Participants
Oliver Elphick
Oliver Elphick
Bruce Momjian
Bruce Momjian
Peter Eisentraut
Peter Eisentraut
Attachments
Download Latest Patchset
+154-5
Show all attachments
Thread Outline
#1Oliver ElphickOliver Elphick
May 03, 2001
#2Peter EisentrautPeter Eisentrautto Oliver Elphick (#1)
May 03, 2001
#3...#4
Bruce MomjianOliver Elphick
to Oliver Elphick (#1)
May 03, 2001
#3Bruce MomjianBruce Momjianto Oliver Elphick (#1)
May 03, 2001
#4Oliver ElphickOliver Elphickto Bruce Momjian (#3)
May 03, 2001
#5Bruce MomjianBruce Momjianto Oliver Elphick (#1)
May 08, 2001

Unix sockets connection authentication - patch

Started by Oliver Elphickalmost 25 years ago5 messageshackers
Jump to latest
#1Oliver Elphick
Oliver Elphick
olly@lfix.co.uk

[apologies if this appears twice; I thought I had sent it but it hasn't
appeared anywhere]
The attached patch implements a method of connection authentication for
Unix sockets that support SCM_CREDENTIALS. This includes Linux kernels
2.2 and 2.4 at least; I don't know what other implementations support
it.

Since it is not universally supported, I have included a configure test.
autoconf needs to be run after installing the patch.

This patch provides a new authentication method "peer" for use with
"local" connections; otherwise it works exactly like the "ident" method.

Please consider including this in PostgreSQL.

Attachments:

p.difftext/plain; charset=us-ascii; name=p.diffDownload+154-5
#2Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net
In reply to: Oliver Elphick (#1)
Re: Unix sockets connection authentication - patch

Oliver Elphick writes:

Since it is not universally supported, I have included a configure test.
autoconf needs to be run after installing the patch.

You don't need Autoconf tests for cpp symbols. You can just write #ifdef
WEIRD_SYMBOL in the code.

Btw., never ever use AC_EGREP_*.

--
Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter

#3Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Oliver Elphick (#1)
Re: Unix sockets connection authentication - patch

[apologies if this appears twice; I thought I had sent it but it hasn't
appeared anywhere]
The attached patch implements a method of connection authentication for
Unix sockets that support SCM_CREDENTIALS. This includes Linux kernels
2.2 and 2.4 at least; I don't know what other implementations support
it.

Are SCM_CREDENTIALS supported by some standard?

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
#4Oliver Elphick
Oliver Elphick
olly@lfix.co.uk
In reply to: Bruce Momjian (#3)
Re: Unix sockets connection authentication - patch

Bruce Momjian wrote:

The attached patch implements a method of connection authentication for
Unix sockets that support SCM_CREDENTIALS. This includes Linux kernels
2.2 and 2.4 at least; I don't know what other implementations support
it.

Are SCM_CREDENTIALS supported by some standard?

I don't know if there is a standard. I've done a search on Google - it
seems to have been invented by Sun and implemented in newer BSD as well
as Linux.

--
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight http://www.lfix.co.uk/oliver
PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"Rejoice with them that do rejoice, and weep with them
that weep." Romans 12:15

Import Notes
Reply to msg id not found: MessagefromBruceMomjianpgman@candle.pha.pa.usofThu03May2001111929EDT.200105031519.f43FJUo26229@candle.pha.pa.us | Resolved by subject fallback
#5Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Oliver Elphick (#1)
Re: Unix sockets connection authentication - patch

Not sure what to do with this. Our authentication options are already
pretty complicated, and I hate to add a new one that no one is really
sure about its portability or usefulness.

[apologies if this appears twice; I thought I had sent it but it hasn't
appeared anywhere]
The attached patch implements a method of connection authentication for
Unix sockets that support SCM_CREDENTIALS. This includes Linux kernels
2.2 and 2.4 at least; I don't know what other implementations support
it.

Since it is not universally supported, I have included a configure test.
autoconf needs to be run after installing the patch.

This patch provides a new authentication method "peer" for use with
"local" connections; otherwise it works exactly like the "ident" method.

Please consider including this in PostgreSQL.

Content-Description: p.diff

[ Attachment, skipping... ]

Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight http://www.lfix.co.uk/oliver
PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"Rejoice with them that do rejoice, and weep with them
that weep." Romans 12:15

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
← Back to Topics