10 files changed, 1 insertions, 178 deletions
diff --git a/configure b/configure
index e35769ea730..e221dd5b0ff 100755
--- a/configure
+++ b/configure
@@ -15181,22 +15181,6 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 
 
-ac_fn_c_check_type "$LINENO" "struct cmsgcred" "ac_cv_type_struct_cmsgcred" "#include <sys/socket.h>
-#include <sys/param.h>
-#ifdef HAVE_SYS_UCRED_H
-#include <sys/ucred.h>
-#endif
-"
-if test "x$ac_cv_type_struct_cmsgcred" = xyes; then :
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_CMSGCRED 1
-_ACEOF
-
-
-fi
-
-
 ac_fn_c_check_type "$LINENO" "struct option" "ac_cv_type_struct_option" "#ifdef HAVE_GETOPT_H
 #include <getopt.h>
 #endif
diff --git a/configure.ac b/configure.ac
index af23c15cb24..3aa6c15c13c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1682,13 +1682,6 @@ AC_DEFINE_UNQUOTED([pg_restrict], [$pg_restrict],
 [Define to keyword to use for C99 restrict support, or to nothing if not
 supported])
 
-AC_CHECK_TYPES([struct cmsgcred], [], [],
-[#include <sys/socket.h>
-#include <sys/param.h>
-#ifdef HAVE_SYS_UCRED_H
-#include <sys/ucred.h>
-#endif])
-
 AC_CHECK_TYPES([struct option], [], [],
 [#ifdef HAVE_GETOPT_H
 #include <getopt.h>
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 3706d349abc..9ee5532c076 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1301,16 +1301,6 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
          </varlistentry>
 
          <varlistentry>
-          <term><literal>creds</literal></term>
-          <listitem>
-           <para>
-            The server must request SCM credential authentication (deprecated
-            as of <productname>PostgreSQL</productname> 9.1).
-           </para>
-          </listitem>
-         </varlistentry>
-
-         <varlistentry>
           <term><literal>none</literal></term>
           <listitem>
            <para>
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
index 73b7f4432f3..8b5e7b1ad7f 100644
--- a/doc/src/sgml/protocol.sgml
+++ b/doc/src/sgml/protocol.sgml
@@ -316,24 +316,6 @@
      </varlistentry>
 
      <varlistentry>
-      <term>AuthenticationSCMCredential</term>
-      <listitem>
-       <para>
-        This response is only possible for local Unix-domain connections
-        on platforms that support SCM credential messages.  The frontend
-        must issue an SCM credential message and then send a single data
-        byte.  (The contents of the data byte are uninteresting; it's
-        only used to ensure that the server waits long enough to receive
-        the credential message.)  If the credential is acceptable,
-        the server responds with an
-        AuthenticationOk, otherwise it responds with an ErrorResponse.
-        (This message type is only issued by pre-9.1 servers.  It may
-        eventually be removed from the protocol specification.)
-       </para>
-      </listitem>
-     </varlistentry>
-
-     <varlistentry>
       <term>AuthenticationGSS</term>
       <listitem>
        <para>
@@ -3449,40 +3431,6 @@ psql "dbname=postgres replication=database" -c "IDENTIFY_SYSTEM;"
     </listitem>
    </varlistentry>
 
-   <varlistentry id="protocol-message-formats-AuthenticationSCMCredential">
-    <term>AuthenticationSCMCredential (B)</term>
-    <listitem>
-     <variablelist>
-      <varlistentry>
-       <term>Byte1('R')</term>
-       <listitem>
-        <para>
-         Identifies the message as an authentication request.
-        </para>
-       </listitem>
-      </varlistentry>
-
-      <varlistentry>
-       <term>Int32(8)</term>
-       <listitem>
-        <para>
-         Length of message contents in bytes, including self.
-        </para>
-       </listitem>
-      </varlistentry>
-
-      <varlistentry>
-       <term>Int32(6)</term>
-       <listitem>
-        <para>
-         Specifies that an SCM credentials message is required.
-        </para>
-       </listitem>
-      </varlistentry>
-     </variablelist>
-    </listitem>
-   </varlistentry>
-
    <varlistentry id="protocol-message-formats-AuthenticationGSS">
     <term>AuthenticationGSS (B)</term>
     <listitem>
diff --git a/meson.build b/meson.build
index 2ebdf914c1b..7f76a101ecf 100644
--- a/meson.build
+++ b/meson.build
@@ -2144,20 +2144,6 @@ foreach c : decl_checks
 endforeach
 
 
-if cc.has_type('struct cmsgcred',
-    args: test_c_args + ['@0@'.format(cdata.get('HAVE_SYS_UCRED_H')) == 'false' ? '' : '-DHAVE_SYS_UCRED_H'],
-    include_directories: postgres_inc,
-    prefix: '''
-#include <sys/socket.h>
-#include <sys/param.h>
-#ifdef HAVE_SYS_UCRED_H
-#include <sys/ucred.h>
-#endif''')
-  cdata.set('HAVE_STRUCT_CMSGCRED', 1)
-else
-  cdata.set('HAVE_STRUCT_CMSGCRED', false)
-endif
-
 if cc.has_type('struct option',
     args: test_c_args, include_directories: postgres_inc,
     prefix: '@0@'.format(cdata.get('HAVE_GETOPT_H')) == '1' ? '#include <getopt.h>' : '')
diff --git a/src/include/libpq/pqcomm.h b/src/include/libpq/pqcomm.h
index 5268d442abe..bff7dd18a23 100644
--- a/src/include/libpq/pqcomm.h
+++ b/src/include/libpq/pqcomm.h
@@ -116,7 +116,7 @@ extern PGDLLIMPORT bool Db_user_namespace;
 #define AUTH_REQ_PASSWORD	3	/* Password */
 #define AUTH_REQ_CRYPT		4	/* crypt password. Not supported any more. */
 #define AUTH_REQ_MD5		5	/* md5 password */
-#define AUTH_REQ_SCM_CREDS	6	/* transfer SCM credentials */
+/* 6 is available.  It was used for SCM creds, not supported any more. */
 #define AUTH_REQ_GSS		7	/* GSSAPI without wrap() */
 #define AUTH_REQ_GSS_CONT	8	/* Continue GSS exchanges */
 #define AUTH_REQ_SSPI		9	/* SSPI negotiate without wrap() */
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index 20c82f59798..4882c705590 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -427,9 +427,6 @@
 /* Define to 1 if you have the `strsignal' function. */
 #undef HAVE_STRSIGNAL
 
-/* Define to 1 if the system has the type `struct cmsgcred'. */
-#undef HAVE_STRUCT_CMSGCRED
-
 /* Define to 1 if the system has the type `struct option'. */
 #undef HAVE_STRUCT_OPTION
 
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index a3b80dc550f..fa95f8e6e96 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -688,68 +688,6 @@ pg_SASL_continue(PGconn *conn, int payloadlen, bool final)
 	return STATUS_OK;
 }
 
-/*
- * Respond to AUTH_REQ_SCM_CREDS challenge.
- *
- * Note: this is dead code as of Postgres 9.1, because current backends will
- * never send this challenge.  But we must keep it as long as libpq needs to
- * interoperate with pre-9.1 servers.  It is believed to be needed only on
- * Debian/kFreeBSD (ie, FreeBSD kernel with Linux userland, so that the
- * getpeereid() function isn't provided by libc).
- */
-static int
-pg_local_sendauth(PGconn *conn)
-{
-#ifdef HAVE_STRUCT_CMSGCRED
-	char		buf;
-	struct iovec iov;
-	struct msghdr msg;
-	struct cmsghdr *cmsg;
-	union
-	{
-		struct cmsghdr hdr;
-		unsigned char buf[CMSG_SPACE(sizeof(struct cmsgcred))];
-	}			cmsgbuf;
-
-	/*
-	 * The backend doesn't care what we send here, but it wants exactly one
-	 * character to force recvmsg() to block and wait for us.
-	 */
-	buf = '\0';
-	iov.iov_base = &buf;
-	iov.iov_len = 1;
-
-	memset(&msg, 0, sizeof(msg));
-	msg.msg_iov = &iov;
-	msg.msg_iovlen = 1;
-
-	/* We must set up a message that will be filled in by kernel */
-	memset(&cmsgbuf, 0, sizeof(cmsgbuf));
-	msg.msg_control = &cmsgbuf.buf;
-	msg.msg_controllen = sizeof(cmsgbuf.buf);
-	cmsg = CMSG_FIRSTHDR(&msg);
-	cmsg->cmsg_len = CMSG_LEN(sizeof(struct cmsgcred));
-	cmsg->cmsg_level = SOL_SOCKET;
-	cmsg->cmsg_type = SCM_CREDS;
-
-	if (sendmsg(conn->sock, &msg, 0) == -1)
-	{
-		char		sebuf[PG_STRERROR_R_BUFLEN];
-
-		appendPQExpBuffer(&conn->errorMessage,
-						  "pg_local_sendauth: sendmsg: %s\n",
-						  strerror_r(errno, sebuf, sizeof(sebuf)));
-		return STATUS_ERROR;
-	}
-
-	conn->client_finished_auth = true;
-	return STATUS_OK;
-#else
-	libpq_append_conn_error(conn, "SCM_CRED authentication method not supported");
-	return STATUS_ERROR;
-#endif
-}
-
 static int
 pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
 {
@@ -830,8 +768,6 @@ auth_method_description(AuthRequest areq)
 			return libpq_gettext("server requested GSSAPI authentication");
 		case AUTH_REQ_SSPI:
 			return libpq_gettext("server requested SSPI authentication");
-		case AUTH_REQ_SCM_CREDS:
-			return libpq_gettext("server requested UNIX socket credentials");
 		case AUTH_REQ_SASL:
 		case AUTH_REQ_SASL_CONT:
 		case AUTH_REQ_SASL_FIN:
@@ -922,7 +858,6 @@ check_expected_areq(AuthRequest areq, PGconn *conn)
 			case AUTH_REQ_GSS:
 			case AUTH_REQ_GSS_CONT:
 			case AUTH_REQ_SSPI:
-			case AUTH_REQ_SCM_CREDS:
 			case AUTH_REQ_SASL:
 			case AUTH_REQ_SASL_CONT:
 			case AUTH_REQ_SASL_FIN:
@@ -1183,11 +1118,6 @@ pg_fe_sendauth(AuthRequest areq, int payloadlen, PGconn *conn)
 			}
 			break;
 
-		case AUTH_REQ_SCM_CREDS:
-			if (pg_local_sendauth(conn) != STATUS_OK)
-				return STATUS_ERROR;
-			break;
-
 		default:
 			libpq_append_conn_error(conn, "authentication method %u not supported", areq);
 			return STATUS_ERROR;
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index dd4b98e0998..0c197589ab9 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -1333,10 +1333,6 @@ connectOptions2(PGconn *conn)
 				bits |= (1 << AUTH_REQ_SASL_CONT);
 				bits |= (1 << AUTH_REQ_SASL_FIN);
 			}
-			else if (strcmp(method, "creds") == 0)
-			{
-				bits = (1 << AUTH_REQ_SCM_CREDS);
-			}
 			else if (strcmp(method, "none") == 0)
 			{
 				/*
diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
index 5eaea6355e8..b59953e5b59 100644
--- a/src/tools/msvc/Solution.pm
+++ b/src/tools/msvc/Solution.pm
@@ -338,7 +338,6 @@ sub GenerateFiles
 		HAVE_STRLCPY                             => undef,
 		HAVE_STRNLEN                             => 1,
 		HAVE_STRSIGNAL                           => undef,
-		HAVE_STRUCT_CMSGCRED                     => undef,
 		HAVE_STRUCT_OPTION                       => undef,
 		HAVE_STRUCT_SOCKADDR_SA_LEN              => undef,
 		HAVE_STRUCT_TM_TM_ZONE                   => undef,