From f988edb4e1b86ece3a376e774a1d52da72714fb0 Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Tue, 3 Dec 2002 21:50:44 +0000 Subject: [PATCH] Add OpenBSD local indent credentials, from William Ahern. --- configure | 3 ++- configure.in | 4 ++-- doc/src/sgml/client-auth.sgml | 5 +++-- src/backend/libpq/hba.c | 31 +++++++++++++++++++++++++++++-- 4 files changed, 36 insertions(+), 7 deletions(-) diff --git a/configure b/configure index 80b22f91f4..bb0a28bb08 100755 --- a/configure +++ b/configure @@ -9819,7 +9819,8 @@ test $ac_cv_func_memcmp_working = no && LIBOBJS="$LIBOBJS memcmp.$ac_objext" -for ac_func in cbrt fcvt getopt_long memmove pstat setproctitle setsid sigprocmask sysconf waitpid dlopen fdatasync + +for ac_func in cbrt fcvt getopt_long getpeereid memmove pstat setproctitle setsid sigprocmask sysconf waitpid dlopen fdatasync do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` echo "$as_me:$LINENO: checking for $ac_func" >&5 diff --git a/configure.in b/configure.in index c6ba894b0f..68123ae74c 100644 --- a/configure.in +++ b/configure.in @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Header: /cvsroot/pgsql/configure.in,v 1.218 2002/11/04 21:36:13 tgl Exp $ +dnl $Header: /cvsroot/pgsql/configure.in,v 1.219 2002/12/03 21:50:43 momjian Exp $ dnl dnl Developers, please strive to achieve this order: dnl @@ -782,7 +782,7 @@ PGAC_FUNC_GETTIMEOFDAY_1ARG # SunOS doesn't handle negative byte comparisons properly with +/- return AC_FUNC_MEMCMP -AC_CHECK_FUNCS([cbrt fcvt getopt_long memmove pstat setproctitle setsid sigprocmask sysconf waitpid dlopen fdatasync]) +AC_CHECK_FUNCS([cbrt fcvt getopt_long getpeereid memmove pstat setproctitle setsid sigprocmask sysconf waitpid dlopen fdatasync]) AC_CHECK_DECLS(fdatasync, [], [], [#include ]) diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index 4eeb5f5dff..c4d4af1251 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1,5 +1,5 @@ @@ -318,7 +318,8 @@ hostssl database user < support Unix-domain socket credentials (currently Linux, FreeBSD, NetBSD, - and BSD/OS). + OpenBSD, and + BSD/OS). diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index cda4bc93ae..396347945e 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -10,7 +10,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.87 2002/09/04 20:31:19 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.88 2002/12/03 21:50:44 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -1216,7 +1216,34 @@ ident_inet(const struct in_addr remote_ip_addr, static bool ident_unix(int sock, char *ident_user) { -#if defined(SO_PEERCRED) +#if defined(HAVE_GETPEEREID) + /* OpenBSD style: */ + uid_t uid; + gid_t gid; + struct passwd *pass; + + errno = 0; + if (getpeereid(sock,&uid,&gid) != 0) + { + /* We didn't get a valid credentials struct. */ + elog(LOG, "ident_unix: error receiving credentials: %m"); + return false; + } + + pass = getpwuid(uid); + + if (pass == NULL) + { + elog(LOG, "ident_unix: unknown local user with uid %d", + (int) uid); + return false; + } + + StrNCpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1); + + return true; + +#elsif defined(SO_PEERCRED) /* Linux style: use getsockopt(SO_PEERCRED) */ struct ucred peercred; ACCEPT_TYPE_ARG3 so_len = sizeof(peercred);