Re: getpeereid() for local ident

My previous post seems to have been corrupted in some way. Or at least it
appears broken on http://archives.postgresql.org. I'll try again...

From thread "openbsd getpeereid(), local ident:" (Nov 2002):
Bruce Momjian wrote:
> Please send over the patch and I will see if I can get it in. I had
> meant to add getpeereid() for OpenBSD myself but never go the time.
> ...
> William Ahern wrote:
> > there's a patch for getpeereid() dated Dec 3, 2001. a follow-up post
> > said that something like it was already in, but "not using
> > getpeereid". however, openbsd only supports getpeereid(). will this
> > patch be implemented?

I needed the local ident authentication feature on OpenBSD and it seemed
simple enough, so I implemented it myself. I have included my patch below,
which was made for the 7.3.1 source tree. (The patch referenced above
seems to add a new authentication method rather than extending the current
local ident support.)

From thread "Add another AUTHTYPE for UNIX-domain connections" (Dec 2001):
Bruce Momjian wrote:
> OpenBSD implements only getpeereid(). I have added this to the TODO
> list. We already have the other BSD's covered, and Linux. I am
> concerned about moving to getpeereid() on the other BSD's because we
> have working code already for them and I am not sure how new the OS has
> to be to have getpeereid() support, i.e. is it in FreeBSD 4.4?

I have put the getpeereid() code last in the #elif chain in this patch, so
getpeereid() will only be used if there is no other alternative.

If you wish to use this patch, please verify that I have added the
autoconf check for getpeereid() correctly, as I am not very familiar with
autoconf.

Sincerely,
Alex

diff -uNr postgresql-7.3.1.orig/configure postgresql-7.3.1/configure
--- postgresql-7.3.1.orig/configure Wed Dec 18 12:37:17 2002
+++ postgresql-7.3.1/configure Sat Jan 25 16:54:43 2003
@@ -9819,7 +9819,8 @@



-for ac_func in cbrt fcvt getopt_long memmove pstat setproctitle setsid sigprocmask sysconf waitpid dlopen fdatasync
+
+for ac_func in cbrt fcvt getopt_long memmove pstat setproctitle setsid sigprocmask sysconf waitpid dlopen fdatasync getpeereid
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
echo "$as_me:$LINENO: checking for $ac_func" >&5
diff -uNr postgresql-7.3.1.orig/configure.in postgresql-7.3.1/configure.in
--- postgresql-7.3.1.orig/configure.in Wed Dec 18 12:37:20 2002
+++ postgresql-7.3.1/configure.in Sat Jan 25 16:54:43 2003
@@ -782,7 +782,7 @@
# SunOS doesn't handle negative byte comparisons properly with +/- return
AC_FUNC_MEMCMP

-AC_CHECK_FUNCS([cbrt fcvt getopt_long memmove pstat setproctitle setsid sigprocmask sysconf waitpid dlopen fdatasync])
+AC_CHECK_FUNCS([cbrt fcvt getopt_long memmove pstat setproctitle setsid sigprocmask sysconf waitpid dlopen fdatasync getpeereid])

AC_CHECK_DECLS(fdatasync, [], [], [#include <unistd.h>])

diff -uNr postgresql-7.3.1.orig/src/backend/libpq/hba.c postgresql-7.3.1/src/backend/libpq/hba.c
--- postgresql-7.3.1.orig/src/backend/libpq/hba.c Sun Dec 15 05:19:43 2002
+++ postgresql-7.3.1/src/backend/libpq/hba.c Sat Jan 25 16:54:43 2003
@@ -1311,6 +1311,30 @@

return true;

+#elif defined(HAVE_GETPEEREID)
+ uid_t euid;
+ gid_t egid;
+ struct passwd *pw;
+
+ if (getpeereid(sock, &euid, &egid) != 0)
+ {
+ elog(LOG, "ident_unix: getpeereid() error: %m");
+ return false;
+ }
+
+ pw = getpwuid(euid);
+
+ if (pw == NULL)
+ {
+ elog(LOG, "ident_unix: unknown local user with uid %d",
+ (int) euid);
+ return false;
+ }
+
+ StrNCpy(ident_user, pw->pw_name, IDENT_USERNAME_MAX + 1);
+
+ return true;
+
#else
elog(LOG, "'ident' auth is not supported on local connections on this platform");

diff -uNr postgresql-7.3.1.orig/src/include/pg_config.h.in postgresql-7.3.1/src/include/pg_config.h.in
--- postgresql-7.3.1.orig/src/include/pg_config.h.in Fri Nov 8 15:53:09 2002
+++ postgresql-7.3.1/src/include/pg_config.h.in Sat Jan 25 16:59:51 2003
@@ -655,6 +655,9 @@
/* Define exactly one of these symbols to select shared-mem implementation */
#undef USE_SYSV_SHARED_MEMORY

+/* Define if you have getpeereid() */
+#undef HAVE_GETPEEREID
+

/*
*------------------------------------------------------------------------