Re: How to confirm the pg_hba.conf service is correctly working

On Thu, 23 Dec 2021 at 15:45, shing dong <s7eqs7eq(at)gmail(dot)com> wrote:

> I have tested this feature , only had
>>
>
> host VJ VJ_USER 10.10.10.1/32 md5
>
> in the pg_hba.conf file
>

I may be a bit off , but can you try a couple of things, other than a fresh
install, incase you have time to debug more.

is it possible to snapshot the vm, and and set it up in a controlled
environment where you can play around with incoming connections at the
network layer
beyond the vm.
With that, is it possible for you to use gdb and debug a connection to the
postmaster.
you can setup using below,
Getting a stack trace of a running PostgreSQL backend on Linux/BSD -
PostgreSQL wiki
<https://wiki.postgresql.org/wiki/Getting_a_stack_trace_of_a_running_PostgreSQL_backend_on_Linux/BSD>

and then you can put a breakpoint at this function and check the input
lines it gets for parsing.
https://github.com/postgres/postgres/blob/6ab42ae36713b1e6f961c37e22f99d3e6267523b/src/backend/libpq/hba.c#L779

postgres/hba.c at 6ab42ae36713b1e6f961c37e22f99d3e6267523b ·
postgres/postgres (github.com)
<https://github.com/postgres/postgres/blob/6ab42ae36713b1e6f961c37e22f99d3e6267523b/src/backend/libpq/hba.c#L1438>

but maybe this helps identify why other ips are being allowed.
to be more paranoid, you can all reject from the ip you are trying to make
a connection, and trace that specific rule.

this might be an overkill and maybe a waste of effort given you already can
query the hba view, but incase you want to try out.