NotificationsYou must be signed in to change notification settings
Fork5
Star26

Commitb777be0

committed

Un-break peer authentication.

Commit613c6d2 sloppily replaced alookup of the UID obtained from getpeereid() with a lookup of theserver's own user name, thus totally destroying peer authentication.Revert. Per report from Christoph Berg.In passing, make sure get_user_name() zeroes *errstr on success onWindows as well as non-Windows. I don't think any callers actuallydepend on this ATM, but we should be consistent across platforms.

1 parente5a452b commitb777be0Copy full SHA for b777be0

File tree

2 files changed

+10

-8

lines changed

src
- backend/libpq
  - auth.c
- common
  - username.c

2 files changed

+10

-8

lines changed

`‎src/backend/libpq/auth.c`

Lines changed: 8 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,6 @@`
`21`	`21`	`#include<arpa/inet.h>`
`22`	`22`	`#include<unistd.h>`
`23`	`23`
`24`		`-#include"common/username.h"`
`25`	`24`	`#include"libpq/auth.h"`
`26`	`25`	`#include"libpq/crypt.h"`
`27`	`26`	`#include"libpq/ip.h"`
`@@ -1560,8 +1559,7 @@ auth_peer(hbaPort *port)`
`1560`	`1559`	`charident_user[IDENT_USERNAME_MAX+1];`
`1561`	`1560`	`uid_tuid;`
`1562`	`1561`	`gid_tgid;`
`1563`		`-constchar*user_name;`
`1564`		`-char*errstr;`
	`1562`	`+structpasswd*pass;`
`1565`	`1563`
`1566`	`1564`	`errno=0;`
`1567`	`1565`	`if (getpeereid(port->sock,&uid,&gid)!=0)`
`@@ -1578,15 +1576,17 @@ auth_peer(hbaPort *port)`
`1578`	`1576`	`returnSTATUS_ERROR;`
`1579`	`1577`	`}`
`1580`	`1578`
`1581`		`-user_name=get_user_name(&errstr);`
`1582`		`-if (!user_name)`
	`1579`	`+pass=getpwuid(uid);`
	`1580`	`+`
	`1581`	`+if (pass==NULL)`
`1583`	`1582`	`{`
`1584`		`-ereport(LOG, (errmsg_internal("%s",errstr)));`
`1585`		`-pfree(errstr);`
	`1583`	`+ereport(LOG,`
	`1584`	`+(errmsg("local user with ID %d does not exist",`
	`1585`	`+(int)uid)));`
`1586`	`1586`	`returnSTATUS_ERROR;`
`1587`	`1587`	`}`
`1588`	`1588`
`1589`		`-strlcpy(ident_user,user_name,IDENT_USERNAME_MAX+1);`
	`1589`	`+strlcpy(ident_user,pass->pw_name,IDENT_USERNAME_MAX+1);`
`1590`	`1590`
`1591`	`1591`	`returncheck_usermap(port->hba->usermap,port->user_name,ident_user, false);`
`1592`	`1592`	`}`

`‎src/common/username.c`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -54,6 +54,8 @@ get_user_name(char **errstr)`
`54`	`54`	`staticcharusername[256+1];`
`55`	`55`	`DWORDlen=sizeof(username)-1;`
`56`	`56`
	`57`	`+*errstr=NULL;`
	`58`	`+`
`57`	`59`	`if (!GetUserName(username,&len))`
`58`	`60`	`{`
`59`	`61`	`*errstr=psprintf(_("user name lookup failure: %s"),strerror(errno));`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitb777be0

File tree

2 files changed

2 files changed

`‎src/backend/libpq/auth.c`

`‎src/common/username.c`

0 commit comments