.
> >
> > Updated patch attached, with Tom's requested changes.
>
> Patch applied.
Hi,
the quoted code bit above in src/backend/libpq/auth.c is utterly
broken: for peer authentication, it uses get_user_name(), which yields
the *server* user name, not the client's. For that reason, peer
authentication in 9.4devel is broken - you can't log in with your user
name, but you can just say -U postgres (or what the initdb user was),
and it will let you in.
The attached patch reverts the src/backend/libpq/auth.c portion of
613c6d26bd42dd8c2dd0664315be9551475b8864 and fixes peer auth.
Christoph
--
cb@df7cb.de | http://www.df7cb.de/
