Re: IPV4 addresses on IPV6 machines in pg_hba.conf - Mailing list pgsql-patches
From | Andreas Pflug |
---|---|
Subject | Re: IPV4 addresses on IPV6 machines in pg_hba.conf |
Date | |
Msg-id | 3F58521D.6060800@pse-consulting.de Whole thread Raw |
In response to | Re: IPV4 addresses on IPV6 machines in pg_hba.conf (Andrew Dunstan <andrew@dunslane.net>) |
Responses |
Re: IPV4 addresses on IPV6 machines in pg_hba.conf
|
List | pgsql-patches |
Andrew Dunstan wrote: > > Andreas, > > You should check that the CIDR mask is a valid integer. You would need > to use strtol() rather than atoi() to do that. Perhaps this should be > hoisted out of ip.c:SockAddr_cidr_mask() and put in hba.c. Right, I added this. Regards, Andreas Index: hba.c =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/hba.c,v retrieving revision 1.112 diff -c -r1.112 hba.c *** hba.c 5 Sep 2003 03:57:13 -0000 1.112 --- hba.c 5 Sep 2003 09:04:33 -0000 *************** *** 673,708 **** if (cidr_slash) *cidr_slash = '/'; ! if (file_ip_addr->ai_family != port->raddr.addr.ss_family) { ! /* Wrong address family. */ freeaddrinfo_all(hints.ai_family, file_ip_addr); ! return; } ! /* Get the netmask */ ! if (cidr_slash) { ! if (SockAddr_cidr_mask(&mask, cidr_slash + 1, ! file_ip_addr->ai_family) < 0) ! goto hba_syntax; } else { ! /* Read the mask field. */ ! line = lnext(line); ! if (!line) ! goto hba_syntax; ! token = lfirst(line); ! ! ret = getaddrinfo_all(token, NULL, &hints, &file_ip_mask); ! if (ret || !file_ip_mask) ! goto hba_syntax; ! ! mask = (struct sockaddr_storage *) file_ip_mask->ai_addr; ! ! if (file_ip_addr->ai_family != mask->ss_family) ! goto hba_syntax; } /* Read the rest of the line. */ --- 673,774 ---- if (cidr_slash) *cidr_slash = '/'; ! #ifdef HAVE_IPV6 ! ! if (file_ip_addr->ai_family == AF_INET && port->raddr.addr.ss_family == AF_INET6) { ! /* port got a IPV6 address, but the current line is IPV4. ! * We'll make a IPV6 entry from this line, to check if by chance the connecting port ! * is a converted IPV4 address. */ ! ! char *v6addr=palloc(strlen(token)+8); ! char *v6mask; ! freeaddrinfo_all(hints.ai_family, file_ip_addr); ! ! if (cidr_slash) ! *cidr_slash = 0; ! sprintf(v6addr, "::ffff:%s", token); ! if (cidr_slash) ! *cidr_slash = '/'; ! ! ret = getaddrinfo_all(v6addr, NULL, &hints, &file_ip_addr); ! if (ret || !file_ip_addr) ! { ! ereport(LOG, ! (errcode(ERRCODE_CONFIG_FILE_ERROR), ! errmsg("could not interpret converted IP address \"%s\" in config file: %s", ! token, gai_strerror(ret)))); ! } ! if (cidr_slash) ! { ! int v4bits; ! char *endptr; ! ! v4bits=strtol(cidr_slash+1, &endptr, 10); ! if (cidr_slash[1]==0 || *endptr!=0 || v4bits<0 || v4bits>32) ! goto hba_syntax; ! ! v6mask = palloc(20); ! sprintf(v6mask, "%d", v4bits+96); ! if (SockAddr_cidr_mask(&mask, v6mask, file_ip_addr->ai_family) < 0) ! goto hba_syntax; ! } ! else ! { ! line = lnext(line); ! if (!line) ! goto hba_syntax; ! token = lfirst(line); ! v6mask = palloc(strlen(token)+32); ! sprintf(v6mask, "ffff:ffff:ffff:ffff:ffff:ffff:%s", token); ! ! ret = getaddrinfo_all(v6mask, NULL, &hints, &file_ip_mask); ! if (ret || !file_ip_mask) ! goto hba_syntax; ! ! mask = (struct sockaddr_storage *) file_ip_mask->ai_addr; ! ! if (file_ip_addr->ai_family != mask->ss_family) ! goto hba_syntax; ! } } + else ! #endif // HAVE_IPV6 ! ! if (file_ip_addr->ai_family != port->raddr.addr.ss_family) { ! /* Wrong address family. */ ! freeaddrinfo_all(hints.ai_family, file_ip_addr); ! return; } else { ! /* Get the netmask */ ! if (cidr_slash) ! { ! if (SockAddr_cidr_mask(&mask, cidr_slash + 1, ! file_ip_addr->ai_family) < 0) ! goto hba_syntax; ! } ! else ! { ! /* Read the mask field. */ ! line = lnext(line); ! if (!line) ! goto hba_syntax; ! token = lfirst(line); ! ! ret = getaddrinfo_all(token, NULL, &hints, &file_ip_mask); ! if (ret || !file_ip_mask) ! goto hba_syntax; ! ! mask = (struct sockaddr_storage *) file_ip_mask->ai_addr; ! ! if (file_ip_addr->ai_family != mask->ss_family) ! goto hba_syntax; ! } } /* Read the rest of the line. */
pgsql-patches by date: