Fix broken IDENT support for FreeBSD (appears to have been broken by

ill-considered conditional logic in getpeereid patch of 3-Dec-2002).
Per bug #1021.

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 9e3818567352b42b93c019b7bf9bab9a89ce3bce..355afba89caa57cafae49913a764b8fbd1cbf826 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *   $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.113 2003/11/29 19:51:49 pgsql Exp $
+ *   $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.114 2003/12/20 18:24:52 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -471,32 +471,31 @@ ClientAuthentication(Port *port)
            break;
 
        case uaIdent:
-#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || \
-   (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) && \
-   !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED)
-
            /*
             * If we are doing ident on unix-domain sockets, use SCM_CREDS
             * only if it is defined and SO_PEERCRED isn't.
             */
-#if defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
-
-           /*
-            * Receive credentials on next message receipt, BSD/OS,
-            * NetBSD. We need to set this before the client sends the
-            * next packet.
-            */
+#if !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) && \
+   (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || \
+    (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)))
+           if (port->raddr.addr.ss_family == AF_UNIX)
            {
+#if defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
+               /*
+                * Receive credentials on next message receipt, BSD/OS,
+                * NetBSD. We need to set this before the client sends the
+                * next packet.
+                */
                int         on = 1;
 
                if (setsockopt(port->sock, 0, LOCAL_CREDS, &on, sizeof(on)) < 0)
                    ereport(FATAL,
                            (errcode_for_socket_access(),
                     errmsg("could not enable credential reception: %m")));
-           }
 #endif
-           if (port->raddr.addr.ss_family == AF_UNIX)
+
                sendAuthRequest(port, AUTH_REQ_SCM_CREDS);
+           }
 #endif
            status = authident(port);
            break;

diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index 146b832e3c6816ce5f166f20cc271fb31d41da3e..f3aa18dff571ff94b429e9e6be51558f35e5b615 100644 (file)
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -10,7 +10,7 @@
  * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
  *
  * IDENTIFICATION
- *   $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.86 2003/11/29 19:52:11 pgsql Exp $
+ *   $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.87 2003/12/20 18:24:52 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -447,12 +447,19 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
 }
 #endif   /* KRB5 */
 
+/*
+ * Respond to AUTH_REQ_SCM_CREDS challenge.
+ *
+ * Note: the backend will not use this challenge if HAVE_GETPEEREID
+ * or SO_PEERCRED is defined, so we don't bother to compile any code
+ * in that case, even if the facility is available.
+ */
 static int
 pg_local_sendauth(char *PQerrormsg, PGconn *conn)
 {
-#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || \
-   (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) && \
-   !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED)
+#if !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) && \
+   (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || \
+    (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)))
    char        buf;
    struct iovec iov;
    struct msghdr msg;