Postgres Pro
Downloads
Home   >   mailing lists

Re: pg_hba.conf && ident ... - Mailing list pgsql-hackers

From The Hermit Hacker
Subject Re: pg_hba.conf && ident ...
Date
Msg-id Pine.BSF.4.21.0005101132330.777-100000@thelab.hub.org
Whole thread Raw
In response to Re: pg_hba.conf && ident ...  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
Tree view 
On Wed, 10 May 2000, Tom Lane wrote:

> The Hermit Hacker <scrappy@hub.org> writes:
> > i pg_hba.conf, that host has:
> > host    trends_acctng   216.126.72.30   255.255.255.255 ident sameuser
> > And its the only time we have ident being used ... 
> > right now, its the only theory I ahve to work with ... 
> 
> Bingo.  All your cores show the thing waiting inside the ident code:
> 
> (gdb) bt
> #0  0x18263890 in recvfrom () from /usr/lib/libc.so.4
> #1  0x1825062b in recv () from /usr/lib/libc.so.4
> #2  0x80ad4d0 in ident (remote_ip_addr={s_addr = 508067544}, local_ip_addr={
>       s_addr = 56131288}, remote_port=27631, local_port=14357, 
>     ident_failed=0xbfbfeeef "�\004\023 \b,\207\024\b\212\217(\030\223���\203￿\204￿|�\n\b�\214+\0304￿P", 
>     ident_username=0xbfbfeef0 "\004\023 \b,\207\024\b\212\217(\030\223���\203￿\204￿|�\n\b�\214+\0304￿P") at
hba.c:635
> #3  0x80ad912 in authident (raddr=0x82011ac, laddr=0x8201140, 
>     postgres_username=0x8201261 "db", auth_arg=0x8201304 "sameuser")
>     at hba.c:869
> #4  0x80ac5b9 in be_recvauth (port=0x8201000) at auth.c:523
> #5  0x80e0c4a in readStartupPacket (arg=0x8201000, len=292, pkt=0x820101c)
>     at postmaster.c:1214
> #6  0x80aeb67 in PacketReceiveFragment (port=0x8201000) at pqpacket.c:102
> #7  0x80e08ad in ServerLoop () at postmaster.c:982
> #8  0x80e039a in PostmasterMain (argc=13, argv=0xbfbffbc4) at postmaster.c:723
> #9  0x80aee43 in main (argc=13, argv=0xbfbffbc4) at main.c:93
> #10 0x8063393 in _start ()
> 
> Looking at the code, there doesn't seem to be any defense against a
> broken ident server --- there is no timeout or anything being used here!
> Ugh.  Has it always been like this?
> 
> Anyway, I think the immediate fix for you is to stop using ident auth
> for that host, at least till we can improve this code...

Once I started scanning with lsof and saw the auth stuff, I clued in and
we disabled the ident stuff ... looking at your backtrace above, I should
have clued in sooner, as I *saw* the ident on line 2, but didn't *see* it
:(

Thanks ...

Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
Systems Administrator @ hub.org 
primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org

pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: pg_hba.conf && ident ...
Next
From: The Hermit Hacker
Date:
Subject: Re: pgsql/php3/apache authentication