Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Paquier2023-03-17 01:52:26 +0000
committerMichael Paquier2023-03-17 01:52:26 +0000
commit98ae2c84a49e45c0434c7e1a55bb2fc71582f561 (patch)
tree3ddec78b699eacf8ff0cef77aa76a938b1b8c6c4 /src/interfaces/libpq/fe-auth.c
parent10b6745d313c6e8f3523306d3d415c57c9039c5d (diff)
libpq: Remove code for SCM credential authentication
Support for SCM credential authentication has been removed in the backend in 9.1, and libpq has kept some code to handle it for compatibility. Commit be4585b, that did the cleanup of the backend code, has done so because the code was not really portable originally. And, as there are likely little chances that this is used these days, this removes the remaining code from libpq. An error will now be raised by libpq if attempting to connect to a server that returns AUTH_REQ_SCM_CREDS, instead. References to SCM credential authentication are removed from the protocol documentation. This removes some meson and configure checks. Author: Michael Paquier Reviewed-by: Tom Lane Discussion: https://postgr.es/m/ZBLH8a4otfqgd6Kn@paquier.xyz
Diffstat (limited to 'src/interfaces/libpq/fe-auth.c')
-rw-r--r--src/interfaces/libpq/fe-auth.c70
1 files changed, 0 insertions, 70 deletions
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index a3b80dc550f..fa95f8e6e96 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -688,68 +688,6 @@ pg_SASL_continue(PGconn *conn, int payloadlen, bool final)
return STATUS_OK;
}
-/*
- * Respond to AUTH_REQ_SCM_CREDS challenge.
- *
- * Note: this is dead code as of Postgres 9.1, because current backends will
- * never send this challenge. But we must keep it as long as libpq needs to
- * interoperate with pre-9.1 servers. It is believed to be needed only on
- * Debian/kFreeBSD (ie, FreeBSD kernel with Linux userland, so that the
- * getpeereid() function isn't provided by libc).
- */
-static int
-pg_local_sendauth(PGconn *conn)
-{
-#ifdef HAVE_STRUCT_CMSGCRED
- char buf;
- struct iovec iov;
- struct msghdr msg;
- struct cmsghdr *cmsg;
- union
- {
- struct cmsghdr hdr;
- unsigned char buf[CMSG_SPACE(sizeof(struct cmsgcred))];
- } cmsgbuf;
-
- /*
- * The backend doesn't care what we send here, but it wants exactly one
- * character to force recvmsg() to block and wait for us.
- */
- buf = '\0';
- iov.iov_base = &buf;
- iov.iov_len = 1;
-
- memset(&msg, 0, sizeof(msg));
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
-
- /* We must set up a message that will be filled in by kernel */
- memset(&cmsgbuf, 0, sizeof(cmsgbuf));
- msg.msg_control = &cmsgbuf.buf;
- msg.msg_controllen = sizeof(cmsgbuf.buf);
- cmsg = CMSG_FIRSTHDR(&msg);
- cmsg->cmsg_len = CMSG_LEN(sizeof(struct cmsgcred));
- cmsg->cmsg_level = SOL_SOCKET;
- cmsg->cmsg_type = SCM_CREDS;
-
- if (sendmsg(conn->sock, &msg, 0) == -1)
- {
- char sebuf[PG_STRERROR_R_BUFLEN];
-
- appendPQExpBuffer(&conn->errorMessage,
- "pg_local_sendauth: sendmsg: %s\n",
- strerror_r(errno, sebuf, sizeof(sebuf)));
- return STATUS_ERROR;
- }
-
- conn->client_finished_auth = true;
- return STATUS_OK;
-#else
- libpq_append_conn_error(conn, "SCM_CRED authentication method not supported");
- return STATUS_ERROR;
-#endif
-}
-
static int
pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
{
@@ -830,8 +768,6 @@ auth_method_description(AuthRequest areq)
return libpq_gettext("server requested GSSAPI authentication");
case AUTH_REQ_SSPI:
return libpq_gettext("server requested SSPI authentication");
- case AUTH_REQ_SCM_CREDS:
- return libpq_gettext("server requested UNIX socket credentials");
case AUTH_REQ_SASL:
case AUTH_REQ_SASL_CONT:
case AUTH_REQ_SASL_FIN:
@@ -922,7 +858,6 @@ check_expected_areq(AuthRequest areq, PGconn *conn)
case AUTH_REQ_GSS:
case AUTH_REQ_GSS_CONT:
case AUTH_REQ_SSPI:
- case AUTH_REQ_SCM_CREDS:
case AUTH_REQ_SASL:
case AUTH_REQ_SASL_CONT:
case AUTH_REQ_SASL_FIN:
@@ -1183,11 +1118,6 @@ pg_fe_sendauth(AuthRequest areq, int payloadlen, PGconn *conn)
}
break;
- case AUTH_REQ_SCM_CREDS:
- if (pg_local_sendauth(conn) != STATUS_OK)
- return STATUS_ERROR;
- break;
-
default:
libpq_append_conn_error(conn, "authentication method %u not supported", areq);
return STATUS_ERROR;