diff options
Diffstat (limited to 'src/backend')
| -rw-r--r-- | src/backend/libpq/auth.c | 54 | ||||
| -rw-r--r-- | src/backend/libpq/hba.c | 6 |
2 files changed, 60 insertions, 0 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 630762cc6b9..dbba712352f 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -89,6 +89,17 @@ static Port *pam_port_cludge; /* Workaround for passing "Port *port" into /*---------------------------------------------------------------- + * BSD authentication + *---------------------------------------------------------------- + */ +#ifdef USE_BSD_AUTH +#include <bsd_auth.h> + +static int CheckBSDAuth(Port *port, char *user); +#endif /* USE_BSD_AUTH */ + + +/*---------------------------------------------------------------- * LDAP authentication *---------------------------------------------------------------- */ @@ -258,6 +269,9 @@ auth_failed(Port *port, int status, char *logdetail) case uaPAM: errstr = gettext_noop("PAM authentication failed for user \"%s\""); break; + case uaBSD: + errstr = gettext_noop("BSD authentication failed for user \"%s\""); + break; case uaLDAP: errstr = gettext_noop("LDAP authentication failed for user \"%s\""); break; @@ -529,6 +543,14 @@ ClientAuthentication(Port *port) #endif /* USE_PAM */ break; + case uaBSD: +#ifdef USE_BSD_AUTH + status = CheckBSDAuth(port, port->user_name); +#else + Assert(false); +#endif /* USE_BSD_AUTH */ + break; + case uaLDAP: #ifdef USE_LDAP status = CheckLDAPAuth(port); @@ -1856,6 +1878,38 @@ CheckPAMAuth(Port *port, char *user, char *password) #endif /* USE_PAM */ +/*---------------------------------------------------------------- + * BSD authentication system + *---------------------------------------------------------------- + */ +#ifdef USE_BSD_AUTH +static int +CheckBSDAuth(Port *port, char *user) +{ + char *passwd; + int retval; + + /* Send regular password request to client, and get the response */ + sendAuthRequest(port, AUTH_REQ_PASSWORD); + + passwd = recv_password_packet(port); + if (passwd == NULL) + return STATUS_EOF; + + /* + * Ask the BSD auth system to verify password. Note that auth_userokay + * will overwrite the password string with zeroes, but it's just a + * temporary string so we don't care. + */ + retval = auth_userokay(user, NULL, "auth-postgresql", passwd); + + if (!retval) + return STATUS_ERROR; + + return STATUS_OK; +} +#endif /* USE_BSD_AUTH */ + /*---------------------------------------------------------------- * LDAP authentication system diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index 5a397464d75..a4c415da77a 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -1190,6 +1190,12 @@ parse_hba_line(List *line, int line_num, char *raw_line) #else unsupauth = "pam"; #endif + else if (strcmp(token->string, "bsd") == 0) +#ifdef USE_BSD_AUTH + parsedline->auth_method = uaBSD; +#else + unsupauth = "bsd"; +#endif else if (strcmp(token->string, "ldap") == 0) #ifdef USE_LDAP parsedline->auth_method = uaLDAP; |