Re: IPV4 addresses on IPV6 machines in pg_hba.conf - Mailing list pgsql-patches

From Andreas Pflug
Subject Re: IPV4 addresses on IPV6 machines in pg_hba.conf
Date
Msg-id 3F58521D.6060800@pse-consulting.de
Whole thread Raw
In response to Re: IPV4 addresses on IPV6 machines in pg_hba.conf  (Andrew Dunstan <andrew@dunslane.net>)
Responses Re: IPV4 addresses on IPV6 machines in pg_hba.conf
List pgsql-patches
Andrew Dunstan wrote:

>
> Andreas,
>
> You should check that the CIDR mask is a valid integer. You would need
> to use strtol() rather than atoi() to do that. Perhaps this should be
> hoisted out of ip.c:SockAddr_cidr_mask() and put in hba.c.

Right, I added this.

Regards,
Andreas

Index: hba.c
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/hba.c,v
retrieving revision 1.112
diff -c -r1.112 hba.c
*** hba.c    5 Sep 2003 03:57:13 -0000    1.112
--- hba.c    5 Sep 2003 09:04:33 -0000
***************
*** 673,708 ****
          if (cidr_slash)
              *cidr_slash = '/';

!         if (file_ip_addr->ai_family != port->raddr.addr.ss_family)
          {
!             /* Wrong address family. */
              freeaddrinfo_all(hints.ai_family, file_ip_addr);
!             return;
          }

!         /* Get the netmask */
!         if (cidr_slash)
          {
!             if (SockAddr_cidr_mask(&mask, cidr_slash + 1,
!                                    file_ip_addr->ai_family) < 0)
!                 goto hba_syntax;
          }
          else
          {
!             /* Read the mask field. */
!             line = lnext(line);
!             if (!line)
!                 goto hba_syntax;
!             token = lfirst(line);
!
!             ret = getaddrinfo_all(token, NULL, &hints, &file_ip_mask);
!             if (ret || !file_ip_mask)
!                 goto hba_syntax;
!
!             mask = (struct sockaddr_storage *) file_ip_mask->ai_addr;
!
!             if (file_ip_addr->ai_family != mask->ss_family)
!                 goto hba_syntax;
          }

          /* Read the rest of the line. */
--- 673,774 ----
          if (cidr_slash)
              *cidr_slash = '/';

! #ifdef HAVE_IPV6
!
!         if (file_ip_addr->ai_family == AF_INET && port->raddr.addr.ss_family == AF_INET6)
          {
!             /* port got a IPV6 address, but the current line is IPV4.
!              * We'll make a IPV6 entry from this line, to check if by chance the connecting port
!              * is a converted IPV4 address. */
!
!             char *v6addr=palloc(strlen(token)+8);
!             char *v6mask;
!
              freeaddrinfo_all(hints.ai_family, file_ip_addr);
!
!             if (cidr_slash)
!                 *cidr_slash = 0;
!             sprintf(v6addr, "::ffff:%s", token);
!             if (cidr_slash)
!                 *cidr_slash = '/';
!
!             ret = getaddrinfo_all(v6addr, NULL, &hints, &file_ip_addr);
!             if (ret || !file_ip_addr)
!             {
!                 ereport(LOG,
!                         (errcode(ERRCODE_CONFIG_FILE_ERROR),
!                          errmsg("could not interpret converted IP address \"%s\" in config file: %s",
!                                 token, gai_strerror(ret))));
!             }
!             if (cidr_slash)
!             {
!                 int v4bits;
!                 char *endptr;
!
!                 v4bits=strtol(cidr_slash+1, &endptr, 10);
!                 if (cidr_slash[1]==0 || *endptr!=0 || v4bits<0 || v4bits>32)
!                     goto hba_syntax;
!
!                 v6mask = palloc(20);
!                 sprintf(v6mask, "%d", v4bits+96);
!                 if (SockAddr_cidr_mask(&mask, v6mask, file_ip_addr->ai_family) < 0)
!                     goto hba_syntax;
!             }
!             else
!             {
!                 line = lnext(line);
!                 if (!line)
!                     goto hba_syntax;
!                 token = lfirst(line);
!                 v6mask = palloc(strlen(token)+32);
!                 sprintf(v6mask, "ffff:ffff:ffff:ffff:ffff:ffff:%s", token);
!
!                 ret = getaddrinfo_all(v6mask, NULL, &hints, &file_ip_mask);
!                 if (ret || !file_ip_mask)
!                     goto hba_syntax;
!
!                 mask = (struct sockaddr_storage *) file_ip_mask->ai_addr;
!
!                 if (file_ip_addr->ai_family != mask->ss_family)
!                     goto hba_syntax;
!             }
          }
+         else

! #endif // HAVE_IPV6
!
!         if (file_ip_addr->ai_family != port->raddr.addr.ss_family)
          {
!             /* Wrong address family. */
!             freeaddrinfo_all(hints.ai_family, file_ip_addr);
!             return;
          }
          else
          {
!             /* Get the netmask */
!             if (cidr_slash)
!             {
!                 if (SockAddr_cidr_mask(&mask, cidr_slash + 1,
!                                        file_ip_addr->ai_family) < 0)
!                     goto hba_syntax;
!             }
!             else
!             {
!                 /* Read the mask field. */
!                 line = lnext(line);
!                 if (!line)
!                     goto hba_syntax;
!                 token = lfirst(line);
!
!                 ret = getaddrinfo_all(token, NULL, &hints, &file_ip_mask);
!                 if (ret || !file_ip_mask)
!                     goto hba_syntax;
!
!                 mask = (struct sockaddr_storage *) file_ip_mask->ai_addr;
!
!                 if (file_ip_addr->ai_family != mask->ss_family)
!                     goto hba_syntax;
!             }
          }

          /* Read the rest of the line. */

pgsql-patches by date:

Previous
From: Andreas Pflug
Date:
Subject: Re: libpq-win32 patches
Next
From: Bertrand Petit
Date:
Subject: Re: [HACKERS] [BUGS] 7.4 beta 1: SET log_statement=false