Ident authentication over Unix-domain sockets on Solaris, using

getpeerucred() function.

Author: Garick Hamlin <[email protected]>

1 files changed, 40 insertions, 0 deletions

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 3e21a11c8f..5c3b39e937 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -21,6 +21,9 @@
 #include <sys/uio.h>
 #include <sys/ucred.h>
 #endif
+#ifdef HAVE_UCRED_H
+# include <ucred.h>
+#endif
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <unistd.h>
@@ -1612,6 +1615,43 @@ ident_unix(int sock, char *ident_user)
 	strlcpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1);
 
 	return true;
+#elif defined(HAVE_GETPEERUCRED)
+	/* Solaris > 10 */
+	uid_t		uid;
+	struct passwd *pass;
+	ucred_t	   *ucred;
+
+	ucred = NULL; /* must be initialized to NULL */
+	if (getpeerucred(sock, &ucred) == -1)
+	{
+		ereport(LOG,
+				(errcode_for_socket_access(),
+				 errmsg("could not get peer credentials: %m")));
+		return false;
+	}
+
+	if ((uid = ucred_geteuid(ucred)) == -1)
+	{
+		ereport(LOG,
+				(errcode_for_socket_access(),
+				 errmsg("could not get effective UID from peer credentials: %m")));
+		return false;
+	}
+
+	ucred_free(ucred);
+
+	pass = getpwuid(uid);
+	if (pass == NULL)
+	{
+		ereport(LOG,
+			(errmsg("local user with ID %d does not exist",
+					(int) uid)));
+		return false;
+	}
+
+	strlcpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1);
+
+	return true;
 #elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS))
 	struct msghdr msg;