libpq: Remove code for SCM credential authentication

michaelpq · michaelpq · commit 98ae2c84a49e · 2023-03-17T10:52:26.000+09:00
Support for SCM credential authentication has been removed in the backend in 9.1, and libpq has kept some code to handle it for compatibility. Commit be4585b, that did the cleanup of the backend code, has done so because the code was not really portable originally. And, as there are likely little chances that this is used these days, this removes the remaining code from libpq. An error will now be raised by libpq if attempting to connect to a server that returns AUTH_REQ_SCM_CREDS, instead. References to SCM credential authentication are removed from the protocol documentation. This removes some meson and configure checks. Author: Michael Paquier Reviewed-by: Tom Lane Discussion: https://postgr.es/m/ZBLH8a4otfqgd6Kn@paquier.xyz
diff --git a/configure b/configure
@@ -15181,22 +15181,6 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 
 
-ac_fn_c_check_type "$LINENO" "struct cmsgcred" "ac_cv_type_struct_cmsgcred" "#include <sys/socket.h>
-#include <sys/param.h>
-#ifdef HAVE_SYS_UCRED_H
-#include <sys/ucred.h>
-#endif
-"
-if test "x$ac_cv_type_struct_cmsgcred" = xyes; then :
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_CMSGCRED 1
-_ACEOF
-
-
-fi
-
-
 ac_fn_c_check_type "$LINENO" "struct option" "ac_cv_type_struct_option" "#ifdef HAVE_GETOPT_H
 #include <getopt.h>
 #endif
diff --git a/configure.ac b/configure.ac
@@ -1682,13 +1682,6 @@ AC_DEFINE_UNQUOTED([pg_restrict], [$pg_restrict],
 [Define to keyword to use for C99 restrict support, or to nothing if not
 supported])
 
-AC_CHECK_TYPES([struct cmsgcred], [], [],
-[#include <sys/socket.h>
-#include <sys/param.h>
-#ifdef HAVE_SYS_UCRED_H
-#include <sys/ucred.h>
-#endif])
-
 AC_CHECK_TYPES([struct option], [], [],
 [#ifdef HAVE_GETOPT_H
 #include <getopt.h>
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
@@ -1300,16 +1300,6 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
           </listitem>
          </varlistentry>
 
-         <varlistentry>
-          <term><literal>creds</literal></term>
-          <listitem>
-           <para>
-            The server must request SCM credential authentication (deprecated
-            as of <productname>PostgreSQL</productname> 9.1).
-           </para>
-          </listitem>
-         </varlistentry>
-
          <varlistentry>
           <term><literal>none</literal></term>
           <listitem>
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
@@ -315,24 +315,6 @@
       </listitem>
      </varlistentry>
 
-     <varlistentry>
-      <term>AuthenticationSCMCredential</term>
-      <listitem>
-       <para>
-        This response is only possible for local Unix-domain connections
-        on platforms that support SCM credential messages.  The frontend
-        must issue an SCM credential message and then send a single data
-        byte.  (The contents of the data byte are uninteresting; it's
-        only used to ensure that the server waits long enough to receive
-        the credential message.)  If the credential is acceptable,
-        the server responds with an
-        AuthenticationOk, otherwise it responds with an ErrorResponse.
-        (This message type is only issued by pre-9.1 servers.  It may
-        eventually be removed from the protocol specification.)
-       </para>
-      </listitem>
-     </varlistentry>
-
      <varlistentry>
       <term>AuthenticationGSS</term>
       <listitem>
@@ -3449,40 +3431,6 @@ psql "dbname=postgres replication=database" -c "IDENTIFY_SYSTEM;"
     </listitem>
    </varlistentry>
 
