diff -ur postgresql-7.1.2/src/backend/libpq/auth.c postgresql-7.1.2-ident-local/src/backend/libpq/auth.c --- postgresql-7.1.2/src/backend/libpq/auth.c Thu Mar 22 04:59:30 2001 +++ postgresql-7.1.2-ident-local/src/backend/libpq/auth.c Tue Jul 31 11:07:07 2001 @@ -527,8 +527,7 @@ break; case uaIdent: - if (authident(&port->raddr.in, &port->laddr.in, - port->user, port->auth_arg) == STATUS_OK) + if (authident(port) == STATUS_OK) { areq = AUTH_REQ_OK; auth_handler = handle_done_auth; @@ -780,8 +779,7 @@ break; case uaIdent: - status = authident(&port->raddr.in, &port->laddr.in, - port->user, port->auth_arg); + status = authident(port); break; case uaPassword: diff -ur postgresql-7.1.2/src/backend/libpq/hba.c postgresql-7.1.2-ident-local/src/backend/libpq/hba.c --- postgresql-7.1.2/src/backend/libpq/hba.c Sat Feb 10 03:31:26 2001 +++ postgresql-7.1.2-ident-local/src/backend/libpq/hba.c Tue Jul 31 11:10:27 2001 @@ -195,8 +195,10 @@ * For now, disallow methods that need AF_INET sockets to work. */ - if (!*error_p && - (port->auth_method == uaIdent || + if (!*error_p && ( +#ifndef HAVE_SO_PEERCRED + port->auth_method == uaIdent || +#endif port->auth_method == uaKrb4 || port->auth_method == uaKrb5)) *error_p = true; @@ -834,34 +836,53 @@ int -authident(struct sockaddr_in * raddr, struct sockaddr_in * laddr, - const char *postgres_username, - const char *auth_arg) +authident(struct Port *port) { /*--------------------------------------------------------------------------- - Talk to the ident server on the remote host and find out who owns the - connection described by "port". Then look in the usermap file under - the usermap *auth_arg and see if that user is equivalent to - Postgres user *user. + Talk to the ident server on the remote host or get peer credentials from + kernel and find out who owns the connection described by "port". Then + look in the usermap file under the usermap *auth_arg and see if that user + is equivalent to Postgres user *user. Return STATUS_OK if yes. ---------------------------------------------------------------------------*/ bool checks_out; bool ident_failed; - /* We were unable to get ident to give us a username */ + +#ifdef HAVE_SO_PEERCRED + struct ucred creds; /* numeric peer credentials */ + struct passwd *pw; /* map uid to name */ + int rc, size; +#endif + char ident_username[IDENT_USERNAME_MAX + 1]; - /* The username returned by ident */ - - ident(raddr->sin_addr, laddr->sin_addr, - raddr->sin_port, laddr->sin_port, - &ident_failed, ident_username); - - if (ident_failed) - return STATUS_ERROR; - - verify_against_usermap(postgres_username, ident_username, auth_arg, + + switch (port->laddr.sa.sa_family) { + case AF_INET: + ident(port->raddr.in.sin_addr, port->laddr.in.sin_addr, + port->raddr.in.sin_port, port->laddr.in.sin_port, + &ident_failed, ident_username); + if (ident_failed) return STATUS_ERROR; + break; +#ifdef HAVE_SO_PEERCRED + case AF_UNIX: + size=sizeof(creds); + rc=getsockopt(port->sock, SOL_SOCKET, SO_PEERCRED, + &creds, &size); + if (rc || (size!=sizeof(creds))) return STATUS_ERROR; + + pw=getpwuid(creds.uid); + if (!pw) return STATUS_ERROR; + + strncpy(ident_username, pw->pw_name, IDENT_USERNAME_MAX); + break; +#endif + default: + return STATUS_ERROR; + } + verify_against_usermap(port->user, ident_username, port->auth_arg, &checks_out); return checks_out ? STATUS_OK : STATUS_ERROR; diff -ur postgresql-7.1.2/src/include/libpq/hba.h postgresql-7.1.2-ident-local/src/include/libpq/hba.h --- postgresql-7.1.2/src/include/libpq/hba.h Thu Mar 22 05:00:47 2001 +++ postgresql-7.1.2-ident-local/src/include/libpq/hba.h Tue Jul 31 10:10:30 2001 @@ -41,7 +41,6 @@ typedef struct Port hbaPort; int hba_getauthmethod(hbaPort *port); -int authident(struct sockaddr_in * raddr, struct sockaddr_in * laddr, - const char *postgres_username, const char *auth_arg); +int authident(struct Port *port); #endif