Thread: Unix sockets connection authentication - patch
[apologies if this appears twice; I thought I had sent it but it hasn't appeared anywhere] The attached patch implements a method of connection authentication for Unix sockets that support SCM_CREDENTIALS. This includes Linux kernels 2.2 and 2.4 at least; I don't know what other implementations support it. Since it is not universally supported, I have included a configure test. autoconf needs to be run after installing the patch. This patch provides a new authentication method "peer" for use with "local" connections; otherwise it works exactly like the "ident" method. Please consider including this in PostgreSQL. Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47 GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "Rejoice with them that do rejoice, and weep with them that weep." Romans 12:15
Attachment
Oliver Elphick writes: > Since it is not universally supported, I have included a configure test. > autoconf needs to be run after installing the patch. You don't need Autoconf tests for cpp symbols. You can just write #ifdef WEIRD_SYMBOL in the code. Btw., never ever use AC_EGREP_*. -- Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter
> [apologies if this appears twice; I thought I had sent it but it hasn't > appeared anywhere] > The attached patch implements a method of connection authentication for > Unix sockets that support SCM_CREDENTIALS. This includes Linux kernels > 2.2 and 2.4 at least; I don't know what other implementations support > it. Are SCM_CREDENTIALS supported by some standard? -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026
Bruce Momjian wrote: >> The attached patch implements a method of connection authentication for >> Unix sockets that supportSCM_CREDENTIALS. This includes Linux kernels >> 2.2 and 2.4 at least; I don't know what other implementations support>> it. > >Are SCM_CREDENTIALS supported by some standard? I don't know if there is a standard. I've done a search on Google - it seems to have been invented by Sun and implemented in newer BSD as well as Linux. -- Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47 GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "Rejoice with them that do rejoice, and weep with them that weep." Romans 12:15
Not sure what to do with this. Our authentication options are already pretty complicated, and I hate to add a new one that no one is really sure about its portability or usefulness. > [apologies if this appears twice; I thought I had sent it but it hasn't > appeared anywhere] > The attached patch implements a method of connection authentication for > Unix sockets that support SCM_CREDENTIALS. This includes Linux kernels > 2.2 and 2.4 at least; I don't know what other implementations support > it. > > Since it is not universally supported, I have included a configure test. > autoconf needs to be run after installing the patch. > > This patch provides a new authentication method "peer" for use with > "local" connections; otherwise it works exactly like the "ident" method. > > Please consider including this in PostgreSQL. > Content-Description: p.diff [ Attachment, skipping... ] > Oliver Elphick Oliver.Elphick@lfix.co.uk > Isle of Wight http://www.lfix.co.uk/oliver > PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47 > GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C > ======================================== > "Rejoice with them that do rejoice, and weep with them > that weep." Romans 12:15 > > ---------------------------(end of broadcast)--------------------------- > TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026