-   <varlistentry id="protocol-message-formats-AuthenticationSCMCredential">
-    <term>AuthenticationSCMCredential (B)</term>
-    <listitem>
-     <variablelist>
-      <varlistentry>
-       <term>Byte1('R')</term>
-       <listitem>
-        <para>
-         Identifies the message as an authentication request.
-        </para>
-       </listitem>
-      </varlistentry>
-
-      <varlistentry>
-       <term>Int32(8)</term>
-       <listitem>
-        <para>
-         Length of message contents in bytes, including self.
-        </para>
-       </listitem>
-      </varlistentry>
-
-      <varlistentry>
-       <term>Int32(6)</term>
-       <listitem>
-        <para>
-         Specifies that an SCM credentials message is required.
-        </para>
-       </listitem>
-      </varlistentry>
-     </variablelist>
-    </listitem>
-   </varlistentry>
-
    <varlistentry id="protocol-message-formats-AuthenticationGSS">
     <term>AuthenticationGSS (B)</term>
     <listitem>
diff --git a/meson.build b/meson.build
@@ -2144,20 +2144,6 @@ foreach c : decl_checks
 endforeach
 
 
-if cc.has_type('struct cmsgcred',
-    args: test_c_args + ['@0@'.format(cdata.get('HAVE_SYS_UCRED_H')) == 'false' ? '' : '-DHAVE_SYS_UCRED_H'],
-    include_directories: postgres_inc,
-    prefix: '''
-#include <sys/socket.h>
-#include <sys/param.h>
-#ifdef HAVE_SYS_UCRED_H
-#include <sys/ucred.h>
-#endif''')
-  cdata.set('HAVE_STRUCT_CMSGCRED', 1)
-else
-  cdata.set('HAVE_STRUCT_CMSGCRED', false)
-endif
-
 if cc.has_type('struct option',
     args: test_c_args, include_directories: postgres_inc,
     prefix: '@0@'.format(cdata.get('HAVE_GETOPT_H')) == '1' ? '#include <getopt.h>' : '')
diff --git a/src/include/libpq/pqcomm.h b/src/include/libpq/pqcomm.h
@@ -116,7 +116,7 @@ extern PGDLLIMPORT bool Db_user_namespace;
 #define AUTH_REQ_PASSWORD	3	/* Password */
 #define AUTH_REQ_CRYPT		4	/* crypt password. Not supported any more. */
 #define AUTH_REQ_MD5		5	/* md5 password */
-#define AUTH_REQ_SCM_CREDS	6	/* transfer SCM credentials */
+/* 6 is available.  It was used for SCM creds, not supported any more. */
 #define AUTH_REQ_GSS		7	/* GSSAPI without wrap() */
 #define AUTH_REQ_GSS_CONT	8	/* Continue GSS exchanges */
 #define AUTH_REQ_SSPI		9	/* SSPI negotiate without wrap() */
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
@@ -427,9 +427,6 @@
 /* Define to 1 if you have the `strsignal' function. */
 #undef HAVE_STRSIGNAL
 
-/* Define to 1 if the system has the type `struct cmsgcred'. */
-#undef HAVE_STRUCT_CMSGCRED
-
 /* Define to 1 if the system has the type `struct option'. */
 #undef HAVE_STRUCT_OPTION
 
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
@@ -688,68 +688,6 @@ pg_SASL_continue(PGconn *conn, int payloadlen, bool final)
 	return STATUS_OK;
 }
 
-/*
- * Respond to AUTH_REQ_SCM_CREDS challenge.
- *
- * Note: this is dead code as of Postgres 9.1, because current backends will
- * never send this challenge.  But we must keep it as long as libpq needs to
- * interoperate with pre-9.1 servers.  It is believed to be needed only on
- * Debian/kFreeBSD (ie, FreeBSD kernel with Linux userland, so that the
- * getpeereid() function isn't provided by libc).
- */
-static int
-pg_local_sendauth(PGconn *conn)
-{
-#ifdef HAVE_STRUCT_CMSGCRED
-	char		buf;
-	struct iovec iov;
-	struct msghdr msg;
-	struct cmsghdr *cmsg;
-	union
-	{
-		struct cmsghdr hdr;
-		unsigned char buf[CMSG_SPACE(sizeof(struct cmsgcred))];
-	}			cmsgbuf;
-
-	/*
-	 * The backend doesn't care what we send here, but it wants exactly one
-	 * character to force recvmsg() to block and wait for us.
-	 */
-	buf = '\0';
-	iov.iov_base = &buf;
-	iov.iov_len = 1;
-
-	memset(&msg, 0, sizeof(msg));
-	msg.msg_iov = &iov;
-	msg.msg_iovlen = 1;
-
-	/* We must set up a message that will be filled in by kernel */
-	memset(&cmsgbuf, 0, sizeof(cmsgbuf));
-	msg.msg_control = &cmsgbuf.buf;
-	msg.msg_controllen = sizeof(cmsgbuf.buf);
-	cmsg = CMSG_FIRSTHDR(&msg);
-	cmsg->cmsg_len = CMSG_LEN(sizeof(struct cmsgcred));
-	cmsg->cmsg_level = SOL_SOCKET;
-	cmsg->cmsg_type = SCM_CREDS;
-
-	if (sendmsg(conn->sock, &msg, 0) == -1)
-	{
-		char		sebuf[PG_STRERROR_R_BUFLEN];
-
-		appendPQExpBuffer(&conn->errorMessage,
-						  "pg_local_sendauth: sendmsg: %s\n",
-						  strerror_r(errno, sebuf, sizeof(sebuf)));
-		return STATUS_ERROR;
-	}
-
-	conn->client_finished_auth = true;
-	return STATUS_OK;
-#else
-	libpq_append_conn_error(conn, "SCM_CRED authentication method not supported");
-	return STATUS_ERROR;
-#endif
-}
-
 static int
 pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
 {
@@ -830,8 +768,6 @@ auth_method_description(AuthRequest areq)
 			return libpq_gettext("server requested GSSAPI authentication");
 		case AUTH_REQ_SSPI:
 			return libpq_gettext("server requested SSPI authentication");
-		case AUTH_REQ_SCM_CREDS:
-			return libpq_gettext("server requested UNIX socket credentials");
 		case AUTH_REQ_SASL:
 		case AUTH_REQ_SASL_CONT:
 		case AUTH_REQ_SASL_FIN:
@@ -922,7 +858,6 @@ check_expected_areq(AuthRequest areq, PGconn *conn)
 			case AUTH_REQ_GSS:
 			case AUTH_REQ_GSS_CONT:
 			case AUTH_REQ_SSPI:
-			case AUTH_REQ_SCM_CREDS:
 			case AUTH_REQ_SASL:
 			case AUTH_REQ_SASL_CONT:
 			case AUTH_REQ_SASL_FIN:
@@ -1183,11 +1118,6 @@ pg_fe_sendauth(AuthRequest areq, int payloadlen, PGconn *conn)
 			}
 			break;
 
-		case AUTH_REQ_SCM_CREDS:
-			if (pg_local_sendauth(conn) != STATUS_OK)
-				return STATUS_ERROR;
-			break;
-
 		default:
 			libpq_append_conn_error(conn, "authentication method %u not supported", areq);
 			return STATUS_ERROR;
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
@@ -1333,10 +1333,6 @@ connectOptions2(PGconn *conn)
 				bits |= (1 << AUTH_REQ_SASL_CONT);
 				bits |= (1 << AUTH_REQ_SASL_FIN);
 			}
-			else if (strcmp(method, "creds") == 0)
-			{
-				bits = (1 << AUTH_REQ_SCM_CREDS);
-			}
 			else if (strcmp(method, "none") == 0)
 			{
 				/*
diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm
@@ -338,7 +338,6 @@ sub GenerateFiles
 		HAVE_STRLCPY                             => undef,
 		HAVE_STRNLEN                             => 1,
 		HAVE_STRSIGNAL                           => undef,
-		HAVE_STRUCT_CMSGCRED                     => undef,
 		HAVE_STRUCT_OPTION                       => undef,
 		HAVE_STRUCT_SOCKADDR_SA_LEN              => undef,
 		HAVE_STRUCT_TM_TM_ZONE                   => undef,

Original file line number	Diff line number	Diff line change
`@@ -1333,10 +1333,6 @@ connectOptions2(PGconn *conn)`
`1333`	`1333`	`bits \|= (1 << AUTH_REQ_SASL_CONT);`
`1334`	`1334`	`bits \|= (1 << AUTH_REQ_SASL_FIN);`
`1335`	`1335`	`}`
`1336`		`- else if (strcmp(method, "creds") == 0)`
`1337`		`- {`
`1338`		`- bits = (1 << AUTH_REQ_SCM_CREDS);`
`1339`		`- }`
`1340`	`1336`	`else if (strcmp(method, "none") == 0)`
`1341`	`1337`	`{`
`1342`	`1338`	`/*`