Commit b777be0d authored by Tom Lane's avatar Tom Lane

Un-break peer authentication.

Commit 613c6d26 sloppily replaced a
lookup of the UID obtained from getpeereid() with a lookup of the
server's own user name, thus totally destroying peer authentication.
Revert.  Per report from Christoph Berg.

In passing, make sure get_user_name() zeroes *errstr on success on
Windows as well as non-Windows.  I don't think any callers actually
depend on this ATM, but we should be consistent across platforms.
parent e5a452b3
...@@ -21,7 +21,6 @@ ...@@ -21,7 +21,6 @@
#include <arpa/inet.h> #include <arpa/inet.h>
#include <unistd.h> #include <unistd.h>
#include "common/username.h"
#include "libpq/auth.h" #include "libpq/auth.h"
#include "libpq/crypt.h" #include "libpq/crypt.h"
#include "libpq/ip.h" #include "libpq/ip.h"
...@@ -1560,8 +1559,7 @@ auth_peer(hbaPort *port) ...@@ -1560,8 +1559,7 @@ auth_peer(hbaPort *port)
char ident_user[IDENT_USERNAME_MAX + 1]; char ident_user[IDENT_USERNAME_MAX + 1];
uid_t uid; uid_t uid;
gid_t gid; gid_t gid;
const char *user_name; struct passwd *pass;
char *errstr;
errno = 0; errno = 0;
if (getpeereid(port->sock, &uid, &gid) != 0) if (getpeereid(port->sock, &uid, &gid) != 0)
...@@ -1578,15 +1576,17 @@ auth_peer(hbaPort *port) ...@@ -1578,15 +1576,17 @@ auth_peer(hbaPort *port)
return STATUS_ERROR; return STATUS_ERROR;
} }
user_name = get_user_name(&errstr); pass = getpwuid(uid);
if (!user_name)
if (pass == NULL)
{ {
ereport(LOG, (errmsg_internal("%s", errstr))); ereport(LOG,
pfree(errstr); (errmsg("local user with ID %d does not exist",
(int) uid)));
return STATUS_ERROR; return STATUS_ERROR;
} }
strlcpy(ident_user, user_name, IDENT_USERNAME_MAX + 1); strlcpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1);
return check_usermap(port->hba->usermap, port->user_name, ident_user, false); return check_usermap(port->hba->usermap, port->user_name, ident_user, false);
} }
......
...@@ -54,6 +54,8 @@ get_user_name(char **errstr) ...@@ -54,6 +54,8 @@ get_user_name(char **errstr)
static char username[256 + 1]; static char username[256 + 1];
DWORD len = sizeof(username) - 1; DWORD len = sizeof(username) - 1;
*errstr = NULL;
if (!GetUserName(username, &len)) if (!GetUserName(username, &len))
{ {
*errstr = psprintf(_("user name lookup failure: %s"), strerror(errno)); *errstr = psprintf(_("user name lookup failure: %s"), strerror(errno));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment