Re: 7.4devel auth failed - Mailing list pgsql-hackers
From | Bruce Momjian |
---|---|
Subject | Re: 7.4devel auth failed |
Date | |
Msg-id | 200304022003.h32K3Nt27145@candle.pha.pa.us Whole thread Raw |
In response to | Re: 7.4devel auth failed (Andreas Pflug <Andreas.Pflug@web.de>) |
List | pgsql-hackers |
Looks like Tom just checked a fix into CVS for your reported problem. Would you please test it? --------------------------------------------------------------------------- Andreas Pflug wrote: > Ok Bruce, > > I found out what's happening. > I'm running a Suse 8.1 2.4.19 standard kernel which has IPV6 enabled by > default. When connecting locally over IP (pgaccess), hba is checked > against IPV6 patterns in pg_hba.conf. > My pgadmin2 machine will connect with an IP4-to-6 mapped address of > 0:ffff:c0a80002 (192.168.0.2), which convSockAddr6to4 will convert to > dst->in.sin_addr.s_addr=0xc0a80002. On the other side, SockAddr_pton > will convert my 192.168.0.0/255.255.255.0 entry to a8c0/ffffff, and > consequently rangeSockAddr will fail. > > If your kernel isn't V6 enabled, the incoming socket will be AF_INET, > and no conversion is done, that's why you don't get the problem. > To fix this, the [12]..[15] indices need to be reversed (for Intel). > This might be machine specific... Maybe for all big-endian machines the > current code is ok, and needs reversal for little-endian processors. > I wonder if the following is completely portable, could be: > dst->in.sin_addr.s_addr = *(in_addr_t*)(src->in4.sin6_addr.s6_addr+12); > > Regards, > Andreas > > PS Your mail host candle.pha.pa.us rejected this mail as spam?!? > > > > Bruce Momjian wrote: > > >That's strange. I just tested it here, and it worked. I have IPv6 code > >enabled. but no IPv6 in my kernel, so there are just IPv4 connections. > > > >Can you peek in this funciton and see where it is failing: > > > > int > > rangeSockAddrAF_INET(const SockAddr *addr, const SockAddr *netaddr, > > const SockAddr *netmask) > > { > > if (addr->sa.sa_family != AF_INET || > > netaddr->sa.sa_family != AF_INET || > > netmask->sa.sa_family != AF_INET) > > return 0; > > if (((addr->in.sin_addr.s_addr ^ netaddr->in.sin_addr.s_addr) & > > netmask->in.sin_addr.s_addr) == 0) > > return 1; > > else > > return 0; > > } > > > >That is the IPv4 function. > > > > > > > > > > > ---------------------------(end of broadcast)--------------------------- > TIP 2: you can get off all lists at once with the unregister command > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org) > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania19073
pgsql-hackers by date: