Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit98ae2c8

Browse files
committed
libpq: Remove code for SCM credential authentication
Support for SCM credential authentication has been removed in thebackend in 9.1, and libpq has kept some code to handle it forcompatibility.Commitbe4585b, that did the cleanup of the backend code, has doneso because the code was not really portable originally. And, as thereare likely little chances that this is used these days, this removes theremaining code from libpq. An error will now be raised by libpq ifattempting to connect to a server that returns AUTH_REQ_SCM_CREDS,instead.References to SCM credential authentication are removed from theprotocol documentation. This removes some meson and configure checks.Author: Michael PaquierReviewed-by: Tom LaneDiscussion:https://postgr.es/m/ZBLH8a4otfqgd6Kn@paquier.xyz
1 parent10b6745 commit98ae2c8

File tree

10 files changed

+1
-178
lines changed

10 files changed

+1
-178
lines changed

‎configure‎

Lines changed: 0 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -15181,22 +15181,6 @@ cat >>confdefs.h <<_ACEOF
1518115181
_ACEOF
1518215182

1518315183

15184-
ac_fn_c_check_type "$LINENO" "struct cmsgcred" "ac_cv_type_struct_cmsgcred" "#include <sys/socket.h>
15185-
#include <sys/param.h>
15186-
#ifdef HAVE_SYS_UCRED_H
15187-
#include <sys/ucred.h>
15188-
#endif
15189-
"
15190-
if test "x$ac_cv_type_struct_cmsgcred" = xyes; then :
15191-
15192-
cat >>confdefs.h <<_ACEOF
15193-
#define HAVE_STRUCT_CMSGCRED 1
15194-
_ACEOF
15195-
15196-
15197-
fi
15198-
15199-
1520015184
ac_fn_c_check_type "$LINENO" "struct option" "ac_cv_type_struct_option" "#ifdef HAVE_GETOPT_H
1520115185
#include <getopt.h>
1520215186
#endif

‎configure.ac‎

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1682,13 +1682,6 @@ AC_DEFINE_UNQUOTED([pg_restrict], [$pg_restrict],
16821682
[Define to keyword to use for C99 restrict support, or to nothing if not
16831683
supported])
16841684

1685-
AC_CHECK_TYPES([struct cmsgcred],[],[],
1686-
[#include <sys/socket.h>
1687-
#include <sys/param.h>
1688-
#ifdef HAVE_SYS_UCRED_H
1689-
#include <sys/ucred.h>
1690-
#endif])
1691-
16921685
AC_CHECK_TYPES([struct option],[],[],
16931686
[#ifdef HAVE_GETOPT_H
16941687
#include <getopt.h>

‎doc/src/sgml/libpq.sgml‎

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1300,16 +1300,6 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
13001300
</listitem>
13011301
</varlistentry>
13021302

1303-
<varlistentry>
1304-
<term><literal>creds</literal></term>
1305-
<listitem>
1306-
<para>
1307-
The server must request SCM credential authentication (deprecated
1308-
as of <productname>PostgreSQL</productname> 9.1).
1309-
</para>
1310-
</listitem>
1311-
</varlistentry>
1312-
13131303
<varlistentry>
13141304
<term><literal>none</literal></term>
13151305
<listitem>

‎doc/src/sgml/protocol.sgml‎

Lines changed: 0 additions & 52 deletions
Original file line numberDiff line numberDiff line change
@@ -315,24 +315,6 @@
315315
</listitem>
316316
</varlistentry>
317317

318-
<varlistentry>
319-
<term>AuthenticationSCMCredential</term>
320-
<listitem>
321-
<para>
322-
This response is only possible for local Unix-domain connections
323-
on platforms that support SCM credential messages. The frontend
324-
must issue an SCM credential message and then send a single data
325-
byte. (The contents of the data byte are uninteresting; it's
326-
only used to ensure that the server waits long enough to receive
327-
the credential message.) If the credential is acceptable,
328-
the server responds with an
329-
AuthenticationOk, otherwise it responds with an ErrorResponse.
330-
(This message type is only issued by pre-9.1 servers. It may
331-
eventually be removed from the protocol specification.)
332-
</para>
333-
</listitem>
334-
</varlistentry>
335-
336318
<varlistentry>
337319
<term>AuthenticationGSS</term>
338320
<listitem>
@@ -3449,40 +3431,6 @@ psql "dbname=postgres replication=database" -c "IDENTIFY_SYSTEM;"
34493431
</listitem>
34503432
</varlistentry>
34513433

3452-
<varlistentry id="protocol-message-formats-AuthenticationSCMCredential">
3453-
<term>AuthenticationSCMCredential (B)</term>
3454-
<listitem>
3455-
<variablelist>
3456-
<varlistentry>
3457-
<term>Byte1('R')</term>
3458-
<listitem>
3459-
<para>
3460-
Identifies the message as an authentication request.
3461-
</para>
3462-
</listitem>
3463-
</varlistentry>
3464-
3465-
<varlistentry>
3466-
<term>Int32(8)</term>
3467-
<listitem>
3468-
<para>
3469-
Length of message contents in bytes, including self.
3470-
</para>
3471-
</listitem>
3472-
</varlistentry>
3473-
3474-
<varlistentry>
3475-
<term>Int32(6)</term>
3476-
<listitem>
3477-
<para>
3478-
Specifies that an SCM credentials message is required.
3479-
</para>
3480-
</listitem>
3481-
</varlistentry>
3482-
</variablelist>
3483-
</listitem>
3484-
</varlistentry>
3485-
34863434
<varlistentry id="protocol-message-formats-AuthenticationGSS">
34873435
<term>AuthenticationGSS (B)</term>
34883436
<listitem>

‎meson.build‎

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -2144,20 +2144,6 @@ foreach c : decl_checks
21442144
endforeach
21452145

21462146

2147-
if cc.has_type('struct cmsgcred',
2148-
args: test_c_args+ ['@0@'.format(cdata.get('HAVE_SYS_UCRED_H'))=='false' ?'' :'-DHAVE_SYS_UCRED_H'],
2149-
include_directories: postgres_inc,
2150-
prefix:'''
2151-
#include <sys/socket.h>
2152-
#include <sys/param.h>
2153-
#ifdef HAVE_SYS_UCRED_H
2154-
#include <sys/ucred.h>
2155-
#endif''')
2156-
cdata.set('HAVE_STRUCT_CMSGCRED',1)
2157-
else
2158-
cdata.set('HAVE_STRUCT_CMSGCRED',false)
2159-
endif
2160-
21612147
if cc.has_type('struct option',
21622148
args: test_c_args,include_directories: postgres_inc,
21632149
prefix:'@0@'.format(cdata.get('HAVE_GETOPT_H'))=='1' ?'#include <getopt.h>' :'')

‎src/include/libpq/pqcomm.h‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,7 +116,7 @@ extern PGDLLIMPORT bool Db_user_namespace;
116116
#defineAUTH_REQ_PASSWORD3/* Password */
117117
#defineAUTH_REQ_CRYPT4/* crypt password. Not supported any more. */
118118
#defineAUTH_REQ_MD55/* md5 password */
119-
#defineAUTH_REQ_SCM_CREDS6/*transferSCMcredentials */
119+
/*6 is available. It was used forSCMcreds, not supported any more. */
120120
#defineAUTH_REQ_GSS7/* GSSAPI without wrap() */
121121
#defineAUTH_REQ_GSS_CONT8/* Continue GSS exchanges */
122122
#defineAUTH_REQ_SSPI9/* SSPI negotiate without wrap() */

‎src/include/pg_config.h.in‎

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -427,9 +427,6 @@
427427
/* Define to 1 if you have the `strsignal' function. */
428428
#undef HAVE_STRSIGNAL
429429

430-
/* Define to 1 if the system has the type `struct cmsgcred'. */
431-
#undef HAVE_STRUCT_CMSGCRED
432-
433430
/* Define to 1 if the system has the type `struct option'. */
434431
#undef HAVE_STRUCT_OPTION
435432

‎src/interfaces/libpq/fe-auth.c‎

Lines changed: 0 additions & 70 deletions
Original file line numberDiff line numberDiff line change
@@ -688,68 +688,6 @@ pg_SASL_continue(PGconn *conn, int payloadlen, bool final)
688688
returnSTATUS_OK;
689689
}
690690

691-
/*
692-
* Respond to AUTH_REQ_SCM_CREDS challenge.
693-
*
694-
* Note: this is dead code as of Postgres 9.1, because current backends will
695-
* never send this challenge. But we must keep it as long as libpq needs to
696-
* interoperate with pre-9.1 servers. It is believed to be needed only on
697-
* Debian/kFreeBSD (ie, FreeBSD kernel with Linux userland, so that the
698-
* getpeereid() function isn't provided by libc).
699-
*/
700-
staticint
701-
pg_local_sendauth(PGconn*conn)
702-
{
703-
#ifdefHAVE_STRUCT_CMSGCRED
704-
charbuf;
705-
structioveciov;
706-
structmsghdrmsg;
707-
structcmsghdr*cmsg;
708-
union
709-
{
710-
structcmsghdrhdr;
711-
unsignedcharbuf[CMSG_SPACE(sizeof(structcmsgcred))];
712-
}cmsgbuf;
713-
714-
/*
715-
* The backend doesn't care what we send here, but it wants exactly one
716-
* character to force recvmsg() to block and wait for us.
717-
*/
718-
buf='\0';
719-
iov.iov_base=&buf;
720-
iov.iov_len=1;
721-
722-
memset(&msg,0,sizeof(msg));
723-
msg.msg_iov=&iov;
724-
msg.msg_iovlen=1;
725-
726-
/* We must set up a message that will be filled in by kernel */
727-
memset(&cmsgbuf,0,sizeof(cmsgbuf));
728-
msg.msg_control=&cmsgbuf.buf;
729-
msg.msg_controllen=sizeof(cmsgbuf.buf);
730-
cmsg=CMSG_FIRSTHDR(&msg);
731-
cmsg->cmsg_len=CMSG_LEN(sizeof(structcmsgcred));
732-
cmsg->cmsg_level=SOL_SOCKET;
733-
cmsg->cmsg_type=SCM_CREDS;
734-
735-
if (sendmsg(conn->sock,&msg,0)==-1)
736-
{
737-
charsebuf[PG_STRERROR_R_BUFLEN];
738-
739-
appendPQExpBuffer(&conn->errorMessage,
740-
"pg_local_sendauth: sendmsg: %s\n",
741-
strerror_r(errno,sebuf,sizeof(sebuf)));
742-
returnSTATUS_ERROR;
743-
}
744-
745-
conn->client_finished_auth= true;
746-
returnSTATUS_OK;
747-
#else
748-
libpq_append_conn_error(conn,"SCM_CRED authentication method not supported");
749-
returnSTATUS_ERROR;
750-
#endif
751-
}
752-
753691
staticint
754692
pg_password_sendauth(PGconn*conn,constchar*password,AuthRequestareq)
755693
{
@@ -830,8 +768,6 @@ auth_method_description(AuthRequest areq)
830768
returnlibpq_gettext("server requested GSSAPI authentication");
831769
caseAUTH_REQ_SSPI:
832770
returnlibpq_gettext("server requested SSPI authentication");
833-
caseAUTH_REQ_SCM_CREDS:
834-
returnlibpq_gettext("server requested UNIX socket credentials");
835771
caseAUTH_REQ_SASL:
836772
caseAUTH_REQ_SASL_CONT:
837773
caseAUTH_REQ_SASL_FIN:
@@ -922,7 +858,6 @@ check_expected_areq(AuthRequest areq, PGconn *conn)
922858
caseAUTH_REQ_GSS:
923859
caseAUTH_REQ_GSS_CONT:
924860
caseAUTH_REQ_SSPI:
925-
caseAUTH_REQ_SCM_CREDS:
926861
caseAUTH_REQ_SASL:
927862
caseAUTH_REQ_SASL_CONT:
928863
caseAUTH_REQ_SASL_FIN:
@@ -1183,11 +1118,6 @@ pg_fe_sendauth(AuthRequest areq, int payloadlen, PGconn *conn)
11831118
}
11841119
break;
11851120

1186-
caseAUTH_REQ_SCM_CREDS:
1187-
if (pg_local_sendauth(conn)!=STATUS_OK)
1188-
returnSTATUS_ERROR;
1189-
break;
1190-
11911121
default:
11921122
libpq_append_conn_error(conn,"authentication method %u not supported",areq);
11931123
returnSTATUS_ERROR;

‎src/interfaces/libpq/fe-connect.c‎

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1333,10 +1333,6 @@ connectOptions2(PGconn *conn)
13331333
bits |= (1 <<AUTH_REQ_SASL_CONT);
13341334
bits |= (1 <<AUTH_REQ_SASL_FIN);
13351335
}
1336-
elseif (strcmp(method,"creds")==0)
1337-
{
1338-
bits= (1 <<AUTH_REQ_SCM_CREDS);
1339-
}
13401336
elseif (strcmp(method,"none")==0)
13411337
{
13421338
/*

‎src/tools/msvc/Solution.pm‎

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -338,7 +338,6 @@ sub GenerateFiles
338338
HAVE_STRLCPY=>undef,
339339
HAVE_STRNLEN=> 1,
340340
HAVE_STRSIGNAL=>undef,
341-
HAVE_STRUCT_CMSGCRED=>undef,
342341
HAVE_STRUCT_OPTION=>undef,
343342
HAVE_STRUCT_SOCKADDR_SA_LEN=>undef,
344343
HAVE_STRUCT_TM_TM_ZONE=>undef,

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp