Disable local creds on OpenBSD because it doesn't support it. Document

supported platforms in pg_hba.conf.

Disable local creds on OpenBSD because it doesn't support it. Document
supported platforms in pg_hba.conf.
be83aac6 · Bruce Momjian · 16b9b758 · be83aac6 · be83aac6 · be83aac6
Commit be83aac6 authored Sep 26, 2001 by Bruce Momjian
4 changed files
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.67 2001/09/21 20:31:45 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.68 2001/09/26 19:54:12 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -520,7 +520,7 @@ ClientAuthentication(Port *port)
 			break;

 		case uaIdent:
-#if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED))
+#if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)))
 			/*
 			 *	If we are doing ident on unix-domain sockets,
 			 *	use SCM_CREDS only if it is defined and SO_PEERCRED isn't.

--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -10,7 +10,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.72 2001/09/21 20:31:46 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.73 2001/09/26 19:54:12 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -904,7 +904,7 @@ ident_unix(int sock, char *ident_user)

 	return true;

-#elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
+#elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS))
 	struct msghdr msg;

 /* Credentials structure */

--- a/src/backend/libpq/pg_hba.conf.sample
+++ b/src/backend/libpq/pg_hba.conf.sample
@@ -125,18 +125,21 @@
 #		not store encrypted passwords if you use this option.
 #
 #   ident:	For TCP/IP connections, authentication is done by contacting
-#		the ident server on the client host.  (CAUTION: this is only
-#		as secure as the client machine!)  On machines that support
-#		SO_PEERCRED or SCM_CREDS socket requests, this method also
-#		works for local Unix-domain connections.  AUTH_ARGUMENT is 
-#		required: it determines how to map remote user names to
-#		Postgres user names.  The AUTH_ARGUMENT is a map name found
-#		in the $PGDATA/pg_ident.conf file. The connection is accepted
-#		if that file contains an entry for this map name with the
-#		ident-supplied username and the requested Postgres username.
-#		The special map name "sameuser" indicates an implied map
-#		(not in pg_ident.conf) that maps each ident username to the
-#		identical PostgreSQL username.
+#		the ident server on the client host. (CAUTION: this is
+#		only as secure as the client machine!) On machines that
+#		support unix-domain socket credentials (currently Linux,
+#		FreeBSD, NetBSD, and BSD/OS), this method also works for
+#		"local" connections.
+#
+#		AUTH_ARGUMENT is required: it determines how to map
+#		remote user names to Postgres user names. The
+#		AUTH_ARGUMENT is a map name found in the
+#		$PGDATA/pg_ident.conf file. The connection is accepted
+#		if that file contains an entry for this map name with
+#		the ident-supplied username and the requested Postgres
+#		username. The special map name "sameuser" indicates an
+#		implied map (not in pg_ident.conf) that maps each ident
+#		username to the identical PostgreSQL username.
 # 
 #   krb4:	Kerberos V4 authentication is used.  Allowed only for
 #		TCP/IP connections, not for local UNIX-domain sockets.

--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -10,7 +10,7 @@
 * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.60 2001/09/21 20:31:49 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.61 2001/09/26 19:54:12 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -435,10 +435,10 @@ pg_krb5_sendauth(char *PQerrormsg, int sock,

 #endif	 /* KRB5 */

-#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
 static int
 pg_local_sendauth(char *PQerrormsg, PGconn *conn)
 {
+#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS))
 	char buf;
 	struct iovec iov;
 	struct msghdr msg;
@@ -485,8 +485,12 @@ pg_local_sendauth(char *PQerrormsg, PGconn *conn)
 		return STATUS_ERROR;
 	}
 	return STATUS_OK;
-}
+#else
+	snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+			 libpq_gettext("SCM_CRED authentication method not supported\n"));
+	return STATUS_ERROR;
 #endif
+}

 static int
 pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
@@ -614,14 +618,8 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
 			break;

 		case AUTH_REQ_SCM_CREDS:
-#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
 			if (pg_local_sendauth(PQerrormsg, conn) != STATUS_OK)
 				return STATUS_ERROR;
-#else
-			snprintf(PQerrormsg, PQERRORMSG_LENGTH,
-					 libpq_gettext("SCM_CRED authentication method not supported\n"));
-			return STATUS_ERROR;
-#endif
 			break;

 		default: