Re: Solaris ident authentication using unix domain sockets

On Thu, Jul 03, 2008 at 02:01:22PM -0400, Tom Lane wrote:
> Garick Hamlin <ghamlin(at)isc(dot)upenn(dot)edu> writes:
> > I have a patch that I have been using to support postgresql's
> > notion of ident authentication when using unix domain sockets on
> > Solaris. This patch basically just adds support for using
> > getupeercred() on Solaris so unix sockets and ident auth works just
> > like it does on Linux and elsewhere.
>
> Cool.
>
> > + #if defined(HAVE_GETPEERUCRED)
> > + #include <ucred.h>
> > + #endif
>
> But this is not cool. There might be systems out there that have
> getpeerucred() but not <ucred.h>, and this coding would cause a compile
> failure (even if they actually wouldn't be trying to use getpeerucred()
> because they have some other way to do it). You need an explicit
> configure probe for the header file too, I think.
Ok, I can fix that.
>
> Also, what is the rationale for putting this before the
> HAVE_STRUCT_CMSGCRED case instead of after? Again, that seems like it
> could cause unexpected behavioral changes on platforms that work fine
> now (consider possibility that getpeerucred is there but broken).
Good Point, It should be the other way.
>
> regards, tom lane

Thanks,

Garick