Thread: [PATCH] ident authentication fails on kFreeBSD/x86-64 due to wrong struct size

Hello PostgreSQL developers,

I got this report in http://bugs.debian.org/612888 about ident failure
on the Debian kFreeBSD kernel on 64 bit. The sizeof(struct cmsgcred)
is 84 on kfrebsd-amd64, there is no reason for padding it  at the end
to 8-byte boundary by kernel. However, the process is blocking on
receiving those extra 4 bytes, which will never come.

Petr Salinger <Petr.Salinger@seznam.cz> sent a straightforward patch
for this, I turned it into a git-formatted patch for your convenience.

Thanks,

Martin

----- Forwarded message from skull <skull@spin.it> -----

Date: Fri, 11 Feb 2011 11:40:27 +0100
From: skull <skull@spin.it>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#612888: postgresql: access denied as postgres user after default install (kFreeBSD specific)
X-Spam-Status: No, score=0.0 required=4.0 tests=BAYES_50 autolearn=no version=3.2.5
Reply-To: skull <skull@spin.it>, 612888@bugs.debian.org

Package: postgresql
Version: 8.4.7-0squeeze2
Severity: important


After default installation, postgres denies access to postgres user:

root@netmon:~# su - postgres
postgres@netmon:~$ psql template1
psql: FATAL:  Ident authentication failed for user "postgres"

This happens on kFreeBSD flavour only (AFAIK)


-- System Information:
Debian Release: 6.0
  APT prefers squeeze-updates
  APT policy: (500, 'squeeze-updates'), (500, 'stable')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 8.1-1-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages postgresql depends on:
ii  postgresql-8.4           8.4.7-0squeeze2 object-relational SQL database, ve

postgresql recommends no packages.

postgresql suggests no packages.

-- no debconf information



----- End forwarded message -----

--
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)

Martin Pitt <mpitt@debian.org> writes:
>      /* Compute size without padding */
> -    char        cmsgmem[ALIGN(sizeof(struct cmsghdr)) + ALIGN(sizeof(Cred))];    /* for NetBSD */
> +    char        cmsgmem[ALIGN(sizeof(struct cmsghdr)) + sizeof(Cred)];    /* for NetBSD */

Hm.  That code's been like that for a very long time (since 2001
according to the git history...).  How much confidence can we have
that this change won't result in breakage on other flavors of *BSD?

(I'm unable to test this myself, not having any platforms on which
this branch of auth_peer gets compiled...)

            regards, tom lane

I wrote:
> Martin Pitt <mpitt@debian.org> writes:
>> /* Compute size without padding */
>> -    char        cmsgmem[ALIGN(sizeof(struct cmsghdr)) + ALIGN(sizeof(Cred))];    /* for NetBSD */
>> +    char        cmsgmem[ALIGN(sizeof(struct cmsghdr)) + sizeof(Cred)];    /* for NetBSD */

> Hm.  That code's been like that for a very long time (since 2001
> according to the git history...).  How much confidence can we have
> that this change won't result in breakage on other flavors of *BSD?

BTW, I wonder whether the real bug isn't on the libpq side instead.
I notice that its idea of the cmsgmem size is not like the backend's:

#ifdef HAVE_STRUCT_CMSGCRED
    /* Prevent padding */
    char        cmsgmem[sizeof(struct cmsghdr) + sizeof(struct cmsgcred)];

This corresponds to the original coding in the backend, but not to what
the code looks like now.  The subsequent whacking around of the backend
cmsgmem declaration was documented as fixing problems on NetBSD and then
OpenBSD.  If it's true as per the libpq comment that only FreeBSD needs
the client-side cmsgmem buffer, this might not have gotten retested.

            regards, tom lane