From b8f2980209876f060a189cc1dbc4af520b735791 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sat, 20 Dec 2003 18:24:52 +0000 Subject: [PATCH] Fix broken IDENT support for FreeBSD (appears to have been broken by ill-considered conditional logic in getpeereid patch of 3-Dec-2002). Per bug #1021. --- src/backend/libpq/auth.c | 27 +++++++++++++-------------- src/interfaces/libpq/fe-auth.c | 15 +++++++++++---- 2 files changed, 24 insertions(+), 18 deletions(-) diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 9e38185673..355afba89c 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.113 2003/11/29 19:51:49 pgsql Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.114 2003/12/20 18:24:52 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -471,32 +471,31 @@ ClientAuthentication(Port *port) break; case uaIdent: -#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || \ - (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) && \ - !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) - /* * If we are doing ident on unix-domain sockets, use SCM_CREDS * only if it is defined and SO_PEERCRED isn't. */ -#if defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED) - - /* - * Receive credentials on next message receipt, BSD/OS, - * NetBSD. We need to set this before the client sends the - * next packet. - */ +#if !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) && \ + (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || \ + (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS))) + if (port->raddr.addr.ss_family == AF_UNIX) { +#if defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED) + /* + * Receive credentials on next message receipt, BSD/OS, + * NetBSD. We need to set this before the client sends the + * next packet. + */ int on = 1; if (setsockopt(port->sock, 0, LOCAL_CREDS, &on, sizeof(on)) < 0) ereport(FATAL, (errcode_for_socket_access(), errmsg("could not enable credential reception: %m"))); - } #endif - if (port->raddr.addr.ss_family == AF_UNIX) + sendAuthRequest(port, AUTH_REQ_SCM_CREDS); + } #endif status = authident(port); break; diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index 146b832e3c..f3aa18dff5 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -10,7 +10,7 @@ * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes). * * IDENTIFICATION - * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.86 2003/11/29 19:52:11 pgsql Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.87 2003/12/20 18:24:52 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -447,12 +447,19 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname) } #endif /* KRB5 */ +/* + * Respond to AUTH_REQ_SCM_CREDS challenge. + * + * Note: the backend will not use this challenge if HAVE_GETPEEREID + * or SO_PEERCRED is defined, so we don't bother to compile any code + * in that case, even if the facility is available. + */ static int pg_local_sendauth(char *PQerrormsg, PGconn *conn) { -#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || \ - (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) && \ - !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) +#if !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) && \ + (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || \ + (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS))) char buf; struct iovec iov; struct msghdr msg; -- 2.11.0