Re: server authentication over Unix-domain sockets
Peter Eisentraut <peter_e@gmx.net>
From: Peter Eisentraut <peter_e@gmx.net>
To: KaiGai Kohei <kaigai@ak.jp.nec.com>
Cc: pgsql-hackers@postgresql.org
Date: 2010-07-01T02:30:09Z
Lists: pgsql-hackers
Attachments
- serverauth-requirepeer.patch (text/x-patch) patch
On tis, 2010-06-22 at 09:37 +0900, KaiGai Kohei wrote: > As you described at the source code comments as follows, > it is not portable except for Linux due to the getsockopt() API. > > + // TODO: currently Linux-only code, needs to be made > + // portable; see backend/libpq/auth.c > > I expect it shall be fixed (using the code come from ident_unix()?) > before committing. Updated patch attached. Note that the code that gets the user ID from the other end of a socket appears to have two different modes of operation. On some platforms (Linux, OpenBSD, Solaris), you call a function and get the answer. On some other platforms (other BSDs?), you need to send a packet and read the answer. I don't have any possibility to test the latter approach, and it seemed a bit complicated to code "blindly". So I have omitted support for that, but if someone else wants to do the porting, that is of course possible. > I'd like to point out one other point. > It uses getpwuid() to translate a user identifier into a user name, > but it returns a pointer of the static variable within glibc. > So, it is not thread-safe. I recommend to use getpwnam_r() instead. Good catch. pqGetpwuid() was actually the right function to use.