On Thu, Mar 16, 2023 at 10:49:45AM -0400, Tom Lane wrote: > In addition to the changes here, it looks like you could drop the > configure/meson probes that set HAVE_STRUCT_CMSGCRED.
Right, done. > Also, in pg_fe_sendauth, couldn't you just let the default: case > handle it instead of adding a bespoke error message? We're not > really expecting that anyone is ever going to hit this, so I'm > not convinced it's worth the translation burden. Yes, I was wondering if that's worth keeping or not, so I chose consistency with AUTH_REQ_KRB4 and AUTH_REQ_KRB5. Would it be better to hold on this patch for 17~? I have just noticed that while looking at Jacob's patch for require_auth, so the timing is not good. Honestly, I don't see a reason to wait a few extra month to remove that, particularly now that pg_dump and pg_upgrade go down to 9.2.. -- Michael
diff --git a/src/include/libpq/pqcomm.h b/src/include/libpq/pqcomm.h
index 5268d442ab..bff7dd18a2 100644
--- a/src/include/libpq/pqcomm.h
+++ b/src/include/libpq/pqcomm.h
@@ -116,7 +116,7 @@ extern PGDLLIMPORT bool Db_user_namespace;
#define AUTH_REQ_PASSWORD 3 /* Password */
#define AUTH_REQ_CRYPT 4 /* crypt password. Not supported any more. */
#define AUTH_REQ_MD5 5 /* md5 password */
-#define AUTH_REQ_SCM_CREDS 6 /* transfer SCM credentials */
+/* 6 is available. It was used for SCM creds, not supported any more. */
#define AUTH_REQ_GSS 7 /* GSSAPI without wrap() */
#define AUTH_REQ_GSS_CONT 8 /* Continue GSS exchanges */
#define AUTH_REQ_SSPI 9 /* SSPI negotiate without wrap() */
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index 20c82f5979..4882c70559 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -427,9 +427,6 @@
/* Define to 1 if you have the `strsignal' function. */
#undef HAVE_STRSIGNAL
-/* Define to 1 if the system has the type `struct cmsgcred'. */
-#undef HAVE_STRUCT_CMSGCRED
-
/* Define to 1 if the system has the type `struct option'. */
#undef HAVE_STRUCT_OPTION
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index a3b80dc550..fa95f8e6e9 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -688,68 +688,6 @@ pg_SASL_continue(PGconn *conn, int payloadlen, bool final)
return STATUS_OK;
}
-/*
- * Respond to AUTH_REQ_SCM_CREDS challenge.
- *
- * Note: this is dead code as of Postgres 9.1, because current backends will
- * never send this challenge. But we must keep it as long as libpq needs to
- * interoperate with pre-9.1 servers. It is believed to be needed only on
- * Debian/kFreeBSD (ie, FreeBSD kernel with Linux userland, so that the
- * getpeereid() function isn't provided by libc).
- */
-static int
-pg_local_sendauth(PGconn *conn)
-{
-#ifdef HAVE_STRUCT_CMSGCRED
- char buf;
- struct iovec iov;
- struct msghdr msg;
- struct cmsghdr *cmsg;
- union
- {
- struct cmsghdr hdr;
- unsigned char buf[CMSG_SPACE(sizeof(struct cmsgcred))];
- } cmsgbuf;
-
- /*
- * The backend doesn't care what we send here, but it wants exactly one
- * character to force recvmsg() to block and wait for us.
