Quick Links

Re: IPV4 addresses on IPV6 machines in pg_hba.conf

From:	Andrew Dunstan <andrew(at)dunslane(dot)net>
To:	pgsql-patches(at)postgresql(dot)org
Subject:	Re: IPV4 addresses on IPV6 machines in pg_hba.conf
Date:	2003-09-05 00:44:22
Message-ID:	3F57DC66.8040701@dunslane.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-patches

Andreas,

You should check that the CIDR mask is a valid integer. You would need
to use strtol() rather than atoi() to do that. Perhaps this should be
hoisted out of ip.c:SockAddr_cidr_mask() and put in hba.c.

Sorry, I should have checked this carefully earlier.

andrew

Andreas Pflug wrote:

> Kurt Roeckx wrote:
>
>> You're assuming all systems have an AF_INET6 constant, which is
>> not the case. Please make use of HAVE_IPV6.
>>
>> Can't directly see anything else wrong with it.
>>
>>
>>
> Here's the patch with HAVE_IPV6 conditional compiling.
>
> Regards,
> Andreas
>
>
>------------------------------------------------------------------------
>
>Index: hba.c
>===================================================================
>RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/hba.c,v
>retrieving revision 1.111
>diff -c -r1.111 hba.c
>*** hba.c 4 Aug 2003 02:39:59 -0000 1.111
>--- hba.c 5 Sep 2003 00:24:47 -0000
>***************
>*** 673,708 ****
> if (cidr_slash)
> *cidr_slash = '/';
>
>! if (file_ip_addr->ai_family != port->raddr.addr.ss_family)
> {
>! /* Wrong address family. */
> freeaddrinfo_all(hints.ai_family, file_ip_addr);
>! return;
> }
>
>! /* Get the netmask */
>! if (cidr_slash)
> {
>! if (SockAddr_cidr_mask(&mask, cidr_slash + 1,
>! file_ip_addr->ai_family) < 0)
>! goto hba_syntax;
> }
> else
> {
>! /* Read the mask field. */
>! line = lnext(line);
>! if (!line)
>! goto hba_syntax;
>! token = lfirst(line);
>!
>! ret = getaddrinfo_all(token, NULL, &hints, &file_ip_mask);
>! if (ret || !file_ip_mask)
>! goto hba_syntax;
>!
>! mask = (struct sockaddr_storage *) file_ip_mask->ai_addr;
>!
>! if (file_ip_addr->ai_family != mask->ss_family)
>! goto hba_syntax;
> }
>
> /* Read the rest of the line. */
>--- 673,767 ----
> if (cidr_slash)
> *cidr_slash = '/';
>
>! #ifdef HAVE_IPV6
>!
>! if (file_ip_addr->ai_family == AF_INET && port->raddr.addr.ss_family == AF_INET6)
> {
>! /* port got a IPV6 address, but the current line is IPV4.
>! * We'll make a IPV6 entry from this line, to check if by chance the connecting port
>! * is a converted IPV4 address. */
>!
>! char *v6addr=palloc(strlen(token)+8);
>! char *v6mask;
>!
> freeaddrinfo_all(hints.ai_family, file_ip_addr);
>!
>! if (cidr_slash)
>! *cidr_slash = 0;
>! sprintf(v6addr, "::ffff:%s", token);
>! if (cidr_slash)
>! *cidr_slash = '/';
>!
>! ret = getaddrinfo_all(v6addr, NULL, &hints, &file_ip_addr);
>! if (ret || !file_ip_addr)
>! {
>! ereport(LOG,
>! (errcode(ERRCODE_CONFIG_FILE_ERROR),
>! errmsg("could not interpret converted IP address \"%s\" in config file: %s",
>! token, gai_strerror(ret))));
>! }
>! if (cidr_slash)
>! {
>! v6mask = palloc(20);
>! sprintf(v6mask, "%d", atoi(cidr_slash+1)+96);
>! if (SockAddr_cidr_mask(&mask, v6mask, file_ip_addr->ai_family) < 0)
>! goto hba_syntax;
>! }
>! else
>! {
>! line = lnext(line);
>! if (!line)
>! goto hba_syntax;
>! token = lfirst(line);
>! v6mask = palloc(strlen(token)+32);
>! sprintf(v6mask, "ffff:ffff:ffff:ffff:ffff:ffff:%s", token);
>!
>! ret = getaddrinfo_all(v6mask, NULL, &hints, &file_ip_mask);
>! if (ret || !file_ip_mask)
>! goto hba_syntax;
>!
>! mask = (struct sockaddr_storage *) file_ip_mask->ai_addr;
>!
>! if (file_ip_addr->ai_family != mask->ss_family)
>! goto hba_syntax;
>! }
> }
>+ else
>+
>+ #endif // HAVE_IPV6
>
>! if (file_ip_addr->ai_family != port->raddr.addr.ss_family)
> {
>! /* Wrong address family. */
>! freeaddrinfo_all(hints.ai_family, file_ip_addr);
>! return;
> }
> else
> {
>! /* Get the netmask */
>! if (cidr_slash)
>! {
>! if (SockAddr_cidr_mask(&mask, cidr_slash + 1,
>! file_ip_addr->ai_family) < 0)
>! goto hba_syntax;
>! }
>! else
>! {
>! /* Read the mask field. */
>! line = lnext(line);
>! if (!line)
>! goto hba_syntax;
>! token = lfirst(line);
>!
>! ret = getaddrinfo_all(token, NULL, &hints, &file_ip_mask);
>! if (ret || !file_ip_mask)
>! goto hba_syntax;
>!
>! mask = (struct sockaddr_storage *) file_ip_mask->ai_addr;
>!
>! if (file_ip_addr->ai_family != mask->ss_family)
>! goto hba_syntax;
>! }
> }
>
> /* Read the rest of the line. */
>
>
>------------------------------------------------------------------------
>
>
>---------------------------(end of broadcast)---------------------------
>TIP 1: subscribe and unsubscribe commands go to majordomo(at)postgresql(dot)org
>
>

In response to

Re: IPV4 addresses on IPV6 machines in pg_hba.conf at 2003-09-05 00:26:53 from Andreas Pflug

Responses

Re: IPV4 addresses on IPV6 machines in pg_hba.conf at 2003-09-05 09:06:37 from Andreas Pflug

Browse pgsql-patches by date

	From	Date	Subject
Next Message	Bruce Momjian	2003-09-05 01:14:42	psql \h alter scrolls of screen
Previous Message	Andreas Pflug	2003-09-05 00:26:53	Re: IPV4 addresses on IPV6 machines in pg_hba.conf