Re: Please test peer (socket ident) auth on *BSD
Peter Eisentraut <peter_e@gmx.net>
From: Peter Eisentraut <peter_e@gmx.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: pgsql-hackers@postgresql.org, Bruce Momjian <bruce@momjian.us>
Date: 2011-05-31T19:38:08Z
Lists: pgsql-hackers
On tis, 2011-05-31 at 11:59 -0400, Tom Lane wrote: > However, FreeBSD does have, and Debian/kFreeBSD does expose, > getsockopt(LOCAL_PEERCRED), which turns out to be functionally > equivalent to SO_PEERCRED: in particular, you can just call it and get > the answer without having to fool with getting the far end to send a > message. This is not only a whole lot cleaner than what we have, but > also could be used to implement libpq's requirepeer option, which is > currently unsupported on such platforms. > > So what I'm now thinking is we should rip out the control-message > implementation altogether, and instead use LOCAL_PEERCRED. This is > probably not something to back-patch, but it would make things a lot > cleaner going forward. Oh yes, no point in having complicated code that doesn't get exercised.