- */
- buf = '\0';
- iov.iov_base = &buf;
- iov.iov_len = 1;
-
- memset(&msg, 0, sizeof(msg));
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
-
- /* We must set up a message that will be filled in by kernel */
- memset(&cmsgbuf, 0, sizeof(cmsgbuf));
- msg.msg_control = &cmsgbuf.buf;
- msg.msg_controllen = sizeof(cmsgbuf.buf);
- cmsg = CMSG_FIRSTHDR(&msg);
- cmsg->cmsg_len = CMSG_LEN(sizeof(struct cmsgcred));
- cmsg->cmsg_level = SOL_SOCKET;
- cmsg->cmsg_type = SCM_CREDS;
-
- if (sendmsg(conn->sock, &msg, 0) == -1)
- {
- char sebuf[PG_STRERROR_R_BUFLEN];
-
- appendPQExpBuffer(&conn->errorMessage,
- "pg_local_sendauth: sendmsg: %s\n",
- strerror_r(errno, sebuf, sizeof(sebuf)));
- return STATUS_ERROR;
- }
-
- conn->client_finished_auth = true;
- return STATUS_OK;
-#else
- libpq_append_conn_error(conn, "SCM_CRED authentication method not supported");
- return STATUS_ERROR;
-#endif
-}
-
static int
pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
{
@@ -830,8 +768,6 @@ auth_method_description(AuthRequest areq)
return libpq_gettext("server requested GSSAPI authentication");
case AUTH_REQ_SSPI:
return libpq_gettext("server requested SSPI authentication");
- case AUTH_REQ_SCM_CREDS:
- return libpq_gettext("server requested UNIX socket credentials");
case AUTH_REQ_SASL:
case AUTH_REQ_SASL_CONT:
case AUTH_REQ_SASL_FIN:
@@ -922,7 +858,6 @@ check_expected_areq(AuthRequest areq, PGconn *conn)
case AUTH_REQ_GSS:
case AUTH_REQ_GSS_CONT:
case AUTH_REQ_SSPI:
- case AUTH_REQ_SCM_CREDS:
case AUTH_REQ_SASL:
case AUTH_REQ_SASL_CONT:
case AUTH_REQ_SASL_FIN:
@@ -1183,11 +1118,6 @@ pg_fe_sendauth(AuthRequest areq, int payloadlen, PGconn *conn)
}
break;
- case AUTH_REQ_SCM_CREDS:
- if (pg_local_sendauth(conn) != STATUS_OK)
- return STATUS_ERROR;
- break;
-
default:
libpq_append_conn_error(conn, "authentication method %u not supported", areq);
return STATUS_ERROR;
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index dd4b98e099..0c197589ab 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -1333,10 +1333,6 @@ connectOptions2(PGconn *conn)
bits |= (1 << AUTH_REQ_SASL_CONT);
bits |= (1 << AUTH_REQ_SASL_FIN);
}
- else if (strcmp(method, "creds") == 0)
- {
- bits = (1 << AUTH_REQ_SCM_CREDS);
- }
else if (strcmp(method, "none") == 0)
{
/*
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 3706d349ab..9ee5532c07 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1300,16 +1300,6 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
</listitem>
</varlistentry>
- <varlistentry>
- <term><literal>creds</literal></term>
- <listitem>
- <para>
- The server must request SCM credential authentication (deprecated
- as of <productname>PostgreSQL</productname> 9.1).
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><literal>none</literal></term>
<listitem>
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
index 73b7f4432f..8b5e7b1ad7 100644
--- a/doc/src/sgml/protocol.sgml
+++ b/doc/src/sgml/protocol.sgml
@@ -315,24 +315,6 @@
</listitem>
</varlistentry>
- <varlistentry>
- <term>AuthenticationSCMCredential</term>
- <listitem>
- <para>
- This response is only possible for local Unix-domain connections
- on platforms that support SCM credential messages. The frontend
- must issue an SCM credential message and then send a single data
- byte. (The contents of the data byte are uninteresting; it's
- only used to ensure that the server waits long enough to receive
- the credential message.) If the credential is acceptable,
- the server responds with an
- AuthenticationOk, otherwise it responds with an ErrorResponse.
- (This message type is only issued by pre-9.1 servers. It may
- eventually be removed from the protocol specification.)
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term>AuthenticationGSS</term>
<listitem>
@@ -3449,40 +3431,6 @@ psql "dbname=postgres replication=database" -c "IDENTIFY_SYSTEM;"
</listitem>
</varlistentry>
- <varlistentry id="protocol-message-formats-AuthenticationSCMCredential">
- <term>AuthenticationSCMCredential (B)</term>
- <listitem>
- <variablelist>
- <varlistentry>
- <term>Byte1('R')</term>
- <listitem>
- <para>
- Identifies the message as an authentication request.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Int32(8)</term>
- <listitem>
- <para>
- Length of message contents in bytes, including self.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Int32(6)</term>
- <listitem>
- <para>
- Specifies that an SCM credentials message is required.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </listitem>
- </varlistentry>
-
<varlistentry id="protocol-message-formats-AuthenticationGSS">
<term>AuthenticationGSS (B)</term>
<listitem>
diff --git a/configure b/configure
index e35769ea73..e221dd5b0f 100755
--- a/configure
+++ b/configure
@@ -15181,22 +15181,6 @@ cat >>confdefs.h <<_ACEOF
_ACEOF
-ac_fn_c_check_type "$LINENO" "struct cmsgcred" "ac_cv_type_struct_cmsgcred" "#include <sys/socket.h>
-#include <sys/param.h>
-#ifdef HAVE_SYS_UCRED_H
-#include <sys/ucred.h>
-#endif
-"
-if test "x$ac_cv_type_struct_cmsgcred" = xyes; then :
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_CMSGCRED 1
-_ACEOF
-
-
-fi
-
-
ac_fn_c_check_type "$LINENO" "struct option" "ac_cv_type_struct_option" "#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
diff --git a/configure.ac b/configure.ac
index af23c15cb2..3aa6c15c13 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1682,13 +1682,6 @@ AC_DEFINE_UNQUOTED([pg_restrict], [$pg_restrict],
[Define to keyword to use for C99 restrict support, or to nothing if not
supported])
-AC_CHECK_TYPES([struct cmsgcred], [], [],
-[#include <sys/socket.h>
-#include <sys/param.h>
-#ifdef HAVE_SYS_UCRED_H
-#include <sys/ucred.h>
-#endif])
-
AC_CHECK_TYPES([struct option], [], [],
[#ifdef HAVE_GETOPT_H
#include <getopt.h>
diff --git a/meson.build b/meson.build
index 2ebdf914c1..7f76a101ec 100644
--- a/meson.build
+++ b/meson.build
@@ -2144,20 +2144,6 @@ foreach c : decl_checks
endforeach
-if cc.has_type('struct cmsgcred',
- args: test_c_args + ['@0@'.format(cdata.get('HAVE_SYS_UCRED_H')) == 'false' ? '' : '-DHAVE_SYS_UCRED_H'],
- include_directories: postgres_inc,
- prefix: '''
-#include <sys/socket.h>
-#include <sys/param.h>
-#ifdef HAVE_SYS_UCRED_H
-#include <sys/ucred.h>
-#endif''')
- cdata.set('HAVE_STRUCT_CMSGCRED', 1)
-else
- cdata.set('HAVE_STRUCT_CMSGCRED', false)
-endif
-
if cc.has_type('struct option',
args: test_c_args, include_directories: postgres_inc,
prefix: '@0@'.format(cdata.get('HAVE_GETOPT_H')) == '1' ? '#include <getopt.h>' : '')
diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
index 5eaea6355e..b59953e5b5 100644
--- a/src/tools/msvc/Solution.pm
+++ b/src/tools/msvc/Solution.pm
@@ -338,7 +338,6 @@ sub GenerateFiles
HAVE_STRLCPY => undef,
HAVE_STRNLEN => 1,
HAVE_STRSIGNAL => undef,
- HAVE_STRUCT_CMSGCRED => undef,
HAVE_STRUCT_OPTION => undef,
HAVE_STRUCT_SOCKADDR_SA_LEN => undef,
HAVE_STRUCT_TM_TM_ZONE => undef,
signature.asc
Description: PGP signature
