Quick Links

pgsql: Replace use of credential control messages with getsockopt(LOCAL

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	pgsql-committers(at)postgresql(dot)org
Subject:	pgsql: Replace use of credential control messages with getsockopt(LOCAL
Date:	2011-05-31 20:11:01
Message-ID:	E1QRVHJ-0007TL-At@gemulon.postgresql.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-committers

Replace use of credential control messages with getsockopt(LOCAL_PEERCRED).

It turns out the reason we hadn't found out about the portability issues
with our credential-control-message code is that almost no modern platforms
use that code at all; the ones that used to need it now offer getpeereid(),
which we choose first. The last holdout was NetBSD, and they added
getpeereid() as of 5.0. So far as I can tell, the only live platform on
which that code was being exercised was Debian/kFreeBSD, ie, FreeBSD kernel
with Linux userland --- since glibc doesn't provide getpeereid(), we fell
back to the control message code. However, the FreeBSD kernel provides a
LOCAL_PEERCRED socket parameter that's functionally equivalent to Linux's
SO_PEERCRED. That is both much simpler to use than control messages, and
superior because it doesn't require receiving a message from the other end
at just the right time.

Therefore, add code to use LOCAL_PEERCRED when necessary, and rip out all
the credential-control-message code in the backend. (libpq still has such
code so that it can still talk to pre-9.1 servers ... but eventually we can
get rid of it there too.) Clean up related autoconf probes, too.

This means that libpq's requirepeer parameter now works on exactly the same
platforms where the backend supports peer authentication, so adjust the
documentation accordingly.

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/be4585b1c27ac5dbdd0d61740d18f7ad9a00e268

Modified Files
--------------
configure | 231 +------------------------------------
configure.in | 12 +-
doc/src/sgml/client-auth.sgml | 24 ++--
doc/src/sgml/libpq.sgml | 29 +++---
doc/src/sgml/protocol.sgml | 2 +
src/backend/libpq/auth.c | 183 ++++++------------------------
src/include/pg_config.h.in | 9 +-
src/include/pg_config.h.win32 | 9 +-
src/interfaces/libpq/fe-auth.c | 22 ++---
src/interfaces/libpq/fe-connect.c | 32 +++++-
10 files changed, 119 insertions(+), 434 deletions(-)

Browse pgsql-committers by date

	From	Date	Subject
Next Message	Peter Eisentraut	2011-05-31 20:26:15	pgsql: Recode non-ASCII characters in source to UTF-8
Previous Message	Tom Lane	2011-05-30 23:16:59	pgsql: Fix portability bugs in use of credentials control messages for