On Fri, Mar 28, 2014 at 10:33:48AM -0400, Bruce Momjian wrote:
> On Fri, Mar 28, 2014 at 10:31:06AM -0400, Tom Lane wrote:
> > Christoph Berg <cb@df7cb.de> writes:
> > > the quoted code bit above in src/backend/libpq/auth.c is utterly
> > > broken: for peer authentication, it uses get_user_name(), which yields
> > > the *server* user name, not the client's. For that reason, peer
> > > authentication in 9.4devel is broken - you can't log in with your user
> > > name, but you can just say -U postgres (or what the initdb user was),
> > > and it will let you in.
> >
> > > The attached patch reverts the src/backend/libpq/auth.c portion of
> > > 613c6d26bd42dd8c2dd0664315be9551475b8864 and fixes peer auth.
> >
> > Applied, thanks!
>
> I guess I should have said I was working on an updated patch. I will
> merge my changes in.
I have applied the attached patch to make the code more closely match
what is done in src/common/username.c, particularly to display the errno
string on failure.
Christoph, thanks so much for finding this error now, rather than later.
I looked over the original patch that introduced this bug and
auth_peer() is the only place where we were passing in a user id, rather
than passing geteuid() directly to getpwuid, e.g.:
getpwuid(geteuid())
I think we are good now. My apologies for introducing this bug.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +