mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-09-28 06:11:49 +02:00
Un-break peer authentication.
Commit 613c6d26bd
sloppily replaced a
lookup of the UID obtained from getpeereid() with a lookup of the
server's own user name, thus totally destroying peer authentication.
Revert. Per report from Christoph Berg.
In passing, make sure get_user_name() zeroes *errstr on success on
Windows as well as non-Windows. I don't think any callers actually
depend on this ATM, but we should be consistent across platforms.
This commit is contained in:
parent
e5a452b3a4
commit
b777be0d48
@ -21,7 +21,6 @@
|
|||||||
#include <arpa/inet.h>
|
#include <arpa/inet.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
#include "common/username.h"
|
|
||||||
#include "libpq/auth.h"
|
#include "libpq/auth.h"
|
||||||
#include "libpq/crypt.h"
|
#include "libpq/crypt.h"
|
||||||
#include "libpq/ip.h"
|
#include "libpq/ip.h"
|
||||||
@ -1560,8 +1559,7 @@ auth_peer(hbaPort *port)
|
|||||||
char ident_user[IDENT_USERNAME_MAX + 1];
|
char ident_user[IDENT_USERNAME_MAX + 1];
|
||||||
uid_t uid;
|
uid_t uid;
|
||||||
gid_t gid;
|
gid_t gid;
|
||||||
const char *user_name;
|
struct passwd *pass;
|
||||||
char *errstr;
|
|
||||||
|
|
||||||
errno = 0;
|
errno = 0;
|
||||||
if (getpeereid(port->sock, &uid, &gid) != 0)
|
if (getpeereid(port->sock, &uid, &gid) != 0)
|
||||||
@ -1578,15 +1576,17 @@ auth_peer(hbaPort *port)
|
|||||||
return STATUS_ERROR;
|
return STATUS_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
user_name = get_user_name(&errstr);
|
pass = getpwuid(uid);
|
||||||
if (!user_name)
|
|
||||||
|
if (pass == NULL)
|
||||||
{
|
{
|
||||||
ereport(LOG, (errmsg_internal("%s", errstr)));
|
ereport(LOG,
|
||||||
pfree(errstr);
|
(errmsg("local user with ID %d does not exist",
|
||||||
|
(int) uid)));
|
||||||
return STATUS_ERROR;
|
return STATUS_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
strlcpy(ident_user, user_name, IDENT_USERNAME_MAX + 1);
|
strlcpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1);
|
||||||
|
|
||||||
return check_usermap(port->hba->usermap, port->user_name, ident_user, false);
|
return check_usermap(port->hba->usermap, port->user_name, ident_user, false);
|
||||||
}
|
}
|
||||||
|
@ -54,6 +54,8 @@ get_user_name(char **errstr)
|
|||||||
static char username[256 + 1];
|
static char username[256 + 1];
|
||||||
DWORD len = sizeof(username) - 1;
|
DWORD len = sizeof(username) - 1;
|
||||||
|
|
||||||
|
*errstr = NULL;
|
||||||
|
|
||||||
if (!GetUserName(username, &len))
|
if (!GetUserName(username, &len))
|
||||||
{
|
{
|
||||||
*errstr = psprintf(_("user name lookup failure: %s"), strerror(errno));
|
*errstr = psprintf(_("user name lookup failure: %s"), strerror(errno));
|
||||||
|
Loading…
Reference in New Issue
Block a user