> For OpenBSD to work, we need a change from LOCAL_CREDS to SCM_CREDS.
> Bruce, I think you are familure with this one. Care to make the change?
> (I have no idea where to make it!).
OK, I have applied the following patch that fixes the problem on
OpenBSD. In my reading of the OpenBSD kernel, it has 'struct sockcred'
but has no code in the kernel to deal with SCM_CREDS or LOCAL_CREDS.
The patch tests for both HAVE_STRUCT_SOCKCRED and LOCAL_CREDS before it
will try local socket credential authentication. This means we have
local creds on Linux, NetBSD, FreeBSD, and BSD/OS. I will document this
in pg_hba.conf.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
Index: src/backend/libpq/auth.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/libpq/auth.c,v
retrieving revision 1.67
diff -c -r1.67 auth.c
*** src/backend/libpq/auth.c 2001/09/21 20:31:45 1.67
--- src/backend/libpq/auth.c 2001/09/26 19:30:30
***************
*** 520,526 ****
break;
case uaIdent:
! #if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) ||
defined(HAVE_STRUCT_SOCKCRED))
/*
* If we are doing ident on unix-domain sockets,
* use SCM_CREDS only if it is defined and SO_PEERCRED isn't.
--- 520,526 ----
break;
case uaIdent:
! #if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) ||
(defined(HAVE_STRUCT_SOCKCRED)&& defined(LOCAL_CREDS)))
/*
* If we are doing ident on unix-domain sockets,
* use SCM_CREDS only if it is defined and SO_PEERCRED isn't.
Index: src/backend/libpq/hba.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/libpq/hba.c,v
retrieving revision 1.72
diff -c -r1.72 hba.c
*** src/backend/libpq/hba.c 2001/09/21 20:31:46 1.72
--- src/backend/libpq/hba.c 2001/09/26 19:30:30
***************
*** 904,910 ****
return true;
! #elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
struct msghdr msg;
/* Credentials structure */
--- 904,910 ----
return true;
! #elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) &&
defined(LOCAL_CREDS))
struct msghdr msg;
/* Credentials structure */
Index: src/interfaces/libpq/fe-auth.c
===================================================================
RCS file: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v
retrieving revision 1.60
diff -c -r1.60 fe-auth.c
*** src/interfaces/libpq/fe-auth.c 2001/09/21 20:31:49 1.60
--- src/interfaces/libpq/fe-auth.c 2001/09/26 19:30:53
***************
*** 435,444 ****
#endif /* KRB5 */
- #if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
static int
pg_local_sendauth(char *PQerrormsg, PGconn *conn)
{
char buf;
struct iovec iov;
struct msghdr msg;
--- 435,444 ----
#endif /* KRB5 */
static int
pg_local_sendauth(char *PQerrormsg, PGconn *conn)
{
+ #if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) &&
defined(LOCAL_CREDS))
char buf;
struct iovec iov;
struct msghdr msg;
***************
*** 485,492 ****
return STATUS_ERROR;
}
return STATUS_OK;
! }
#endif
static int
pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
--- 485,496 ----
return STATUS_ERROR;
}
return STATUS_OK;
! #else
! snprintf(PQerrormsg, PQERRORMSG_LENGTH,
! libpq_gettext("SCM_CRED authentication method not supported\n"));
! return STATUS_ERROR;
#endif
+ }
static int
pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
***************
*** 614,627 ****
break;
case AUTH_REQ_SCM_CREDS:
- #if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
if (pg_local_sendauth(PQerrormsg, conn) != STATUS_OK)
return STATUS_ERROR;
- #else
- snprintf(PQerrormsg, PQERRORMSG_LENGTH,
- libpq_gettext("SCM_CRED authentication method not supported\n"));
- return STATUS_ERROR;
- #endif
break;
default:
--- 618,625 ----