@@ -88,6 +88,17 @@ static Port *pam_port_cludge; /* Workaround for passing "Port *port" into
88
88
#endif /* USE_PAM */
89
89
90
90
91
+ /*----------------------------------------------------------------
92
+ * BSD authentication
93
+ *----------------------------------------------------------------
94
+ */
95
+ #ifdef USE_BSD_AUTH
96
+ #include <bsd_auth.h>
97
+
98
+ static int CheckBSDAuth (Port * port , char * user );
99
+ #endif /* USE_BSD_AUTH */
100
+
101
+
91
102
/*----------------------------------------------------------------
92
103
* LDAP authentication
93
104
*----------------------------------------------------------------
@@ -258,6 +269,9 @@ auth_failed(Port *port, int status, char *logdetail)
258
269
case uaPAM :
259
270
errstr = gettext_noop ("PAM authentication failed for user \"%s\"" );
260
271
break ;
272
+ case uaBSD :
273
+ errstr = gettext_noop ("BSD authentication failed for user \"%s\"" );
274
+ break ;
261
275
case uaLDAP :
262
276
errstr = gettext_noop ("LDAP authentication failed for user \"%s\"" );
263
277
break ;
@@ -529,6 +543,14 @@ ClientAuthentication(Port *port)
529
543
#endif /* USE_PAM */
530
544
break ;
531
545
546
+ case uaBSD :
547
+ #ifdef USE_BSD_AUTH
548
+ status = CheckBSDAuth (port , port -> user_name );
549
+ #else
550
+ Assert (false);
551
+ #endif /* USE_BSD_AUTH */
552
+ break ;
553
+
532
554
case uaLDAP :
533
555
#ifdef USE_LDAP
534
556
status = CheckLDAPAuth (port );
@@ -1856,6 +1878,38 @@ CheckPAMAuth(Port *port, char *user, char *password)
1856
1878
#endif /* USE_PAM */
1857
1879
1858
1880
1881
+ /*----------------------------------------------------------------
1882
+ * BSD authentication system
1883
+ *----------------------------------------------------------------
1884
+ */
1885
+ #ifdef USE_BSD_AUTH
1886
+ static int
1887
+ CheckBSDAuth (Port * port , char * user )
1888
+ {
1889
+ char * passwd ;
1890
+ int retval ;
1891
+
1892
+ /* Send regular password request to client, and get the response */
1893
+ sendAuthRequest (port , AUTH_REQ_PASSWORD );
1894
+
1895
+ passwd = recv_password_packet (port );
1896
+ if (passwd == NULL )
1897
+ return STATUS_EOF ;
1898
+
1899
+ /*
1900
+ * Ask the BSD auth system to verify password. Note that auth_userokay
1901
+ * will overwrite the password string with zeroes, but it's just a
1902
+ * temporary string so we don't care.
1903
+ */
1904
+ retval = auth_userokay (user , NULL , "auth-postgresql" , passwd );
1905
+
1906
+ if (!retval )
1907
+ return STATUS_ERROR ;
1908
+
1909
+ return STATUS_OK ;
1910
+ }
1911
+ #endif /* USE_BSD_AUTH */
1912
+
1859
1913
1860
1914
/*----------------------------------------------------------------
1861
1915
* LDAP authentication system
0 commit comments