Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit49435fb

Browse files
committed
Remove SO_PASSCRED step in ident_unix --- according to Helge Bahmann,
that call is not needed to prepare for SO_PEERCRED. Also, simplify codeso that #ifdef SO_PEERCRED appears in only one place, to make it easierto support other platforms with variants of this capability.
1 parentcb90b2d commit49435fb

File tree

1 file changed

+17
-43
lines changed

1 file changed

+17
-43
lines changed

‎src/backend/libpq/hba.c

Lines changed: 17 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
*
1111
*
1212
* IDENTIFICATION
13-
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.59 2001/08/01 23:52:50 tgl Exp $
13+
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.60 2001/08/02 14:27:40 tgl Exp $
1414
*
1515
*-------------------------------------------------------------------------
1616
*/
@@ -290,26 +290,11 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
290290
gotohba_syntax;
291291

292292
/*
293-
* Disallow auth methods that need AF_INET sockets to work.
294-
* Allow "ident" if we can get the identity of the connection
295-
* peer on Unix domain sockets from the OS.
293+
* Disallow auth methods that always need AF_INET sockets to work.
296294
*/
297295
if (port->auth_method==uaKrb4||
298296
port->auth_method==uaKrb5)
299297
gotohba_syntax;
300-
#ifndefSO_PEERCRED
301-
if (port->auth_method==uaIdent)
302-
{
303-
/* Give a special error message for this case... */
304-
snprintf(PQerrormsg,PQERRORMSG_LENGTH,
305-
"parse_hba: \"ident\" auth is not supported on local connections on this platform\n");
306-
fputs(PQerrormsg,stderr);
307-
pqdebug("%s",PQerrormsg);
308-
309-
*error_p= true;
310-
return;
311-
}
312-
#endif
313298

314299
/*
315300
* If this record doesn't match the parameters of the connection
@@ -326,23 +311,22 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
326311
{
327312
structin_addrfile_ip_addr,mask;
328313

329-
#ifdefUSE_SSL
330-
/* If SSL, then check that we are on SSL */
331314
if (strcmp(token,"hostssl")==0)
332315
{
316+
#ifdefUSE_SSL
317+
/* Record does not match if we are not on an SSL connection */
333318
if (!port->ssl)
334319
return;
335320

336321
/* Placeholder to require specific SSL level, perhaps? */
337322
/* Or a client certificate */
338323

339324
/* Since we were on SSL, proceed as with normal 'host' mode */
340-
}
341325
#else
342-
/* If not SSL, we don't support this */
343-
if (strcmp(token,"hostssl")==0)
326+
/* We don't accept this keyword at all if no SSL support */
344327
gotohba_syntax;
345328
#endif
329+
}
346330

347331
/* Get the database. */
348332
line=lnext(line);
@@ -866,8 +850,6 @@ ident_inet(const struct in_addr remote_ip_addr,
866850
returnident_return;
867851
}
868852

869-
#ifdefSO_PEERCRED
870-
871853
/*
872854
* Ask kernel about the credentials of the connecting process and
873855
* determine the symbolic name of the corresponding user.
@@ -878,26 +860,12 @@ ident_inet(const struct in_addr remote_ip_addr,
878860
staticbool
879861
ident_unix(intsock,char*ident_user)
880862
{
863+
#ifdefSO_PEERCRED
864+
/* Linux style: use getsockopt(SO_PEERCRED) */
881865
structucredpeercred;
882866
socklen_tso_len;
883867
structpasswd*pass;
884868

885-
#ifdefSO_PASSCRED
886-
intpasscred=-1;
887-
888-
so_len=sizeof(passcred);
889-
if (setsockopt(sock,SOL_SOCKET,SO_PASSCRED,&passcred,so_len)!=0)
890-
{
891-
/* We could not set the socket to pass credentials */
892-
snprintf(PQerrormsg,PQERRORMSG_LENGTH,
893-
"Could not set the UNIX socket to pass credentials: %s\n",
894-
strerror(errno));
895-
fputs(PQerrormsg,stderr);
896-
pqdebug("%s",PQerrormsg);
897-
return false;
898-
}
899-
#endif/* SO_PASSCRED */
900-
901869
errno=0;
902870
so_len=sizeof(peercred);
903871
if (getsockopt(sock,SOL_SOCKET,SO_PEERCRED,&peercred,&so_len)!=0||
@@ -928,9 +896,17 @@ ident_unix(int sock, char *ident_user)
928896
StrNCpy(ident_user,pass->pw_name,IDENT_USERNAME_MAX);
929897

930898
return true;
931-
}
899+
900+
#else/* not SO_PEERCRED */
901+
902+
snprintf(PQerrormsg,PQERRORMSG_LENGTH,
903+
"IDENT auth is not supported on local connections on this platform\n");
904+
fputs(PQerrormsg,stderr);
905+
pqdebug("%s",PQerrormsg);
906+
return false;
932907

933908
#endif/* SO_PEERCRED */
909+
}
934910

935911
/*
936912
* Determine the username of the initiator of the connection described
@@ -954,12 +930,10 @@ authident(hbaPort *port)
954930
port->laddr.in.sin_port,ident_user))
955931
returnSTATUS_ERROR;
956932
break;
957-
#ifdefSO_PEERCRED
958933
caseAF_UNIX:
959934
if (!ident_unix(port->sock,ident_user))
960935
returnSTATUS_ERROR;
961936
break;
962-
#endif
963937
default:
964938
returnSTATUS_ERROR;
965939
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp