6 files changed, 73 insertions, 0 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 630762cc6b9..dbba712352f 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -89,6 +89,17 @@ static Port *pam_port_cludge;	/* Workaround for passing "Port *port" into
 
 
 /*----------------------------------------------------------------
+ * BSD authentication
+ *----------------------------------------------------------------
+ */
+#ifdef USE_BSD_AUTH
+#include <bsd_auth.h>
+
+static int	CheckBSDAuth(Port *port, char *user);
+#endif   /* USE_BSD_AUTH */
+
+
+/*----------------------------------------------------------------
  * LDAP authentication
  *----------------------------------------------------------------
  */
@@ -258,6 +269,9 @@ auth_failed(Port *port, int status, char *logdetail)
 		case uaPAM:
 			errstr = gettext_noop("PAM authentication failed for user \"%s\"");
 			break;
+		case uaBSD:
+			errstr = gettext_noop("BSD authentication failed for user \"%s\"");
+			break;
 		case uaLDAP:
 			errstr = gettext_noop("LDAP authentication failed for user \"%s\"");
 			break;
@@ -529,6 +543,14 @@ ClientAuthentication(Port *port)
 #endif   /* USE_PAM */
 			break;
 
+		case uaBSD:
+#ifdef USE_BSD_AUTH
+			status = CheckBSDAuth(port, port->user_name);
+#else
+			Assert(false);
+#endif   /* USE_BSD_AUTH */
+			break;
+
 		case uaLDAP:
 #ifdef USE_LDAP
 			status = CheckLDAPAuth(port);
@@ -1856,6 +1878,38 @@ CheckPAMAuth(Port *port, char *user, char *password)
 #endif   /* USE_PAM */
 
 
+/*----------------------------------------------------------------
+ * BSD authentication system
+ *----------------------------------------------------------------
+ */
+#ifdef USE_BSD_AUTH
+static int
+CheckBSDAuth(Port *port, char *user)
+{
+	char *passwd;
+	int retval;
+
+	/* Send regular password request to client, and get the response */
+	sendAuthRequest(port, AUTH_REQ_PASSWORD);
+
+	passwd = recv_password_packet(port);
+	if (passwd == NULL)
+		return STATUS_EOF;
+
+	/*
+	 * Ask the BSD auth system to verify password.  Note that auth_userokay
+	 * will overwrite the password string with zeroes, but it's just a
+	 * temporary string so we don't care.
+	 */
+	retval = auth_userokay(user, NULL, "auth-postgresql", passwd);
+
+	if (!retval)
+		return STATUS_ERROR;
+
+	return STATUS_OK;
+}
+#endif   /* USE_BSD_AUTH */
+
 
 /*----------------------------------------------------------------
  * LDAP authentication system
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index 5a397464d75..a4c415da77a 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -1190,6 +1190,12 @@ parse_hba_line(List *line, int line_num, char *raw_line)
 #else
 		unsupauth = "pam";
 #endif
+	else if (strcmp(token->string, "bsd") == 0)
+#ifdef USE_BSD_AUTH
+		parsedline->auth_method = uaBSD;
+#else
+		unsupauth = "bsd";
+#endif
 	else if (strcmp(token->string, "ldap") == 0)
 #ifdef USE_LDAP
 		parsedline->auth_method = uaLDAP;
diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
index 18a3826b003..299ddfe86ac 100644
--- a/src/bin/initdb/initdb.c
+++ b/src/bin/initdb/initdb.c
@@ -90,6 +90,9 @@ static const char *const auth_methods_host[] = {
 #ifdef USE_PAM
 	"pam", "pam ",
 #endif
+#ifdef USE_BSD_AUTH
+	"bsd",
+#endif
 #ifdef USE_LDAP
 	"ldap",
 #endif
@@ -103,6 +106,9 @@ static const char *const auth_methods_local[] = {
 #ifdef USE_PAM
 	"pam", "pam ",
 #endif
+#ifdef USE_BSD_AUTH
+	"bsd",
+#endif
 #ifdef USE_LDAP
 	"ldap",
 #endif
diff --git a/src/include/libpq/hba.h b/src/include/libpq/hba.h
index b306baf1a56..58f90fec80d 100644
--- a/src/include/libpq/hba.h
+++ b/src/include/libpq/hba.h
@@ -27,6 +27,7 @@ typedef enum UserAuth
 	uaGSS,
 	uaSSPI,
 	uaPAM,
+	uaBSD,
 	uaLDAP,
 	uaCert,
 	uaRADIUS,
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index c72635ca963..b621ff2af57 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -793,6 +793,9 @@
 /* Define to 1 to build with Bonjour support. (--with-bonjour) */
 #undef USE_BONJOUR
 
+/* Define to 1 to build with BSD Authentication support. (--with-bsd-auth) */
+#undef USE_BSD_AUTH
+
 /* Define to 1 if you want float4 values to be passed by value.
    (--enable-float4-byval) */
 #undef USE_FLOAT4_BYVAL
diff --git a/src/include/pg_config.h.win32 b/src/include/pg_config.h.win32
index eba36df92e0..c135e5146b4 100644
--- a/src/include/pg_config.h.win32
+++ b/src/include/pg_config.h.win32
@@ -613,6 +613,9 @@
 /* Define to 1 to build with Bonjour support. (--with-bonjour) */
 /* #undef USE_BONJOUR */
 
+/* Define to 1 to build with BSD Authentication support. (--with-bsd-auth) */
+/* #undef USE_BSD_AUTH */
+
 /* Define to 1 if you want 64-bit integer timestamp and interval support.
    (--enable-integer-datetimes) */
 /* #undef USE_INTEGER_DATETIMES */