Disable local creds on OpenBSD because it doesn't support it. Document

bmomjian · bmomjian · commit be83aac6d26e · 2001-09-26T19:54:12.000Z
supported platforms in pg_hba.conf.
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.67 2001/09/21 20:31:45 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.68 2001/09/26 19:54:12 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -520,7 +520,7 @@ ClientAuthentication(Port *port)
 			break;
 
 		case uaIdent:
-#if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED))
+#if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)))
 			/*
 			 *	If we are doing ident on unix-domain sockets,
 			 *	use SCM_CREDS only if it is defined and SO_PEERCRED isn't.
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.72 2001/09/21 20:31:46 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.73 2001/09/26 19:54:12 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -904,7 +904,7 @@ ident_unix(int sock, char *ident_user)
 
 	return true;
 
-#elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
+#elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS))
 	struct msghdr msg;
 
 /* Credentials structure */
diff --git a/src/backend/libpq/pg_hba.conf.sample b/src/backend/libpq/pg_hba.conf.sample
@@ -125,18 +125,21 @@
 #		not store encrypted passwords if you use this option.
 #
 #   ident:	For TCP/IP connections, authentication is done by contacting
-#		the ident server on the client host.  (CAUTION: this is only
-#		as secure as the client machine!)  On machines that support
-#		SO_PEERCRED or SCM_CREDS socket requests, this method also
-#		works for local Unix-domain connections.  AUTH_ARGUMENT is 
-#		required: it determines how to map remote user names to
-#		Postgres user names.  The AUTH_ARGUMENT is a map name found
-#		in the $PGDATA/pg_ident.conf file. The connection is accepted
-#		if that file contains an entry for this map name with the
-#		ident-supplied username and the requested Postgres username.
-#		The special map name "sameuser" indicates an implied map
-#		(not in pg_ident.conf) that maps each ident username to the
-#		identical PostgreSQL username.
+#		the ident server on the client host. (CAUTION: this is
+#		only as secure as the client machine!) On machines that
+#		support unix-domain socket credentials (currently Linux,
+#		FreeBSD, NetBSD, and BSD/OS), this method also works for
+#		"local" connections.
+#
+#		AUTH_ARGUMENT is required: it determines how to map
+#		remote user names to Postgres user names. The
+#		AUTH_ARGUMENT is a map name found in the
+#		$PGDATA/pg_ident.conf file. The connection is accepted
+#		if that file contains an entry for this map name with
+#		the ident-supplied username and the requested Postgres
+#		username. The special map name "sameuser" indicates an
+#		implied map (not in pg_ident.conf) that maps each ident
+#		username to the identical PostgreSQL username.
 # 
 #   krb4:	Kerberos V4 authentication is used.  Allowed only for
 #		TCP/IP connections, not for local UNIX-domain sockets.
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
@@ -10,7 +10,7 @@
  * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.60 2001/09/21 20:31:49 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.61 2001/09/26 19:54:12 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -435,10 +435,10 @@ pg_krb5_sendauth(char *PQerrormsg, int sock,
 
 #endif	 /* KRB5 */
 
-#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
 static int
 pg_local_sendauth(char *PQerrormsg, PGconn *conn)
 {
+#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS))
 	char buf;
 	struct iovec iov;
 	struct msghdr msg;
@@ -485,8 +485,12 @@ pg_local_sendauth(char *PQerrormsg, PGconn *conn)
 		return STATUS_ERROR;
 	}
 	return STATUS_OK;
-}
+#else
+	snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+			 libpq_gettext("SCM_CRED authentication method not supported\n"));
+	return STATUS_ERROR;
 #endif
+}
 
 static int
 pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
@@ -614,14 +618,8 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
 			break;
 
 		case AUTH_REQ_SCM_CREDS:
-#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
 			if (pg_local_sendauth(PQerrormsg, conn) != STATUS_OK)
 				return STATUS_ERROR;
-#else
-			snprintf(PQerrormsg, PQERRORMSG_LENGTH,
-					 libpq_gettext("SCM_CRED authentication method not supported\n"));
-			return STATUS_ERROR;
-#endif
 			break;
 
 		default:

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.67 2001/09/21 20:31:45 tgl Exp $`
	`11`	`+ * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.68 2001/09/26 19:54:12 momjian Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -520,7 +520,7 @@ ClientAuthentication(Port *port)`
`520`	`520`	`break;`
`521`	`521`
`522`	`522`	`case uaIdent:`
`523`		`-#if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) \|\| defined(HAVE_STRUCT_FCRED) \|\| defined(HAVE_STRUCT_SOCKCRED))`
	`523`	`+#if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) \|\| defined(HAVE_STRUCT_FCRED) \|\| (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)))`
`524`	`524`	`/*`
`525`	`525`	`* If we are doing ident on unix-domain sockets,`
`526`	`526`	`* use SCM_CREDS only if it is defined and SO_PEERCRED isn't.`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`	`*`
`11`	`11`	`*`
`12`	`12`	`* IDENTIFICATION`
`13`		`- * $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.72 2001/09/21 20:31:46 tgl Exp $`
	`13`	`+ * $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.73 2001/09/26 19:54:12 momjian Exp $`
`14`	`14`	`*`
`15`	`15`	`*-------------------------------------------------------------------------`
`16`	`16`	`*/`
`@@ -904,7 +904,7 @@ ident_unix(int sock, char *ident_user)`
`904`	`904`
`905`	`905`	`return true;`
`906`	`906`
`907`		`-#elif defined(HAVE_STRUCT_CMSGCRED) \|\| defined(HAVE_STRUCT_FCRED) \|\| defined(HAVE_STRUCT_SOCKCRED)`
	`907`	`+#elif defined(HAVE_STRUCT_CMSGCRED) \|\| defined(HAVE_STRUCT_FCRED) \|\| (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS))`
`908`	`908`	`struct msghdr msg;`
`909`	`909`
`910`	`910`	`/* Credentials structure */`