Re: server authentication over Unix-domain sockets

On tis, 2010-06-22 at 09:37 +0900, KaiGai Kohei wrote:
> As you described at the source code comments as follows,
> it is not portable except for Linux due to the getsockopt() API.
>
> +               // TODO: currently Linux-only code, needs to be made
> +               // portable; see backend/libpq/auth.c
>
> I expect it shall be fixed (using the code come from ident_unix()?)
> before committing.

Updated patch attached.

Note that the code that gets the user ID from the other end of a socket
appears to have two different modes of operation.  On some platforms
(Linux, OpenBSD, Solaris), you call a function and get the answer.  On
some other platforms (other BSDs?), you need to send a packet and read
the answer.  I don't have any possibility to test the latter approach,
and it seemed a bit complicated to code "blindly".  So I have omitted
support for that, but if someone else wants to do the porting, that is
of course possible.

> I'd like to point out one other point.
> It uses getpwuid() to translate a user identifier into a user name,
> but it returns a pointer of the static variable within glibc.
> So, it is not thread-safe. I recommend to use getpwnam_r() instead.

Good catch.  pqGetpwuid() was actually the right function to use.