Skip site navigation (1) Skip section navigation (2)

Solaris ident authentication using unix domain sockets

From: Garick Hamlin <ghamlin(at)isc(dot)upenn(dot)edu>
To: <pgsql-hackers(at)postgresql(dot)org>, <pgsql-patches(at)postgresql(dot)org>
Subject: Solaris ident authentication using unix domain sockets
Date: 2008-07-03 17:36:28
Message-ID: 20080703173628.GA1697@isc.upenn.edu (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Hi,
	I have a patch that I have been using to support postgresql's
notion of ident authentication when using unix domain sockets on
Solaris.  This patch basically just adds support for using 
getupeercred() on Solaris so unix sockets and ident auth works just
like it does on Linux and elsewhere.

	This was my first attempt wrestling with automake.  I've 
tested it builds properly after it is applied and autoreconf is run
on RHEL4/Linux/x86.  I am using the patch currently on Solaris 10 / 
x86.

Garick

diff -cr postgresql_CVS/configure.in postgresql/configure.in
*** postgresql_CVS/configure.in	Tue Jun 24 15:52:30 2008
--- postgresql/configure.in	Tue Jun 24 15:57:22 2008
***************
*** 1095,1101 ****
  AC_FUNC_ACCEPT_ARGTYPES
  PGAC_FUNC_GETTIMEOFDAY_1ARG
  
! AC_CHECK_FUNCS([cbrt dlopen fcvt fdatasync getpeereid getrlimit memmove poll pstat readlink setproctitle setsid sigprocmask symlink sysconf towlower utime utimes waitpid wcstombs])
  
  AC_CHECK_DECLS(fdatasync, [], [], [#include <unistd.h>])
  AC_CHECK_DECLS(posix_fadvise, [], [], [#include <fcntl.h>])
--- 1095,1101 ----
  AC_FUNC_ACCEPT_ARGTYPES
  PGAC_FUNC_GETTIMEOFDAY_1ARG
  
! AC_CHECK_FUNCS([getpeerucred cbrt dlopen fcvt fdatasync getpeereid getrlimit memmove poll pstat readlink setproctitle setsid sigprocmask symlink sysconf towlower utime utimes waitpid wcstombs])
  
  AC_CHECK_DECLS(fdatasync, [], [], [#include <unistd.h>])
  AC_CHECK_DECLS(posix_fadvise, [], [], [#include <fcntl.h>])
diff -cr postgresql_CVS/src/backend/libpq/hba.c postgresql/src/backend/libpq/hba.c
*** postgresql_CVS/src/backend/libpq/hba.c	Tue Jun 24 15:52:32 2008
--- postgresql/src/backend/libpq/hba.c	Tue Jun 24 15:53:00 2008
***************
*** 25,30 ****
--- 25,33 ----
  #include <sys/uio.h>
  #include <sys/ucred.h>
  #endif
+ #if defined(HAVE_GETPEERUCRED) 
+ #include <ucred.h>
+ #endif
  #include <netinet/in.h>
  #include <arpa/inet.h>
  #include <unistd.h>
***************
*** 1500,1505 ****
--- 1503,1539 ----
  	strlcpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1);
  
  	return true;
+ #elif defined(HAVE_GETPEERUCRED) /* Solaris > 10 */
+ 	uid_t		uid;
+ 	gid_t		gid;
+ 	struct passwd 	*pass;
+ 	int 		ucred_ok=1;
+ 	ucred_t *ucred = NULL;
+ 	if (getpeerucred(sock, &ucred) == -1)
+ 		ucred_ok = 0;
+ 	if (ucred_ok && (uid = ucred_geteuid(ucred)) == -1 )
+ 		ucred_ok = 0;
+ 	if (ucred_ok && (gid = ucred_getrgid(ucred)) == -1 )
+ 		ucred_ok = 0;
+ 	if (ucred)
+ 		ucred_free(ucred);
+ 	if (!ucred_ok) {
+ 		/* We didn't get a valid credentials struct. */
+ 		ereport(LOG, (
+ 			 "could not get peer credentials: %s",
+ 				strerror(errno)));
+ 		return false;
+ 	}
+ 	pass = getpwuid(uid);
+ 	if (pass == NULL)
+ 	{
+ 		ereport(LOG,
+ 			(errmsg("local user with ID %d does not exist",
+ 					(int) uid)));
+ 		return false;
+ 	}
+ 	strlcpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1);
+ 	return true;
  #elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS))
  	struct msghdr msg;
  

Responses

pgsql-hackers by date

Next:From: Pavel StehuleDate: 2008-07-03 17:42:56
Subject: Re: Resolving polymorphic functions with relateddatatypes
Previous:From: Mark MielkeDate: 2008-07-03 17:18:19
Subject: Re: A Windows x64 port of PostgreSQL

pgsql-patches by date

Next:From: Tom LaneDate: 2008-07-03 18:01:22
Subject: Re: Solaris ident authentication using unix domain sockets
Previous:From: Tom LaneDate: 2008-07-03 15:33:16
Subject: Re: [PATCHES] pg_dump lock timeout

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group