Remove one use of IDENT_USERNAME_MAX

Fri, 25 Oct 2019 23:55:50 -0700 

It seems to me that using IDENT_USERNAME_MAX for peer authentication is
some kind of historical leftover and not really appropriate or useful,
so I propose the attached cleanup.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

From 1fed5a94b801471cb380e447b5f0b924b3819be6 Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <pe...@eisentraut.org>
Date: Sat, 26 Oct 2019 08:48:28 +0200
Subject: [PATCH] Remove one use of IDENT_USERNAME_MAX

IDENT_USERNAME_MAX is the maximum length of the information returned
by an ident server, per RFC 1413.  Using it as the buffer size in peer
authentication is inappropriate.  It was done here because of the
historical relationship between peer and ident authentication.  But
since it's also completely useless code-wise, remove it.
---
 src/backend/libpq/auth.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 0cf65ba5de..b939e8b205 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -65,7 +65,7 @@ static int    CheckSCRAMAuth(Port *port, char *shadow_pass, 
char **logdetail);
  * Ident authentication
  *----------------------------------------------------------------
  */
-/* Max size of username ident server can return */
+/* Max size of username ident server can return (per RFC 1413) */
 #define IDENT_USERNAME_MAX 512
 
 /* Standard TCP port number for Ident service.  Assigned by IANA */
@@ -73,6 +73,11 @@ static int   CheckSCRAMAuth(Port *port, char *shadow_pass, 
char **logdetail);
 
 static int     ident_inet(hbaPort *port);
 
+
+/*----------------------------------------------------------------
+ * Peer authentication
+ *----------------------------------------------------------------
+ */
 #ifdef HAVE_UNIX_SOCKETS
 static int     auth_peer(hbaPort *port);
 #endif
@@ -1979,7 +1984,6 @@ ident_inet(hbaPort *port)
 static int
 auth_peer(hbaPort *port)
 {
-       char            ident_user[IDENT_USERNAME_MAX + 1];
        uid_t           uid;
        gid_t           gid;
        struct passwd *pw;
@@ -2011,9 +2015,7 @@ auth_peer(hbaPort *port)
                return STATUS_ERROR;
        }
 
-       strlcpy(ident_user, pw->pw_name, IDENT_USERNAME_MAX + 1);
-
-       return check_usermap(port->hba->usermap, port->user_name, ident_user, 
false);
+       return check_usermap(port->hba->usermap, port->user_name, pw->pw_name, 
false);
 }
 #endif                                                 /* HAVE_UNIX_SOCKETS */
 
-- 
2.23.0

Reply via email to