[PATCHES] Re: [HACKERS] Solaris ident authentication using unix domain sockets

2008-07-03 Thread Garick Hamlin 
On Thu, Jul 03, 2008 at 02:01:22PM -0400, Tom Lane wrote:
> Garick Hamlin <[EMAIL PROTECTED]> writes:
> >   I have a patch that I have been using to support postgresql's
> > notion of ident authentication when using unix domain sockets on
> > Solaris.  This patch basically just adds support for using
> > getupeercred() on Solaris so unix sockets and ident auth works just
> > like it does on Linux and elsewhere.
> 
> Cool.
> 
> > + #if defined(HAVE_GETPEERUCRED)
> > + #include 
> > + #endif
> 
> But this is not cool.  There might be systems out there that have
> getpeerucred() but not , and this coding would cause a compile
> failure (even if they actually wouldn't be trying to use getpeerucred()
> because they have some other way to do it).  You need an explicit
> configure probe for the header file too, I think.
Ok, I can fix that.
> 
> Also, what is the rationale for putting this before the
> HAVE_STRUCT_CMSGCRED case instead of after?  Again, that seems like it
> could cause unexpected behavioral changes on platforms that work fine
> now (consider possibility that getpeerucred is there but broken).
Good Point, It should be the other way.
> 
> regards, tom lane

Thanks,

Garick

-- 
Sent via pgsql-patches mailing list (pgsql-patches@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-patches

[PATCHES] Solaris ident authentication using unix domain sockets

2008-07-03 Thread Garick Hamlin 
Hi,
I have a patch that I have been using to support postgresql's
notion of ident authentication when using unix domain sockets on
Solaris.  This patch basically just adds support for using 
getupeercred() on Solaris so unix sockets and ident auth works just
like it does on Linux and elsewhere.

This was my first attempt wrestling with automake.  I've 
tested it builds properly after it is applied and autoreconf is run
on RHEL4/Linux/x86.  I am using the patch currently on Solaris 10 / 
x86.

Garick

diff -cr postgresql_CVS/configure.in postgresql/configure.in
*** postgresql_CVS/configure.in Tue Jun 24 15:52:30 2008
--- postgresql/configure.in Tue Jun 24 15:57:22 2008
***
*** 1095,1101 
  AC_FUNC_ACCEPT_ARGTYPES
  PGAC_FUNC_GETTIMEOFDAY_1ARG
  
! AC_CHECK_FUNCS([cbrt dlopen fcvt fdatasync getpeereid getrlimit memmove poll 
pstat readlink setproctitle setsid sigprocmask symlink sysconf towlower utime 
utimes waitpid wcstombs])
  
  AC_CHECK_DECLS(fdatasync, [], [], [#include ])
  AC_CHECK_DECLS(posix_fadvise, [], [], [#include ])
--- 1095,1101 
  AC_FUNC_ACCEPT_ARGTYPES
  PGAC_FUNC_GETTIMEOFDAY_1ARG
  
! AC_CHECK_FUNCS([getpeerucred cbrt dlopen fcvt fdatasync getpeereid getrlimit 
memmove poll pstat readlink setproctitle setsid sigprocmask symlink sysconf 
towlower utime utimes waitpid wcstombs])
  
  AC_CHECK_DECLS(fdatasync, [], [], [#include ])
  AC_CHECK_DECLS(posix_fadvise, [], [], [#include ])
diff -cr postgresql_CVS/src/backend/libpq/hba.c 
postgresql/src/backend/libpq/hba.c
*** postgresql_CVS/src/backend/libpq/hba.c  Tue Jun 24 15:52:32 2008
--- postgresql/src/backend/libpq/hba.c  Tue Jun 24 15:53:00 2008
***
*** 25,30 
--- 25,33 
  #include 
  #include 
  #endif
+ #if defined(HAVE_GETPEERUCRED) 
+ #include 
+ #endif
  #include 
  #include 
  #include 
***
*** 1500,1505 
--- 1503,1539 
strlcpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1);
  
return true;
+ #elif defined(HAVE_GETPEERUCRED) /* Solaris > 10 */
+   uid_t   uid;
+   gid_t   gid;
+   struct passwd   *pass;
+   int ucred_ok=1;
+   ucred_t *ucred = NULL;
+   if (getpeerucred(sock, &ucred) == -1)
+   ucred_ok = 0;
+   if (ucred_ok && (uid = ucred_geteuid(ucred)) == -1 )
+   ucred_ok = 0;
+   if (ucred_ok && (gid = ucred_getrgid(ucred)) == -1 )
+   ucred_ok = 0;
+   if (ucred)
+   ucred_free(ucred);
+   if (!ucred_ok) {
+   /* We didn't get a valid credentials struct. */
+   ereport(LOG, (
+"could not get peer credentials: %s",
+   strerror(errno)));
+   return false;
+   }
+   pass = getpwuid(uid);
+   if (pass == NULL)
+   {
+   ereport(LOG,
+   (errmsg("local user with ID %d does not exist",
+   (int) uid)));
+   return false;
+   }
+   strlcpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1);
+   return true;
  #elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || 
(defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS))
struct msghdr msg;
  

-- 
Sent via pgsql-patches mailing list (pgsql-patches@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-patches