_ACEOF

ac_fn_c_check_type "$LINENO" "struct cmsgcred" "ac_cv_type_struct_cmsgcred" "#include <sys/socket.h>

#include <sys/param.h>

#ifdef HAVE_SYS_UCRED_H

#include <sys/ucred.h>

#endif

"

if test "x$ac_cv_type_struct_cmsgcred" = xyes; then :

cat >>confdefs.h <<_ACEOF

#define HAVE_STRUCT_CMSGCRED 1

_ACEOF

fi

ac_fn_c_check_type "$LINENO" "struct option" "ac_cv_type_struct_option" "#ifdef HAVE_GETOPT_H

#include <getopt.h>

#endif

AC_CHECK_TYPES([struct cmsgcred],[],[],

AC_CHECK_TYPES([struct option],[],[],

</listitem>

</varlistentry>

<varlistentry>

<term><literal>creds</literal></term>

<listitem>

<para>

The server must request SCM credential authentication (deprecated

as of <productname>PostgreSQL</productname> 9.1).

</para>

</listitem>

</varlistentry>

<varlistentry>

<term><literal>none</literal></term>

<listitem>

</listitem>

</varlistentry>

<varlistentry>

<term>AuthenticationSCMCredential</term>

<listitem>

<para>

This response is only possible for local Unix-domain connections

on platforms that support SCM credential messages. The frontend

must issue an SCM credential message and then send a single data

byte. (The contents of the data byte are uninteresting; it's

only used to ensure that the server waits long enough to receive

the credential message.) If the credential is acceptable,

the server responds with an

AuthenticationOk, otherwise it responds with an ErrorResponse.

(This message type is only issued by pre-9.1 servers. It may

eventually be removed from the protocol specification.)

</para>

</listitem>

</varlistentry>

<varlistentry>

<term>AuthenticationGSS</term>

<listitem>

</listitem>

</varlistentry>

<varlistentry id="protocol-message-formats-AuthenticationSCMCredential">

<term>AuthenticationSCMCredential (B)</term>

<listitem>

<variablelist>

<varlistentry>

<term>Byte1('R')</term>

<listitem>

<para>

Identifies the message as an authentication request.

</para>

</listitem>

</varlistentry>

<varlistentry>

<term>Int32(8)</term>

<listitem>

<para>

Length of message contents in bytes, including self.

</para>

</listitem>

</varlistentry>

<varlistentry>

<term>Int32(6)</term>

<listitem>

<para>

Specifies that an SCM credentials message is required.

</para>

</listitem>

</varlistentry>

</variablelist>

</listitem>

</varlistentry>

<varlistentry id="protocol-message-formats-AuthenticationGSS">

<term>AuthenticationGSS (B)</term>

<listitem>

if cc.has_type('struct cmsgcred',

args: test_c_args+ ['@0@'.format(cdata.get('HAVE_SYS_UCRED_H'))=='false' ?'' :'-DHAVE_SYS_UCRED_H'],

include_directories: postgres_inc,

prefix:'''

#endif''')

cdata.set('HAVE_STRUCT_CMSGCRED',1)

cdata.set('HAVE_STRUCT_CMSGCRED',false)

if cc.has_type('struct option',

args: test_c_args,include_directories: postgres_inc,

prefix:'@0@'.format(cdata.get('HAVE_GETOPT_H'))=='1' ?'#include <getopt.h>' :'')

#defineAUTH_REQ_PASSWORD3/* Password */

#defineAUTH_REQ_CRYPT4/* crypt password. Not supported any more. */

#defineAUTH_REQ_MD55/* md5 password */

#defineAUTH_REQ_GSS7/* GSSAPI without wrap() */

#defineAUTH_REQ_GSS_CONT8/* Continue GSS exchanges */

#defineAUTH_REQ_SSPI9/* SSPI negotiate without wrap() */

#undef HAVE_STRSIGNAL

#undef HAVE_STRUCT_CMSGCRED

#undef HAVE_STRUCT_OPTION

returnSTATUS_OK;

}

pg_local_sendauth(PGconn*conn)

{

charbuf;

structioveciov;

structmsghdrmsg;

structcmsghdr*cmsg;

{

structcmsghdrhdr;

unsignedcharbuf[CMSG_SPACE(sizeof(structcmsgcred))];

}cmsgbuf;

buf='\0';

iov.iov_base=&buf;

iov.iov_len=1;

memset(&msg,0,sizeof(msg));

msg.msg_iov=&iov;

msg.msg_iovlen=1;

memset(&cmsgbuf,0,sizeof(cmsgbuf));

msg.msg_control=&cmsgbuf.buf;

msg.msg_controllen=sizeof(cmsgbuf.buf);

cmsg=CMSG_FIRSTHDR(&msg);

cmsg->cmsg_len=CMSG_LEN(sizeof(structcmsgcred));

cmsg->cmsg_level=SOL_SOCKET;

cmsg->cmsg_type=SCM_CREDS;

if (sendmsg(conn->sock,&msg,0)==-1)

{

charsebuf[PG_STRERROR_R_BUFLEN];

appendPQExpBuffer(&conn->errorMessage,

"pg_local_sendauth: sendmsg: %s\n",

strerror_r(errno,sebuf,sizeof(sebuf)));

returnSTATUS_ERROR;

}

conn->client_finished_auth= true;

returnSTATUS_OK;

libpq_append_conn_error(conn,"SCM_CRED authentication method not supported");

returnSTATUS_ERROR;

}

pg_password_sendauth(PGconn*conn,constchar*password,AuthRequestareq)

{

returnlibpq_gettext("server requested GSSAPI authentication");

caseAUTH_REQ_SSPI:

returnlibpq_gettext("server requested SSPI authentication");

caseAUTH_REQ_SCM_CREDS:

returnlibpq_gettext("server requested UNIX socket credentials");

caseAUTH_REQ_SASL:

caseAUTH_REQ_SASL_CONT:

caseAUTH_REQ_SASL_FIN:

caseAUTH_REQ_GSS:

caseAUTH_REQ_GSS_CONT:

caseAUTH_REQ_SSPI:

caseAUTH_REQ_SCM_CREDS:

caseAUTH_REQ_SASL:

caseAUTH_REQ_SASL_CONT:

caseAUTH_REQ_SASL_FIN:

}

break;

caseAUTH_REQ_SCM_CREDS:

if (pg_local_sendauth(conn)!=STATUS_OK)

returnSTATUS_ERROR;

break;

default:

libpq_append_conn_error(conn,"authentication method %u not supported",areq);

returnSTATUS_ERROR;

bits |= (1 <<AUTH_REQ_SASL_CONT);

bits |= (1 <<AUTH_REQ_SASL_FIN);

}

elseif (strcmp(method,"creds")==0)

{

bits= (1 <<AUTH_REQ_SCM_CREDS);

}

elseif (strcmp(method,"none")==0)

{

HAVE_STRLCPY=>undef,

HAVE_STRNLEN=> 1,

HAVE_STRSIGNAL=>undef,

HAVE_STRUCT_CMSGCRED=>undef,

HAVE_STRUCT_OPTION=>undef,

HAVE_STRUCT_SOCKADDR_SA_LEN=>undef,

HAVE_STRUCT_TM_TM_ZONE=>undef,