NotificationsYou must be signed in to change notification settings
Fork5
Star26

Commitbe83aac

committed

Disable local creds on OpenBSD because it doesn't support it. Document

supported platforms in pg_hba.conf.

1 parent16b9b75 commitbe83aacCopy full SHA for be83aac

File tree

4 files changed

+26

-25

lines changed

src
- backend/libpq
- interfaces/libpq
  - fe-auth.c

4 files changed

+26

-25

lines changed

`‎src/backend/libpq/auth.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.67 2001/09/21 20:31:45 tgl Exp $`
	`11`	`+ * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.68 2001/09/26 19:54:12 momjian Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -520,7 +520,7 @@ ClientAuthentication(Port *port)`
`520`	`520`	`break;`
`521`	`521`
`522`	`522`	`caseuaIdent:`
`523`		`-#if !defined(SO_PEERCRED)&& (defined(HAVE_STRUCT_CMSGCRED)\|\| defined(HAVE_STRUCT_FCRED)\|\| defined(HAVE_STRUCT_SOCKCRED))`
	`523`	`+#if !defined(SO_PEERCRED)&& (defined(HAVE_STRUCT_CMSGCRED)\|\| defined(HAVE_STRUCT_FCRED)\|\|(defined(HAVE_STRUCT_SOCKCRED)&& defined(LOCAL_CREDS)))`
`524`	`524`	`/*`
`525`	`525`	`*If we are doing ident on unix-domain sockets,`
`526`	`526`	`*use SCM_CREDS only if it is defined and SO_PEERCRED isn't.`

`‎src/backend/libpq/hba.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`	`*`
`11`	`11`	`*`
`12`	`12`	`* IDENTIFICATION`
`13`		`- * $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.72 2001/09/21 20:31:46 tgl Exp $`
	`13`	`+ * $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.73 2001/09/26 19:54:12 momjian Exp $`
`14`	`14`	`*`
`15`	`15`	`*-------------------------------------------------------------------------`
`16`	`16`	`*/`
`@@ -904,7 +904,7 @@ ident_unix(int sock, char *ident_user)`
`904`	`904`
`905`	`905`	`return true;`
`906`	`906`
`907`		`-#elif defined(HAVE_STRUCT_CMSGCRED)\|\| defined(HAVE_STRUCT_FCRED)\|\| defined(HAVE_STRUCT_SOCKCRED)`
	`907`	`+#elif defined(HAVE_STRUCT_CMSGCRED)\|\| defined(HAVE_STRUCT_FCRED)\|\|(defined(HAVE_STRUCT_SOCKCRED)&& defined(LOCAL_CREDS))`
`908`	`908`	`structmsghdrmsg;`
`909`	`909`
`910`	`910`	`/* Credentials structure */`

`‎src/backend/libpq/pg_hba.conf.sample`

Lines changed: 15 additions & 12 deletions

Original file line number	Diff line number	Diff line change
`@@ -125,18 +125,21 @@`
`125`	`125`	`#not store encrypted passwords if you use this option.`
`126`	`126`	`#`
`127`	`127`	`# ident:For TCP/IP connections, authentication is done by contacting`
`128`		`-#the ident server on the client host. (CAUTION: this is only`
`129`		`-#as secure as the client machine!) On machines that support`
`130`		`-#SO_PEERCRED or SCM_CREDS socket requests, this method also`
`131`		`-#works for local Unix-domain connections. AUTH_ARGUMENT is`
`132`		`-#required: it determines how to map remote user names to`
`133`		`-#Postgres user names. The AUTH_ARGUMENT is a map name found`
`134`		`-#in the $PGDATA/pg_ident.conf file. The connection is accepted`
`135`		`-#if that file contains an entry for this map name with the`
`136`		`-#ident-supplied username and the requested Postgres username.`
`137`		`-#The special map name "sameuser" indicates an implied map`
`138`		`-#(not in pg_ident.conf) that maps each ident username to the`
`139`		`-#identical PostgreSQL username.`
	`128`	`+#the ident server on the client host. (CAUTION: this is`
	`129`	`+#only as secure as the client machine!) On machines that`
	`130`	`+#support unix-domain socket credentials (currently Linux,`
	`131`	`+#FreeBSD, NetBSD, and BSD/OS), this method also works for`
	`132`	`+#"local" connections.`
	`133`	`+#`
	`134`	`+#AUTH_ARGUMENT is required: it determines how to map`
	`135`	`+#remote user names to Postgres user names. The`
	`136`	`+#AUTH_ARGUMENT is a map name found in the`
	`137`	`+#$PGDATA/pg_ident.conf file. The connection is accepted`
	`138`	`+#if that file contains an entry for this map name with`
	`139`	`+#the ident-supplied username and the requested Postgres`
	`140`	`+#username. The special map name "sameuser" indicates an`
	`141`	`+#implied map (not in pg_ident.conf) that maps each ident`
	`142`	`+#username to the identical PostgreSQL username.`
`140`	`143`	`#`
`141`	`144`	`# krb4:Kerberos V4 authentication is used. Allowed only for`
`142`	`145`	`#TCP/IP connections, not for local UNIX-domain sockets.`

`‎src/interfaces/libpq/fe-auth.c`

Lines changed: 7 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`	`* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).`
`11`	`11`	`*`
`12`	`12`	`* IDENTIFICATION`
`13`		`- * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.60 2001/09/21 20:31:49 tgl Exp $`
	`13`	`+ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.61 2001/09/26 19:54:12 momjian Exp $`
`14`	`14`	`*`
`15`	`15`	`*-------------------------------------------------------------------------`
`16`	`16`	`*/`
`@@ -435,10 +435,10 @@ pg_krb5_sendauth(char *PQerrormsg, int sock,`
`435`	`435`
`436`	`436`	`#endif/* KRB5 */`
`437`	`437`
`438`		`-#if defined(HAVE_STRUCT_CMSGCRED)\|\| defined(HAVE_STRUCT_FCRED)\|\| defined(HAVE_STRUCT_SOCKCRED)`
`439`	`438`	`staticint`
`440`	`439`	`pg_local_sendauth(charPQerrormsg,PGconnconn)`
`441`	`440`	`{`
	`441`	`+#if defined(HAVE_STRUCT_CMSGCRED)\|\| defined(HAVE_STRUCT_FCRED)\|\| (defined(HAVE_STRUCT_SOCKCRED)&& defined(LOCAL_CREDS))`
`442`	`442`	`charbuf;`
`443`	`443`	`structioveciov;`
`444`	`444`	`structmsghdrmsg;`
`@@ -485,8 +485,12 @@ pg_local_sendauth(char PQerrormsg, PGconn conn)`
`485`	`485`	`returnSTATUS_ERROR;`
`486`	`486`	`}`
`487`	`487`	`returnSTATUS_OK;`
`488`		`-}`
	`488`	`+#else`
	`489`	`+snprintf(PQerrormsg,PQERRORMSG_LENGTH,`
	`490`	`+libpq_gettext("SCM_CRED authentication method not supported\n"));`
	`491`	`+returnSTATUS_ERROR;`
`489`	`492`	`#endif`
	`493`	`+}`
`490`	`494`
`491`	`495`	`staticint`
`492`	`496`	`pg_password_sendauth(PGconnconn,constcharpassword,AuthRequestareq)`
`@@ -614,14 +618,8 @@ fe_sendauth(AuthRequest areq, PGconn conn, const char hostname,`
`614`	`618`	`break;`
`615`	`619`
`616`	`620`	`caseAUTH_REQ_SCM_CREDS:`
`617`		`-#if defined(HAVE_STRUCT_CMSGCRED)\|\| defined(HAVE_STRUCT_FCRED)\|\| defined(HAVE_STRUCT_SOCKCRED)`
`618`	`621`	`if (pg_local_sendauth(PQerrormsg,conn)!=STATUS_OK)`
`619`	`622`	`returnSTATUS_ERROR;`
`620`		`-#else`
`621`		`-snprintf(PQerrormsg,PQERRORMSG_LENGTH,`
`622`		`-libpq_gettext("SCM_CRED authentication method not supported\n"));`
`623`		`-returnSTATUS_ERROR;`
`624`		`-#endif`
`625`	`623`	`break;`
`626`	`624`
`627`	`625`	`default:`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitbe83aac

File tree

4 files changed

4 files changed

`‎src/backend/libpq/auth.c`

`‎src/backend/libpq/hba.c`

`‎src/backend/libpq/pg_hba.conf.sample`

`‎src/interfaces/libpq/fe-auth.c`

0 commit comments