Re: [HACKERS] LOCAL_CREDS -> SCM_CREDS in src/backend/libpq/auth.c:535

Wed, 26 Sep 2001 12:43:02 -0700 

> For OpenBSD to work,  we need a change from LOCAL_CREDS to SCM_CREDS.
> Bruce,  I think you are familure with this one.  Care to make the change?
> (I have no idea where to make it!).

OK, I have applied the following patch that fixes the problem on
OpenBSD.  In my reading of the OpenBSD kernel, it has 'struct sockcred'
but has no code in the kernel to deal with SCM_CREDS or LOCAL_CREDS. 
The patch tests for both HAVE_STRUCT_SOCKCRED and LOCAL_CREDS before it
will try local socket credential authentication.  This means we have
local creds on Linux, NetBSD, FreeBSD, and BSD/OS.  I will document this
in pg_hba.conf.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  [EMAIL PROTECTED]               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

Index: src/backend/libpq/auth.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/libpq/auth.c,v
retrieving revision 1.67
diff -c -r1.67 auth.c
*** src/backend/libpq/auth.c    2001/09/21 20:31:45     1.67
--- src/backend/libpq/auth.c    2001/09/26 19:30:30
***************
*** 520,526 ****
                        break;
  
                case uaIdent:
! #if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || 
defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED))
                        /*
                         *      If we are doing ident on unix-domain sockets,
                         *      use SCM_CREDS only if it is defined and SO_PEERCRED 
isn't.
--- 520,526 ----
                        break;
  
                case uaIdent:
! #if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || 
defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)))
                        /*
                         *      If we are doing ident on unix-domain sockets,
                         *      use SCM_CREDS only if it is defined and SO_PEERCRED 
isn't.
Index: src/backend/libpq/hba.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/libpq/hba.c,v
retrieving revision 1.72
diff -c -r1.72 hba.c
*** src/backend/libpq/hba.c     2001/09/21 20:31:46     1.72
--- src/backend/libpq/hba.c     2001/09/26 19:30:30
***************
*** 904,910 ****
  
        return true;
  
! #elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || 
defined(HAVE_STRUCT_SOCKCRED)
        struct msghdr msg;
  
  /* Credentials structure */
--- 904,910 ----
  
        return true;
  
! #elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || 
(defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS))
        struct msghdr msg;
  
  /* Credentials structure */
Index: src/interfaces/libpq/fe-auth.c
===================================================================
RCS file: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v
retrieving revision 1.60
diff -c -r1.60 fe-auth.c
*** src/interfaces/libpq/fe-auth.c      2001/09/21 20:31:49     1.60
--- src/interfaces/libpq/fe-auth.c      2001/09/26 19:30:53
***************
*** 435,444 ****
  
  #endif         /* KRB5 */
  
- #if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || 
defined(HAVE_STRUCT_SOCKCRED)
  static int
  pg_local_sendauth(char *PQerrormsg, PGconn *conn)
  {
        char buf;
        struct iovec iov;
        struct msghdr msg;
--- 435,444 ----
  
  #endif         /* KRB5 */
  
  static int
  pg_local_sendauth(char *PQerrormsg, PGconn *conn)
  {
+ #if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || 
+(defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS))
        char buf;
        struct iovec iov;
        struct msghdr msg;
***************
*** 485,492 ****
                return STATUS_ERROR;
        }
        return STATUS_OK;
! }
  #endif
  
  static int
  pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
--- 485,496 ----
                return STATUS_ERROR;
        }
        return STATUS_OK;
! #else
!       snprintf(PQerrormsg, PQERRORMSG_LENGTH,
!                        libpq_gettext("SCM_CRED authentication method not 
supported\n"));
!       return STATUS_ERROR;
  #endif
+ }
  
  static int
  pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
***************
*** 614,627 ****
                        break;
  
                case AUTH_REQ_SCM_CREDS:
- #if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || 
defined(HAVE_STRUCT_SOCKCRED)
                        if (pg_local_sendauth(PQerrormsg, conn) != STATUS_OK)
                                return STATUS_ERROR;
- #else
-                       snprintf(PQerrormsg, PQERRORMSG_LENGTH,
-                                        libpq_gettext("SCM_CRED authentication method 
not supported\n"));
-                       return STATUS_ERROR;
- #endif
                        break;
  
                default:
--- 618,625 ----


---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly

Reply via email to