Disable local creds on OpenBSD because it doesn't support it. Document

supported platforms in pg_hba.conf.

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 96bb8f0..78bff87 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.67 2001/09/21 20:31:45 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.68 2001/09/26 19:54:12 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -520,7 +520,7 @@ ClientAuthentication(Port *port)
                        break;
 
                case uaIdent:
-#if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED))
+#if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)))
                        /*
                         *      If we are doing ident on unix-domain sockets,
                         *      use SCM_CREDS only if it is defined and SO_PEERCRED isn't.

diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index 891fcb4..c674da6 100644 (file)
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.72 2001/09/21 20:31:46 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.73 2001/09/26 19:54:12 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -904,7 +904,7 @@ ident_unix(int sock, char *ident_user)
 
        return true;
 
-#elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
+#elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS))
        struct msghdr msg;
 
 /* Credentials structure */

diff --git a/src/backend/libpq/pg_hba.conf.sample b/src/backend/libpq/pg_hba.conf.sample
index 0aff0f4..c61915b 100644 (file)
--- a/src/backend/libpq/pg_hba.conf.sample
+++ b/src/backend/libpq/pg_hba.conf.sample
@@ -125,18 +125,21 @@
 #              not store encrypted passwords if you use this option.
 #
 #   ident:     For TCP/IP connections, authentication is done by contacting
-#              the ident server on the client host.  (CAUTION: this is only
-#              as secure as the client machine!)  On machines that support
-#              SO_PEERCRED or SCM_CREDS socket requests, this method also
-#              works for local Unix-domain connections.  AUTH_ARGUMENT is 
-#              required: it determines how to map remote user names to
-#              Postgres user names.  The AUTH_ARGUMENT is a map name found
-#              in the $PGDATA/pg_ident.conf file. The connection is accepted
-#              if that file contains an entry for this map name with the
-#              ident-supplied username and the requested Postgres username.
-#              The special map name "sameuser" indicates an implied map
-#              (not in pg_ident.conf) that maps each ident username to the
-#              identical PostgreSQL username.
+#              the ident server on the client host. (CAUTION: this is
+#              only as secure as the client machine!) On machines that
+#              support unix-domain socket credentials (currently Linux,
+#              FreeBSD, NetBSD, and BSD/OS), this method also works for
+#              "local" connections.
+#
+#              AUTH_ARGUMENT is required: it determines how to map
+#              remote user names to Postgres user names. The
+#              AUTH_ARGUMENT is a map name found in the
+#              $PGDATA/pg_ident.conf file. The connection is accepted
+#              if that file contains an entry for this map name with
+#              the ident-supplied username and the requested Postgres
+#              username. The special map name "sameuser" indicates an
+#              implied map (not in pg_ident.conf) that maps each ident
+#              username to the identical PostgreSQL username.
 # 
 #   krb4:      Kerberos V4 authentication is used.  Allowed only for
 #              TCP/IP connections, not for local UNIX-domain sockets.

diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index bb60bb1..4b4b039 100644 (file)
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -10,7 +10,7 @@
  * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
  *
  * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.60 2001/09/21 20:31:49 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.61 2001/09/26 19:54:12 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -435,10 +435,10 @@ pg_krb5_sendauth(char *PQerrormsg, int sock,
 
 #endif  /* KRB5 */
 
-#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
 static int
 pg_local_sendauth(char *PQerrormsg, PGconn *conn)
 {
+#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS))
        char buf;
        struct iovec iov;
        struct msghdr msg;
@@ -485,8 +485,12 @@ pg_local_sendauth(char *PQerrormsg, PGconn *conn)
                return STATUS_ERROR;
        }
        return STATUS_OK;
-}
+#else
+       snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+                        libpq_gettext("SCM_CRED authentication method not supported\n"));
+       return STATUS_ERROR;
 #endif
+}
 
 static int
 pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
@@ -614,14 +618,8 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
                        break;
 
                case AUTH_REQ_SCM_CREDS:
-#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
                        if (pg_local_sendauth(PQerrormsg, conn) != STATUS_OK)
                                return STATUS_ERROR;
-#else
-                       snprintf(PQerrormsg, PQERRORMSG_LENGTH,
-                                        libpq_gettext("SCM_CRED authentication method not supported\n"));
-                       return STATUS_ERROR;
-#endif
                        break;
 
                default: