Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitf426fbf

Browse files
committed
Ident authentication over Unix-domain sockets on Solaris, using
getpeerucred() function.Author: Garick Hamlin <ghamlin@isc.upenn.edu>
1 parent29ad832 commitf426fbf

File tree

5 files changed

+56
-8
lines changed

5 files changed

+56
-8
lines changed

‎configure‎

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8925,7 +8925,8 @@ done
89258925

89268926

89278927

8928-
for ac_header in crypt.h dld.h fp_class.h getopt.h ieeefp.h langinfo.h poll.h pwd.h sys/ipc.h sys/poll.h sys/pstat.h sys/resource.h sys/select.h sys/sem.h sys/socket.h sys/shm.h sys/tas.h sys/time.h sys/un.h termios.h utime.h wchar.h wctype.h kernel/OS.h kernel/image.h SupportDefs.h
8928+
8929+
for ac_header in crypt.h dld.h fp_class.h getopt.h ieeefp.h langinfo.h poll.h pwd.h sys/ipc.h sys/poll.h sys/pstat.h sys/resource.h sys/select.h sys/sem.h sys/socket.h sys/shm.h sys/tas.h sys/time.h sys/un.h termios.h ucred.h utime.h wchar.h wctype.h kernel/OS.h kernel/image.h SupportDefs.h
89298930
do
89308931
as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
89318932
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
@@ -15804,7 +15805,8 @@ fi
1580415805

1580515806

1580615807

15807-
for ac_func in cbrt dlopen fcvt fdatasync getpeereid getrlimit memmove poll pstat readlink setproctitle setsid sigprocmask symlink sysconf towlower utime utimes waitpid wcstombs
15808+
15809+
for ac_func in cbrt dlopen fcvt fdatasync getpeereid getpeerucred getrlimit memmove poll pstat readlink setproctitle setsid sigprocmask symlink sysconf towlower utime utimes waitpid wcstombs
1580815810
do
1580915811
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
1581015812
{ echo "$as_me:$LINENO: checking for $ac_func" >&5

‎configure.in‎

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
dnl Process this file with autoconf to produce a configure script.
2-
dnl $PostgreSQL: pgsql/configure.in,v 1.571 2008/10/30 12:28:51 petere Exp $
2+
dnl $PostgreSQL: pgsql/configure.in,v 1.572 2008/11/18 13:10:20 petere Exp $
33
dnl
44
dnl Developers, please strive to achieve this order:
55
dnl
@@ -955,7 +955,7 @@ AC_SUBST(OSSP_UUID_LIBS)
955955
##
956956

957957
dnl sys/socket.h is required by AC_FUNC_ACCEPT_ARGTYPES
958-
AC_CHECK_HEADERS([crypt.h dld.h fp_class.h getopt.h ieeefp.h langinfo.h poll.h pwd.h sys/ipc.h sys/poll.h sys/pstat.h sys/resource.h sys/select.h sys/sem.h sys/socket.h sys/shm.h sys/tas.h sys/time.h sys/un.h termios.h utime.h wchar.h wctype.h kernel/OS.h kernel/image.h SupportDefs.h])
958+
AC_CHECK_HEADERS([crypt.h dld.h fp_class.h getopt.h ieeefp.h langinfo.h poll.h pwd.h sys/ipc.h sys/poll.h sys/pstat.h sys/resource.h sys/select.h sys/sem.h sys/socket.h sys/shm.h sys/tas.h sys/time.h sys/un.h termios.hucred.hutime.h wchar.h wctype.h kernel/OS.h kernel/image.h SupportDefs.h])
959959

960960
# At least on IRIX, cpp test for netinet/tcp.h will fail unless
961961
# netinet/in.h is included first.
@@ -1134,7 +1134,7 @@ PGAC_VAR_INT_TIMEZONE
11341134
AC_FUNC_ACCEPT_ARGTYPES
11351135
PGAC_FUNC_GETTIMEOFDAY_1ARG
11361136

1137-
AC_CHECK_FUNCS([cbrt dlopen fcvt fdatasync getpeereid getrlimit memmove poll pstat readlink setproctitle setsid sigprocmask symlink sysconf towlower utime utimes waitpid wcstombs])
1137+
AC_CHECK_FUNCS([cbrt dlopen fcvt fdatasync getpeereidgetpeerucredgetrlimit memmove poll pstat readlink setproctitle setsid sigprocmask symlink sysconf towlower utime utimes waitpid wcstombs])
11381138

11391139
AC_CHECK_DECLS(fdatasync, [], [], [#include <unistd.h>])
11401140
AC_CHECK_DECLS(posix_fadvise, [], [], [#include <fcntl.h>])

‎doc/src/sgml/client-auth.sgml‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.110 2008/10/28 12:10:42 mha Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.111 2008/11/18 13:10:20 petere Exp $ -->
22

33
<chapter id="client-authentication">
44
<title>Client Authentication</title>
@@ -1005,7 +1005,7 @@ omicron bryanh guest1
10051005
Unix-domain sockets (currently <systemitem
10061006
class="osname">Linux</>, <systemitem class="osname">FreeBSD</>,
10071007
<systemitem class="osname">NetBSD</>, <systemitem class="osname">OpenBSD</>,
1008-
and<systemitem class="osname">BSD/OS</>), ident authentication can also
1008+
<systemitem class="osname">BSD/OS</>, and <systemitem class="osname">Solaris</systemitem>), ident authentication can also
10091009
be applied to local connections. In this case, no security risk is added by
10101010
using ident authentication; indeed it is a preferable choice for
10111011
local connections on such systems.

‎src/backend/libpq/auth.c‎

Lines changed: 41 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.170 2008/10/28 12:10:43 mha Exp $
11+
* $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.171 2008/11/18 13:10:20 petere Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -21,6 +21,9 @@
2121
#include<sys/uio.h>
2222
#include<sys/ucred.h>
2323
#endif
24+
#ifdefHAVE_UCRED_H
25+
# include<ucred.h>
26+
#endif
2427
#include<netinet/in.h>
2528
#include<arpa/inet.h>
2629
#include<unistd.h>
@@ -1611,6 +1614,43 @@ ident_unix(int sock, char *ident_user)
16111614

16121615
strlcpy(ident_user,pass->pw_name,IDENT_USERNAME_MAX+1);
16131616

1617+
return true;
1618+
#elif defined(HAVE_GETPEERUCRED)
1619+
/* Solaris > 10 */
1620+
uid_tuid;
1621+
structpasswd*pass;
1622+
ucred_t*ucred;
1623+
1624+
ucred=NULL;/* must be initialized to NULL */
1625+
if (getpeerucred(sock,&ucred)==-1)
1626+
{
1627+
ereport(LOG,
1628+
(errcode_for_socket_access(),
1629+
errmsg("could not get peer credentials: %m")));
1630+
return false;
1631+
}
1632+
1633+
if ((uid=ucred_geteuid(ucred))==-1)
1634+
{
1635+
ereport(LOG,
1636+
(errcode_for_socket_access(),
1637+
errmsg("could not get effective UID from peer credentials: %m")));
1638+
return false;
1639+
}
1640+
1641+
ucred_free(ucred);
1642+
1643+
pass=getpwuid(uid);
1644+
if (pass==NULL)
1645+
{
1646+
ereport(LOG,
1647+
(errmsg("local user with ID %d does not exist",
1648+
(int)uid)));
1649+
return false;
1650+
}
1651+
1652+
strlcpy(ident_user,pass->pw_name,IDENT_USERNAME_MAX+1);
1653+
16141654
return true;
16151655
#elif defined(HAVE_STRUCT_CMSGCRED)|| defined(HAVE_STRUCT_FCRED)|| (defined(HAVE_STRUCT_SOCKCRED)&& defined(LOCAL_CREDS))
16161656
structmsghdrmsg;

‎src/include/pg_config.h.in‎

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -182,6 +182,9 @@
182182
/* Define to 1 if you have the `getpeereid' function. */
183183
#undef HAVE_GETPEEREID
184184

185+
/* Define to 1 if you have the `getpeerucred' function. */
186+
#undef HAVE_GETPEERUCRED
187+
185188
/* Define to 1 if you have the `getpwuid_r' function. */
186189
#undef HAVE_GETPWUID_R
187190

@@ -557,6 +560,9 @@
557560
/* Define to 1 if you have the external array `tzname'. */
558561
#undef HAVE_TZNAME
559562

563+
/* Define to 1 if you have the <ucred.h> header file. */
564+
#undef HAVE_UCRED_H
565+
560566
/* Define to 1 if the system has the type `uint64'. */
561567
#undef HAVE_UINT64
562568

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp