Re: getpeereid() for local ident

Both emails look good. Thanks. This will be in 7.4.

---------------------------------------------------------------------------

Alex Cichowski wrote:
> My previous post seems to have been corrupted in some way. Or at least it
> appears broken on http://archives.postgresql.org. I'll try again...
>
> >From thread "openbsd getpeereid(), local ident:" (Nov 2002):
> Bruce Momjian wrote:
> > Please send over the patch and I will see if I can get it in. I had
> > meant to add getpeereid() for OpenBSD myself but never go the time.
> > ...
> > William Ahern wrote:
> > > there's a patch for getpeereid() dated Dec 3, 2001. a follow-up post
> > > said that something like it was already in, but "not using
> > > getpeereid". however, openbsd only supports getpeereid(). will this
> > > patch be implemented?
>
> I needed the local ident authentication feature on OpenBSD and it seemed
> simple enough, so I implemented it myself. I have included my patch below,
> which was made for the 7.3.1 source tree. (The patch referenced above
> seems to add a new authentication method rather than extending the current
> local ident support.)
>
> >From thread "Add another AUTHTYPE for UNIX-domain connections" (Dec 2001):
> Bruce Momjian wrote:
> > OpenBSD implements only getpeereid(). I have added this to the TODO
> > list. We already have the other BSD's covered, and Linux. I am
> > concerned about moving to getpeereid() on the other BSD's because we
> > have working code already for them and I am not sure how new the OS has
> > to be to have getpeereid() support, i.e. is it in FreeBSD 4.4?
>
> I have put the getpeereid() code last in the #elif chain in this patch, so
> getpeereid() will only be used if there is no other alternative.
>
> If you wish to use this patch, please verify that I have added the
> autoconf check for getpeereid() correctly, as I am not very familiar with
> autoconf.
>
> Sincerely,
> Alex
>
> diff -uNr postgresql-7.3.1.orig/configure postgresql-7.3.1/configure
> --- postgresql-7.3.1.orig/configure Wed Dec 18 12:37:17 2002
> +++ postgresql-7.3.1/configure Sat Jan 25 16:54:43 2003
> @@ -9819,7 +9819,8 @@
>
>
>
> -for ac_func in cbrt fcvt getopt_long memmove pstat setproctitle setsid sigprocmask sysconf waitpid dlopen fdatasync
> +
> +for ac_func in cbrt fcvt getopt_long memmove pstat setproctitle setsid sigprocmask sysconf waitpid dlopen fdatasync getpeereid
> do
> as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
> echo "$as_me:$LINENO: checking for $ac_func" >&5
> diff -uNr postgresql-7.3.1.orig/configure.in postgresql-7.3.1/configure.in
> --- postgresql-7.3.1.orig/configure.in Wed Dec 18 12:37:20 2002
> +++ postgresql-7.3.1/configure.in Sat Jan 25 16:54:43 2003
> @@ -782,7 +782,7 @@
> # SunOS doesn't handle negative byte comparisons properly with +/- return
> AC_FUNC_MEMCMP
>
> -AC_CHECK_FUNCS([cbrt fcvt getopt_long memmove pstat setproctitle setsid sigprocmask sysconf waitpid dlopen fdatasync])
> +AC_CHECK_FUNCS([cbrt fcvt getopt_long memmove pstat setproctitle setsid sigprocmask sysconf waitpid dlopen fdatasync getpeereid])
>
> AC_CHECK_DECLS(fdatasync, [], [], [#include <unistd.h>])
>
> diff -uNr postgresql-7.3.1.orig/src/backend/libpq/hba.c postgresql-7.3.1/src/backend/libpq/hba.c
> --- postgresql-7.3.1.orig/src/backend/libpq/hba.c Sun Dec 15 05:19:43 2002
> +++ postgresql-7.3.1/src/backend/libpq/hba.c Sat Jan 25 16:54:43 2003
> @@ -1311,6 +1311,30 @@
>
> return true;
>
> +#elif defined(HAVE_GETPEEREID)
> + uid_t euid;
> + gid_t egid;
> + struct passwd *pw;
> +
> + if (getpeereid(sock, &euid, &egid) != 0)
> + {
> + elog(LOG, "ident_unix: getpeereid() error: %m");
> + return false;
> + }
> +
> + pw = getpwuid(euid);
> +
> + if (pw == NULL)
> + {
> + elog(LOG, "ident_unix: unknown local user with uid %d",
> + (int) euid);
> + return false;
> + }
> +
> + StrNCpy(ident_user, pw->pw_name, IDENT_USERNAME_MAX + 1);
> +
> + return true;
> +
> #else
> elog(LOG, "'ident' auth is not supported on local connections on this platform");
>
> diff -uNr postgresql-7.3.1.orig/src/include/pg_config.h.in postgresql-7.3.1/src/include/pg_config.h.in
> --- postgresql-7.3.1.orig/src/include/pg_config.h.in Fri Nov 8 15:53:09 2002
> +++ postgresql-7.3.1/src/include/pg_config.h.in Sat Jan 25 16:59:51 2003
> @@ -655,6 +655,9 @@
> /* Define exactly one of these symbols to select shared-mem implementation */
> #undef USE_SYSV_SHARED_MEMORY
>
> +/* Define if you have getpeereid() */
> +#undef HAVE_GETPEEREID
> +
>
> /*
> *------------------------------------------------------------------------
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073