Re: openbsd getpeereid(), local ident

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: William Ahern <william(at)25thandClement(dot)com>
Cc: PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: openbsd getpeereid(), local ident
Date: 2002-12-03 22:08:57
Message-ID: 200212032208.gB3M8vN19732@candle.pha.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches


I have applied the following patch. I added a configure.in symbol check
for getpeereid(), and added doc updated. I also modified the code to
more closely match current CVS.

The second patch guards against platforms that may have getpeereid()
_and_ one of the other local creditials methods. Both patches should be
applied before testing.

Please let me know how it works on OpenBSD.

---------------------------------------------------------------------------

William Ahern wrote:
> On Fri, Nov 15, 2002 at 12:24:35PM -0500, Bruce Momjian wrote:
> > William Ahern wrote:
> > > here's the original patch:
> > >
> > > http://archives.postgresql.org/pgsql-patches/2001-12/msg00001.php
> > >
> > > however, a cursory look at 7.2.3 w/ the SO_PEERCRED code makes me think
> > > this patch might not fit well.
> > >
> > > My Darwin man page says that its getpeereid() is a wrapper around setsockopt
> > > and LOCAL_PEERCRED. maybe it would be worth it to write an xgetpeereid()
> > > wrapper if #ndef HAVE_GET_PEEREID since the getpeereid syntax seems so much
> > > more cleaner. tho, i remember looking thru the code that some platforms
> > > need to setsockopt(), then read/write and only *then* see the creds... tho
> > > a multiple call convention to getpeereid...
> > >
> > > anyhow.... ;)
> >
> > I will take a look at it later.
> >
>
> maybe this will make it easier ;) i went thru the code and unless i
> misunderstood something (definetly possible), this might be all that is
> needed (w/ the exception of an AC_CHECK_FUNC(getpeereid) in configure.ac. if
> i have some time i'll try to recompile, but i spent all of yesterday
> figuring out openbsd wasn't supported, so i'm loathe to waste more time.
>
> this is against the released 7.2.3 in src/backend/libpg
>
> cheers
>
> --- hba.c~ 2002-01-09 14:13:40.000000000 -0500
> +++ hba.c 2002-11-15 16:56:31.000000000 -0500
> @@ -880,7 +880,40 @@
> static bool
> ident_unix(int sock, char *ident_user)
> {
> -#if defined(SO_PEERCRED)
> +#if defined(HAVE_GETPEEREID)
> + /* OpenBSD style: */
> + uid_t uid;
> + gid_t gid;
> + struct passwd *pass;
> +
> + errno = 0;
> + if (getpeereid(sock,&uid,&gid) != 0)
> + {
> + snprintf(PQerrormsg, PQERRORMSG_LENGTH,
> + "ident_unix: error receiving credentials: %s\n",
> + strerror(errno));
> + fputs(PQerrormsg, stderr);
> + pqdebug("%s", PQerrormsg);
> + return false;
> +
> + }
> +
> + pass = getpwuid(uid);
> +
> + if (pass == NULL)
> + {
> + snprintf(PQerrormsg, PQERRORMSG_LENGTH,
> + "ident_unix: unknown local user with uid %d\n", uid);
> + fputs(PQerrormsg, stderr);
> + pqdebug("%s", PQerrormsg);
> + return false;
> + }
> +
> + StrNCpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1);
> +
> + return true;
> +
> +#elsif defined(SO_PEERCRED)
> /* Linux style: use getsockopt(SO_PEERCRED) */
> struct ucred peercred;
> ACCEPT_TYPE_ARG3 so_len = sizeof(peercred);
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073

Attachment Content-Type Size
unknown_filename text/plain 4.0 KB
unknown_filename text/plain 1.9 KB

Browse pgsql-patches by date

  From Date Subject
Next Message EMOTO Masahiko 2002-12-04 01:59:43 PAM
Previous Message Hunter Hillegas 2002-12-03 19:33:29 Re: 7.3 on OS X HOWTO