Skip to content

Commit b777be0

Browse files
tglsfdctglsfdc
committed
Un-break peer authentication.
Commit 613c6d2 sloppily replaced a lookup of the UID obtained from getpeereid() with a lookup of the server's own user name, thus totally destroying peer authentication. Revert. Per report from Christoph Berg. In passing, make sure get_user_name() zeroes *errstr on success on Windows as well as non-Windows. I don't think any callers actually depend on this ATM, but we should be consistent across platforms.
1 parent e5a452b commit b777be0

File tree

2 files changed

+10
-8
lines changed

2 files changed

+10
-8
lines changed

src/backend/libpq/auth.c

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,6 @@
2121
#include <arpa/inet.h>
2222
#include <unistd.h>
2323

24-
#include "common/username.h"
2524
#include "libpq/auth.h"
2625
#include "libpq/crypt.h"
2726
#include "libpq/ip.h"
@@ -1560,8 +1559,7 @@ auth_peer(hbaPort *port)
15601559
char ident_user[IDENT_USERNAME_MAX + 1];
15611560
uid_t uid;
15621561
gid_t gid;
1563-
const char *user_name;
1564-
char *errstr;
1562+
struct passwd *pass;
15651563

15661564
errno = 0;
15671565
if (getpeereid(port->sock, &uid, &gid) != 0)
@@ -1578,15 +1576,17 @@ auth_peer(hbaPort *port)
15781576
return STATUS_ERROR;
15791577
}
15801578

1581-
user_name = get_user_name(&errstr);
1582-
if (!user_name)
1579+
pass = getpwuid(uid);
1580+
1581+
if (pass == NULL)
15831582
{
1584-
ereport(LOG, (errmsg_internal("%s", errstr)));
1585-
pfree(errstr);
1583+
ereport(LOG,
1584+
(errmsg("local user with ID %d does not exist",
1585+
(int) uid)));
15861586
return STATUS_ERROR;
15871587
}
15881588

1589-
strlcpy(ident_user, user_name, IDENT_USERNAME_MAX + 1);
1589+
strlcpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1);
15901590

15911591
return check_usermap(port->hba->usermap, port->user_name, ident_user, false);
15921592
}

src/common/username.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,8 @@ get_user_name(char **errstr)
5454
static char username[256 + 1];
5555
DWORD len = sizeof(username) - 1;
5656

57+
*errstr = NULL;
58+
5759
if (!GetUserName(username, &len))
5860
{
5961
*errstr = psprintf(_("user name lookup failure: %s"), strerror(errno));

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy