Fix broken IDENT support for FreeBSD (appears to have been broken by

ill-considered conditional logic in getpeereid patch of 3-Dec-2002).
Per bug #1021.

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index c677c3c5233da39b0bc219cede7ea6fe60ff90a2..7de2f62384b38fe7024b2ff20614e93e96fafbfc 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -471,32 +471,31 @@ ClientAuthentication(Port *port)
                        break;
 
                case uaIdent:
-#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || \
-       (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) && \
-       !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED)
-
                        /*
                         * If we are doing ident on unix-domain sockets, use SCM_CREDS
                         * only if it is defined and SO_PEERCRED isn't.
                         */
-#if defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
-
-                       /*
-                        * Receive credentials on next message receipt, BSD/OS,
-                        * NetBSD. We need to set this before the client sends the
-                        * next packet.
-                        */
+#if !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) && \
+       (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || \
+        (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)))
+                       if (port->raddr.addr.ss_family == AF_UNIX)
                        {
+#if defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
+                               /*
+                                * Receive credentials on next message receipt, BSD/OS,
+                                * NetBSD. We need to set this before the client sends the
+                                * next packet.
+                                */
                                int                     on = 1;
 
                                if (setsockopt(port->sock, 0, LOCAL_CREDS, &on, sizeof(on)) < 0)
                                        ereport(FATAL,
                                                        (errcode_for_socket_access(),
                                         errmsg("could not enable credential reception: %m")));
-                       }
 #endif
-                       if (port->raddr.addr.ss_family == AF_UNIX)
+
                                sendAuthRequest(port, AUTH_REQ_SCM_CREDS);
+                       }
 #endif
                        status = authident(port);
                        break;

diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index 8a254074cf393d09242a3e179ea60a481fae6f66..6ef786fd1ac1acdd02e29e1c0588f8bcddaa3288 100644 (file)
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -447,12 +447,19 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
 }
 #endif   /* KRB5 */
 
+/*
+ * Respond to AUTH_REQ_SCM_CREDS challenge.
+ *
+ * Note: the backend will not use this challenge if HAVE_GETPEEREID
+ * or SO_PEERCRED is defined, so we don't bother to compile any code
+ * in that case, even if the facility is available.
+ */
 static int
 pg_local_sendauth(char *PQerrormsg, PGconn *conn)
 {
-#if defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || \
-       (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) && \
-       !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED)
+#if !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) && \
+       (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || \
+        (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)))
        char            buf;
        struct iovec iov;
        struct msghdr msg;