Re: 7.4devel auth failed - Mailing list pgsql-hackers
| From | Bruce Momjian |
|---|---|
| Subject | Re: 7.4devel auth failed |
| Date | |
| Msg-id | 200304022003.h32K3Nt27145@candle.pha.pa.us Whole thread Raw |
| In response to | Re: 7.4devel auth failed (Andreas Pflug <Andreas.Pflug@web.de>) |
| List | pgsql-hackers |
Looks like Tom just checked a fix into CVS for your reported problem.
Would you please test it?
---------------------------------------------------------------------------
Andreas Pflug wrote:
> Ok Bruce,
>
> I found out what's happening.
> I'm running a Suse 8.1 2.4.19 standard kernel which has IPV6 enabled by
> default. When connecting locally over IP (pgaccess), hba is checked
> against IPV6 patterns in pg_hba.conf.
> My pgadmin2 machine will connect with an IP4-to-6 mapped address of
> 0:ffff:c0a80002 (192.168.0.2), which convSockAddr6to4 will convert to
> dst->in.sin_addr.s_addr=0xc0a80002. On the other side, SockAddr_pton
> will convert my 192.168.0.0/255.255.255.0 entry to a8c0/ffffff, and
> consequently rangeSockAddr will fail.
>
> If your kernel isn't V6 enabled, the incoming socket will be AF_INET,
> and no conversion is done, that's why you don't get the problem.
> To fix this, the [12]..[15] indices need to be reversed (for Intel).
> This might be machine specific... Maybe for all big-endian machines the
> current code is ok, and needs reversal for little-endian processors.
> I wonder if the following is completely portable, could be:
> dst->in.sin_addr.s_addr = *(in_addr_t*)(src->in4.sin6_addr.s6_addr+12);
>
> Regards,
> Andreas
>
> PS Your mail host candle.pha.pa.us rejected this mail as spam?!?
>
>
>
> Bruce Momjian wrote:
>
> >That's strange. I just tested it here, and it worked. I have IPv6 code
> >enabled. but no IPv6 in my kernel, so there are just IPv4 connections.
> >
> >Can you peek in this funciton and see where it is failing:
> >
> > int
> > rangeSockAddrAF_INET(const SockAddr *addr, const SockAddr *netaddr,
> > const SockAddr *netmask)
> > {
> > if (addr->sa.sa_family != AF_INET ||
> > netaddr->sa.sa_family != AF_INET ||
> > netmask->sa.sa_family != AF_INET)
> > return 0;
> > if (((addr->in.sin_addr.s_addr ^ netaddr->in.sin_addr.s_addr) &
> > netmask->in.sin_addr.s_addr) == 0)
> > return 1;
> > else
> > return 0;
> > }
> >
> >That is the IPv4 function.
> >
> >
> >
> >
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
>
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square,
Pennsylvania19073
pgsql-hackers by date: