From f426fbf746c37da76dd5aae2ecf6593d64678f4a Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Tue, 18 Nov 2008 13:10:20 +0000 Subject: Ident authentication over Unix-domain sockets on Solaris, using getpeerucred() function. Author: Garick Hamlin --- src/backend/libpq/auth.c | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) (limited to 'src/backend/libpq/auth.c') diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index e89b040b67e..bccb0a516f2 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.170 2008/10/28 12:10:43 mha Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.171 2008/11/18 13:10:20 petere Exp $ * *------------------------------------------------------------------------- */ @@ -21,6 +21,9 @@ #include #include #endif +#ifdef HAVE_UCRED_H +# include +#endif #include #include #include @@ -1611,6 +1614,43 @@ ident_unix(int sock, char *ident_user) strlcpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1); + return true; +#elif defined(HAVE_GETPEERUCRED) + /* Solaris > 10 */ + uid_t uid; + struct passwd *pass; + ucred_t *ucred; + + ucred = NULL; /* must be initialized to NULL */ + if (getpeerucred(sock, &ucred) == -1) + { + ereport(LOG, + (errcode_for_socket_access(), + errmsg("could not get peer credentials: %m"))); + return false; + } + + if ((uid = ucred_geteuid(ucred)) == -1) + { + ereport(LOG, + (errcode_for_socket_access(), + errmsg("could not get effective UID from peer credentials: %m"))); + return false; + } + + ucred_free(ucred); + + pass = getpwuid(uid); + if (pass == NULL) + { + ereport(LOG, + (errmsg("local user with ID %d does not exist", + (int) uid))); + return false; + } + + strlcpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1); + return true; #elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) struct msghdr msg; -- cgit v1.2.3