Thread: LOCAL_CREDS -> SCM_CREDS in src/backend/libpq/auth.c:535

LOCAL_CREDS -> SCM_CREDS in src/backend/libpq/auth.c:535

From
bpalmer
Date:
For OpenBSD to work,  we need a change from LOCAL_CREDS to SCM_CREDS.
Bruce,  I think you are familure with this one.  Care to make the change?
(I have no idea where to make it!).

Thanks all,
- Brandon


----------------------------------------------------------------------------c: 646-456-5455
              h: 201-798-4983b. palmer,  bpalmer@crimelabs.net           pgp:crimelabs.net/bpalmer.pgp5
 




Re: LOCAL_CREDS -> SCM_CREDS in src/backend/libpq/auth.c:535

From
Bruce Momjian
Date:
> For OpenBSD to work,  we need a change from LOCAL_CREDS to SCM_CREDS.
> Bruce,  I think you are familure with this one.  Care to make the change?
> (I have no idea where to make it!).

OK, I have applied the following patch that fixes the problem on
OpenBSD.  In my reading of the OpenBSD kernel, it has 'struct sockcred'
but has no code in the kernel to deal with SCM_CREDS or LOCAL_CREDS.
The patch tests for both HAVE_STRUCT_SOCKCRED and LOCAL_CREDS before it
will try local socket credential authentication.  This means we have
local creds on Linux, NetBSD, FreeBSD, and BSD/OS.  I will document this
in pg_hba.conf.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
Index: src/backend/libpq/auth.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/libpq/auth.c,v
retrieving revision 1.67
diff -c -r1.67 auth.c
*** src/backend/libpq/auth.c    2001/09/21 20:31:45    1.67
--- src/backend/libpq/auth.c    2001/09/26 19:30:30
***************
*** 520,526 ****
              break;

          case uaIdent:
! #if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) ||
defined(HAVE_STRUCT_SOCKCRED))
              /*
               *    If we are doing ident on unix-domain sockets,
               *    use SCM_CREDS only if it is defined and SO_PEERCRED isn't.
--- 520,526 ----
              break;

          case uaIdent:
! #if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) ||
(defined(HAVE_STRUCT_SOCKCRED)&& defined(LOCAL_CREDS))) 
              /*
               *    If we are doing ident on unix-domain sockets,
               *    use SCM_CREDS only if it is defined and SO_PEERCRED isn't.
Index: src/backend/libpq/hba.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/libpq/hba.c,v
retrieving revision 1.72
diff -c -r1.72 hba.c
*** src/backend/libpq/hba.c    2001/09/21 20:31:46    1.72
--- src/backend/libpq/hba.c    2001/09/26 19:30:30
***************
*** 904,910 ****

      return true;

! #elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
      struct msghdr msg;

  /* Credentials structure */
--- 904,910 ----

      return true;

! #elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) &&
defined(LOCAL_CREDS))
      struct msghdr msg;

  /* Credentials structure */
Index: src/interfaces/libpq/fe-auth.c
===================================================================
RCS file: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v
retrieving revision 1.60
diff -c -r1.60 fe-auth.c
*** src/interfaces/libpq/fe-auth.c    2001/09/21 20:31:49    1.60
--- src/interfaces/libpq/fe-auth.c    2001/09/26 19:30:53
***************
*** 435,444 ****

  #endif     /* KRB5 */

- #if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
  static int
  pg_local_sendauth(char *PQerrormsg, PGconn *conn)
  {
      char buf;
      struct iovec iov;
      struct msghdr msg;
--- 435,444 ----

  #endif     /* KRB5 */

  static int
  pg_local_sendauth(char *PQerrormsg, PGconn *conn)
  {
+ #if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) &&
defined(LOCAL_CREDS))
      char buf;
      struct iovec iov;
      struct msghdr msg;
***************
*** 485,492 ****
          return STATUS_ERROR;
      }
      return STATUS_OK;
! }
  #endif

  static int
  pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
--- 485,496 ----
          return STATUS_ERROR;
      }
      return STATUS_OK;
! #else
!     snprintf(PQerrormsg, PQERRORMSG_LENGTH,
!              libpq_gettext("SCM_CRED authentication method not supported\n"));
!     return STATUS_ERROR;
  #endif
+ }

  static int
  pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
***************
*** 614,627 ****
              break;

          case AUTH_REQ_SCM_CREDS:
- #if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
              if (pg_local_sendauth(PQerrormsg, conn) != STATUS_OK)
                  return STATUS_ERROR;
- #else
-             snprintf(PQerrormsg, PQERRORMSG_LENGTH,
-                      libpq_gettext("SCM_CRED authentication method not supported\n"));
-             return STATUS_ERROR;
- #endif
              break;

          default:
--- 618,625 ----